July 1, 2014 marked the date on which the much anticipated Canadian Anti-Spam Legislation (CASL) officially went into effect. CASL is one of the strictest laws of its kind, and it has the potential to impact any individual or organization that sends to and/or from Canadian email addresses. You may be unaware of the geographical location of your email subscribers, so these CASL rules should be followed for all email address acquisition and sending practices, whether or not your email list currently forces you to. Email Service Providers (ESPs) will most likely begin integrating, if they haven’t done so already, various features of CASL into their own worldwide rules and regulations. Adopting the latest regulations into your personal email practices will allow for a smooth transition once you become directly effected.
What/Who do CASL regulations apply to?
CASL regulations apply to any Commercial Electronic Message (CEM) sent from or to Canadian computers and devices. For more information on what is considered to be a CEM, visit MailChimp’s “About the Canada Anti-Spam Law (CASL)” Article. If you are, in fact, sending a CEM, it is imperative that you begin taking the necessary steps to identify which recipients you must exclude from your list. A valid recipient is one that has provided the sender with either ‘implied’ or ‘express’ consent.
Implied vs. Express Consent
CASL defines two types of consent: implied and express. If you have not received either implicit consent (existing business relationship) or explicit consent (opt-in), you cannot send mail to that recipient. And, if you are not sure, you are no longer allowed to mail those people as well.
Implied consent includes the following:
A recipient has conducted business (i.e. purchased a product) with your organization in the last 24 months.
A recipient has made an inquiry or filled out an application within the last 6 months.
A professional message is sent to someone whose email address was given to you, or is published and who hasn't notified you to discontinue unsolicited messages.
If your recipients don't meet the above criteria, express consent is required before you can send a CEM to them.
Express consent is only valid if the following information is included with your consent request:
A clear and concise description of your purpose in obtaining consent.
A description of messages you'll be sending.
Requestor's name and contact information (physical mailing address and telephone number, email address, or website URL) - If you're requesting consent on behalf of a client, the client's name and contact information must be included with the consent request.
A statement that the recipient may unsubscribe at any time.
No pre-checked opt-in boxes.
It is important to retain this evidence, as the sender bears the burden of proving that consent has been given.
As previously mentioned, the requirement for compliance started July 1, 2014. July 1, 2017 marks the day on which recipients will have the right to private action, allowing individual citizens to challenge CASL violators. CASL is providing a grace period (July 1, 2014-July 1, 2017) in which people can adjust to the new regulations and take steps to ensure their email list stays in compliance. During this transition you may continue to send messages to recipients from whom you have implied consent, unless they unsubscribe. Post July 1, 2017 you may only send to recipients that have done either of the following:
They have provided express consent and have not unsubscribed.
They have implied consent that is currently valid under CASL (within 24 months of a purchase or six months of an inquiry).
These types of emails are exempt from CASL: *Please note that while they are exempt from CASL, not all of them are allowable under certain ESP guidelines.
Sending messages that provide information about a purchase, subscription, membership, account or loan. In other words, you can still send transactional messages. But, be aware that the transactional message cannot contain any promotional content. The 70:30 ratio of promotional to transactional content is no longer applicable.
Sending communication that provides warranty, recall, safety, or security information.
Sending communication with family members or someone with whom you have a personal relationship.
Sending messages to an employee.
Sending messages sent on behalf of a charity or political organization for the purposes of raising funds or soliciting contributions.
Sending messages attempting to enforce a legal right or court order.
A single message to a recipient without an existing relationship on the basis of a referral. The full name of the referring person must be disclosed in the message. The referrer may be family or have another relationship with the person to whom you're sending.
*If your message does not meet one of these criteria, consent is required under CASL.
CASL Violation Penalties
A CASL violation may result in significant penalties of up to $1 million CAD (for individuals) and $10 million CAD (for corporations). CASL also creates private rights of action, with significant statutory damages available (up to $1 million/day of non-compliance). In addition, a court may also order persons that violate CASL to pay statutory damages for each day on which it occurred.