As of July 1, 2014, CASL will require businesses to obtain either express “opt-in” or implied consent to send commercial electronic messages (CEMs), including emails and certain types of social media messages. Pre-toggled or pre-checked in boxes will not be allowed. In addition, all electronic marketing messages will need to clearly and prominently identify the sender, include the sender’s contact information and provide an unsubscribe mechanism, unless fully exempted from the Act.
Organizations that don’t comply with CASL risk serious penalties, including criminal charges, civil charges, and personal liability for company officers and directors, and penalties up to $10 million.
CASL will be enforced in three stages:
- The anti-spam provisions will take effect on July 1, 2014, giving businesses mere months to inventory their electronic marketing practices, align these practices with CASL and implement changes to their business processes and CRM systems.
- The provisions relating to the unsolicited installation of computer programs or software will come into force on January 15, 2015.
- The private right of action will be enforced as of July 1, 2017
Businesses have a three year grace period after July 1, 2014 to verify and confirm consent to send CEMs, but can still only communicate with recipients with whom they have an existing business relationship.
Canada’s Anti-Spam Law: Key Exemptions
A Commercial Electronic Message (CEM) is any electronic message that encourages participation in a commercial activity, such as an email that contains a coupon or tells customers about a promotion or sale. If your organization sends CEMs, you’ll need “express consent” from recipients before sending them – although certain exemptions exist.
The revised regulations introduce key exemptions for B2B, legal and referral business practices, for telecommunications services (TSPs) and for personal relationships.
Here we summarize these exemptions for you:
- Business-to-business (B2B) communications – CASL applies broadly to all CEMs. However, the new regulations include exemptions for CEMs sent within a business, and CEMs sent between businesses that are in an ongoing business relationship. The messages must be sent by an employee, representative, contractor or franchisee, and be relevant to the business, role, function or duties of the recipients. Similarly exempt are communications sent to third-party business partners, such as marketing agencies, recruiting firms and insurance carriers.
- Messages sent to consumers in response to a request for information – The new regulations address this unintended consequence by exempting messages sent in response to requests, inquiries or complaints.
- Messages sent to enforce a legal right – Examples include messages sent for debt collection, licensing and enforcing contractual obligations.
- Messages sent from outside Canada – These include messages sent by foreign businesses (provided the sender could not reasonably know the message would be received in Canada) and internationally-based Canadian organizations.
Third-party referrals. To qualify for the exemption:
- The individual who sends the message must disclose in the message the ordinary or full name of the person who made the referral.
- The individual who made the referral must have an existing personal or family or business relationship with both the sender and the person who receives the message.
Telecommunications service providers (TSPs)
The new regulations also include two exemptions for TSPs to permit the installation of computer programs without consent:
- For the purpose of preventing illegal activities that pose a risk to network security.
- For network update/upgrading purposes.
Key points to Consider
- Organizations need express consent from recipients before sending a CEM using opt-in; implied consent applies in limited circumstances
- Recipients must indicate a positive and explicit consent by checking a box or typing an email address into a field
- You need express consent separately for each act regulated by CASL, such as sending a CEM, altering transmission data in CEMs or installing a computer program on another person’s computer, and that consent can’t be bundled into the general terms and conditions of use or sale
To comply with CASL, you must provide recipients with:
- The name of the person or organization seeking consent
- A mailing address and either a phone number, voice message system, email address or website where recipients can access an agent for more information, and which remains valid for at least 60 days after the CEM is sent
- A statement identifying the person on whose behalf consent is being sought
- The identity and contact information of any third party or affiliate used to obtain the recipient’s consent
- A free unsubscribe mechanism that takes effect within 10 days maximum giving recipients two ways to electronically opt-out of communications, such as by email or hyperlink
- The ability to opt-out of all types of communications sent by either your organization or a third party partner (e.g. not just newsletter lists, but also invitations to seminars or any other type of CEM you send)
- If you’re seeking express consent, you also need to explain why you’re contacting the prospect, in addition to including all the mandatory contact information and providing an unsubscribe mechanism.
- If you can’t include this information in a CEM, you’ll need to provide a link to an easily accessible web page that clearly displays this information.
Have questions? Need Help? Feel free to contact us or give us a call at 1.888.569.3032.