Canada's New Anti-Spam Law (CASL) for Email Marketers

On July 1st, Canada's new Anti-Spam Law (CASL) will take effect over the course of the next several months. This legislation has implications for anyone sending or intending to send commercial email, SMS, or other electronic marketing. Sound like you? Read on...

What is it?

Bill C-28, properly known as Canada's Anti-Spam Law (CASL) is an update to 2003’s CAN-SPAM act. The legislation will be enacted in an effort to promote e-commerce by deterring email spam and misleading commercial representations online.

Who & what does it apply to?

CASL applies to Canadian residents or anyone sending to Canadian residents (individuals or businesses). The law applies to any “electronic messages” sent, which includes:

• Email
• Instant Message
• Text Message

And any other electronic correspondence.

Who & what does this NOT apply to?

• Faxes. (Please don’t revert to your fax machine to avoid the law though...)
• Those opening emails not in Canada
• Transactional emails (ie. you buy something, you get an email receipt - that's fair game)

How is this different from CAN-SPAM in 2003?

• CASL applies to messages accessed from a computer system in Canada, but these messages can be SENT from outside of Canada.
• CAN-SPAM was specifically email messages while CASL encompasses all electronic messages.
• While CAN-SPAM enforced a strict “opt-out” policy, CASL focuses more on the “opt-in”. ie It’s important that your subscribers have consented to receive commercial email from your business.

What is considered consent when sending commercial electronic messages?

• Sending to someone with whom you have established a personal relationship with.
• Sending to an employee or individual associated with your business.
• Responding to a customer or correspondence from the customer within the last six months.
• Sending on behalf of a charity or political organization for the purpose of raising funds and contributions.
• Providing info about safety, warranty, recalls etc. purchased by the customer.
• Informing customers of product updates.
• Providing info about ongoing use, subscription, membership, account, etc.
• Attempting to enforce a legal right or court order.

If you’re doing any of the above, you’re complying with the law!

The law states that consent can also be implied. (Disclaimer: this is a bit of a grey area and you should seek legal advice if you’re unsure what exactly is involved in this)

Consent can be implied if:

• The electronic message sent is related to the recipient’s professional or official role, and they have not told you that they don’t want to receive unsolicited electronic messages, AND the recipient has either given you their address or conspicuously published it.
• The recipient has within the previous 24 months purchased something from you, or has made a business interaction or deal with you, been a party to a contract with you or has had a membership with you.
• You are a registered charity or organization and the recipient has made a donation, volunteered for or attended a meeting organized by you.

What do I do if I'm positive I don’t have consent but I know I need it?

Remember: if you're using an email service provider, and that ESP has provided an opt-in form which has been the vehicle by which you've gained subscribers - you're ok. If you've purchased email lists, or you're just sending bulk unsolicited email to your entire sales-contact list that may or may not have heard from you in ages, you'll probably want to take note. Express consent is your fall back plan. If you do not meet any of the criteria listed above, you must obtain express consent before you can send commercial email. You should do the following prior to July 1/2014.

To obtain express consent, give the recipient:

• Your name
• A clear description of your purpose for obtaining their consent (ie why are you sending them email in the first place?)
• Your physical mailing address and either a phone number, your email address or web address of the person who is seeking consent (ie you, or your business).
• A statement that the recipient can unsubscribe at any time.
• A url to your opt-in form.

But wait! There’s more..

There are a few things that you should have, regardless of whether or not you have consent:

• A conspicuously placed privacy policy should be on your website. Any form that requires the user to submit sensitive information (email address, credit card info, etc) should include a link to this privacy policy page.
• Your opt-in checkbox should NOT be automatically checked. Visitors must physically tick the box to consent to receiving offers.
• Ideally, you should keep a record of all of your opt-ins. If you’re using an email marketing provider like Mailchimp, this is automatically recorded.

What about the actual content of my email?

These are pretty basic commercial email best practices that should be followed regardless of any laws. Much of this information can be easily placed in the footer of your email:

• Always include your name or business name
• You must include your physical address and either a phone number, your email address or web address (it’s not necessary to include your email address in the content of the email if you’ve set it as your reply-to email. for example, the email came from [email protected], so it’s obvious to the subscriber what your email address is).
• An unsubscribe mechanism, whether it be a click on a link, or a reply message. The subscriber must be unsubscribed within ten days of the receipt of that message.
• A short reason why your subscriber is receiving your content.

Here's an example of the footer of our regular e-newsletter:

So what’s the worst that could happen?

When someone clicks “Mark this as spam” after reading an email, your ISP (internet service provider) receives an abuse report (this is also reported in your ESP’s reporting). If you send emails to a list that gets an unusual amount of spam complaints (it’s hard to say how much is too much, but you can read about industry averages here ), your ISP can block all email from your server. Good news! You don’t have to worry about this, your email marketing service provider does - and you better believe that Mailchimp is constantly monitoring abuse reports from ISPs so they can immediately pinpoint why these reports are happening, and redistribute email delivery to different servers and IP addresses. I love you, Mailchimp.

This information isn't meant to scare you, it’s just a friendly reminder that some folks out there are abusing the system, purchasing email lists, hiding unsubscribe buttons, sending unsolicited bulk emails ... bad news. We don't like email spam as much as the next person, so we're happy to hear that there are measures being put in place to reduce it. If you're in Winnipeg and you'd like to learn more, our friends at Thompson Dorfman Sweatman LLP are holding a seminar about the legislation which will cover the legal side of things.

Rest easy...

At the end of the day, you shouldn't be doing any less email marketing than you did before, if anything do more! Email marketing still remains one of the highest converting tactics for eCommerce, with a consistently good ROI. The key is to use segmentation in order to send the most relevant content to your subscribers. Give consenting people content that they want to read and they'll reward you for it.

Legal Disclaimer: This information contained in this document was derived from several government websites and is intended for reference purposes only. While we make every reasonable effort to ensure that the information provided is accurate, it is in no way meant to replace official legal advice from a registered attorney. Metric Marketing is not responsible for omissions or errors in information which may result in re-percussive action due to misinterpretation of this document. Always consult your local laws, government agencies, and official documentation before sending out any bulk email.