canada anti-spam legislation: obligations and opportunity
TRANSCRIPT
Agenda
Introduction
CASL – Overview
CASL – Nuts and Bolts
CASL – What is compliance?
Building your business the CASL way
Introduction
CASL – New Legislation
• Online July 1, 2014
Information Overload
• Focus on practical considerations » Be current » CASL compliant business development
It’s a Mouthful!
CASL actually: An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.
Better Yet: Canada Anti-Spam Legislation (CASL)
What Is it Really?
Federal Legislation (i.e. Canada wide) designed to promote e-commerce and discourage unsolicited electronic messaging as a business and marketing tool
• Response to the proliferation of ‘spam’ • Takes a ‘prohibitive’ approach – not a ‘permissive’ one
• Deters most damaging and deceptive forms of spam
Why Now?
Government, industry and the public wanted less unsolicited electronic messages, whether in the form of e-mail, text messages, social media or other means of telecommunication, sent for commercial reasons
Secondary attempt to reduce electronic threats to commerce,
including “phishing”, “pharming”, “malware” and “spyware”
What Does CASL Capture?
For starters - Applies to Email Marketing, and all Social Media Marketing for a commercial activity
• Barring specific exemptions, don’t assume that recipients want to receive marketing materials – get consent!
Very broad coverage
• Commercial Electronic Messages (CEMs) • Malware / Spyware • Automatic Information Collection
CEMs – What Are They? Commercial Electronic Messages - message sent by any means of
telecommunication, including a text, sound, voice or image message, to an “electronic address”
• E-mail / instant messaging accounts • Similar accounts
Several classes of commercial messaging are exempted from CASL • Phone conversations • Messages sent via fax to telephone accounts • Voice recordings sent to a telephone account
When is this Happening?
Originally enacted in December 2010
Main body of CASL comes online July 1, 2014
Computer program rules (malware etc.) trigger on January 15, 2015
On July 1, 2017, private individuals gain a right of action to claim damages • You can be sued as well as receive administrative penalties
Do I Really Need to Worry?
CASL creates new offences, enforcement mechanisms and penalties regulating unsolicited CEMs
With CASL - some of the toughest legislation in the G-8 • Higher consent standards • Covers more communication mediums • Detailed content requirements • Significant penalties for breach:
» $1,000,000 up to $10,0000,000 per instance » violations may be separately assessed for each day of non-
compliance
CASL vs CAN – SPAM ACT
CASL CAN – SPAM ACT Covers: • Commercial electronic messages • Potential liability of directors, officers
and agents of a corporation • Expressly includes employers of
employees
• Any CEM that has, as its purpose, or one of its purposes, a commercial activity
Covers: • Commercial electronic mail
messages (CEMM) • Directors and officers not referenced
in the legislation • Any CEMM that has as its primary
purpose a commercial intent
Is an Electronic Message Commercial?
“Commercial” message: content that as one of its purposes encourages participation in a commercial activity, regardless of whether this is done with the expectation of profit
• Messages that offer to sell or advertise products
• Messages that promote a person or corporation, including personal contact information
• Messages that aim to collect consumer or market information
• Messages aimed at obtaining consent to send further messages
Exemptions From CASL Do Exist
CEM provides only factual info about a subscription, membership or account
CEM sent to an individual with whom the sender has a “personal or family relationship”
CEM sent to a person engaged in a commercial activity and consists solely of an inquiry or application related to that person’s commercial activity
Any CEM sent in response to a request, inquiry, complaint or otherwise solicited by the person receiving the CEM
Exemptions From CASL Do Exist (con’t)
Employee to employee CEMs between companies that have a business relationship and the CEMs relate to the company receiving the message
A CEM sent to satisfy or inform of a legal obligation, recall notice or warranty information
A one-time CEM sent to someone without consent, relying on a referral from a 3rd party, as long as the sender discloses the name of the person making the referral, and as long as the person making the referral has a relationship with both the sender and the receiver
If No Exemption – Then GET CONSENT!
Two things to think about in order to comply with a Non-exempt CEM:
• Need Consent from the receiver » Express Consent; or » Implied Consent
• CEM Content must contain » Information Disclosure » Unsubscribe Mechanism
Picture It . . . CEMs
Non-Exempt
Consent
Do I have??
Express
Gold Standard
Oral
Keep Records
Written
Preferred
Implied
Limited Time
Business Relationship
Is it really?
Non-Business Relationship
Close enough?
Published Info
Relevant Info
Content
Is it there?
Disclosures
Required Info
Unsubscribe
Mechanism
Express Consent
Go to form of consent
Required disclosures to obtain consent
• Purpose of the request
• Name and contact information of party making the request for consent
• Communication must include statement that consent can be withdrawn at anytime (an unsubscribe option)
Implied Consent – Onus on the Sender
Business Relationship • Contractual Relationships • Parties to leases, contracts for sale • Supply or Services contracts
Relationship Outside Business • Shared volunteer associations • Membership in clubs or groups
Address of Recipient is Published • Hasn’t previously withdrawn consent • Information is relevant to the recipient’s duties
Content Requirements
Disclosure of Information • Who is sending the CEM • The name of the agent used (if any) • Sender’s contact information
Unsubscribe Option
• Must advise receiver they can unsubscribe at anytime • Receiver must be able to reply directly to the notice
Be Prepared!
Main body of CASL comes online July 1, 2014
• 3 year transition period in some cases
During the Transition Period implied consent continues
• For a period of 3 years after July 1, 2014
• Until express consent is obtained
• Consent is withdrawn
Staff Knowledge & Compliance Groups
Internal buy-in is key • E-mails to staff / required replies • Senior and Mid-level management messaging
» Continual process, not a one time event
Cross organizational compliance group • Leaders across divisions
» Information Tech / sales & marketing / administrative • CASL compliant database of CEMs • ABR - Always Be Reminding
Go Data Mining
My commercial electronic message business is . . .
• Review databases for CEM communications
• Required disclosure from sales & marketing staff
• Categorize and classify CEMs » What categories and types are important » Risky CEMs with little value add » New types moving forward
• Make database easy and accessible
The CEM Database
Is a category of CEM
Are database management tools • Capable of tracking unsubscribe notices • Tracking time periods for implied consent • Capable of recognizing upgrades in consent
• Allowed by Express Consent
• Gold Standard
• Allowed by Exemption • Allowed by Implied
Consent • be careful
“The CASL 500”
CASL not a one lap race • Compliance today doesn’t mean no breach tomorrow • Coordinate departmental communications and develop/implement
training plan » Don’t forget new employees » Refresher courses » Targeted training
• CEM Database review benchmarks » Monthly / quarterly
· Are management tools working
Hand to Hand
promote your email list and encourage people to join from your business card and other
printed material
Customer Touch
Every interaction with a contact should be used as an opportunity to join your business list
• Business Card drops, voicemail, sales/service invoices & quotes