Canada Anti-Spam Legislation: Obligations and Opportunity

Presenters: Matthew Wansink Chris Bakker

Agenda

Introduction

CASL – Overview

CASL – Nuts and Bolts

CASL – What is compliance?

Building your business the CASL way

Introduction

CASL – New Legislation

• Online July 1, 2014

Information Overload

• Focus on practical considerations » Be current » CASL compliant business development

CASL - An Overview

It’s a Mouthful!

CASL actually: An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

Better Yet: Canada Anti-Spam Legislation (CASL)

What Is it Really?

Federal Legislation (i.e. Canada wide) designed to promote e-commerce and discourage unsolicited electronic messaging as a business and marketing tool

• Response to the proliferation of ‘spam’ • Takes a ‘prohibitive’ approach – not a ‘permissive’ one

• Deters most damaging and deceptive forms of spam

Why Now?

Government, industry and the public wanted less unsolicited electronic messages, whether in the form of e-mail, text messages, social media or other means of telecommunication, sent for commercial reasons

Secondary attempt to reduce electronic threats to commerce,

including “phishing”, “pharming”, “malware” and “spyware”

What Does CASL Capture?

For starters - Applies to Email Marketing, and all Social Media Marketing for a commercial activity

• Barring specific exemptions, don’t assume that recipients want to receive marketing materials – get consent!

Very broad coverage

• Commercial Electronic Messages (CEMs) • Malware / Spyware • Automatic Information Collection

CEMs – What Are They? Commercial Electronic Messages - message sent by any means of

telecommunication, including a text, sound, voice or image message, to an “electronic address”

• E-mail / instant messaging accounts • Similar accounts

Several classes of commercial messaging are exempted from CASL • Phone conversations • Messages sent via fax to telephone accounts • Voice recordings sent to a telephone account

When is this Happening?

Originally enacted in December 2010

Main body of CASL comes online July 1, 2014

Computer program rules (malware etc.) trigger on January 15, 2015

On July 1, 2017, private individuals gain a right of action to claim damages • You can be sued as well as receive administrative penalties

Do I Really Need to Worry?

CASL creates new offences, enforcement mechanisms and penalties regulating unsolicited CEMs

With CASL - some of the toughest legislation in the G-8 • Higher consent standards • Covers more communication mediums • Detailed content requirements • Significant penalties for breach:

» $1,000,000 up to $10,0000,000 per instance » violations may be separately assessed for each day of non-

compliance

CASL vs CAN – SPAM ACT

CASL CAN – SPAM ACT Covers: • Commercial electronic messages • Potential liability of directors, officers

and agents of a corporation • Expressly includes employers of

employees

• Any CEM that has, as its purpose, or one of its purposes, a commercial activity

Covers: • Commercial electronic mail

messages (CEMM) • Directors and officers not referenced

in the legislation • Any CEMM that has as its primary

purpose a commercial intent

CASL – Nuts and Bolts

Is an Electronic Message Commercial?

“Commercial” message: content that as one of its purposes encourages participation in a commercial activity, regardless of whether this is done with the expectation of profit

• Messages that offer to sell or advertise products

• Messages that promote a person or corporation, including personal contact information

• Messages that aim to collect consumer or market information

• Messages aimed at obtaining consent to send further messages

Exemptions From CASL Do Exist

CEM provides only factual info about a subscription, membership or account

CEM sent to an individual with whom the sender has a “personal or family relationship”

CEM sent to a person engaged in a commercial activity and consists solely of an inquiry or application related to that person’s commercial activity

Any CEM sent in response to a request, inquiry, complaint or otherwise solicited by the person receiving the CEM

Exemptions From CASL Do Exist (con’t)

Employee to employee CEMs between companies that have a business relationship and the CEMs relate to the company receiving the message

A CEM sent to satisfy or inform of a legal obligation, recall notice or warranty information

A one-time CEM sent to someone without consent, relying on a referral from a 3rd party, as long as the sender discloses the name of the person making the referral, and as long as the person making the referral has a relationship with both the sender and the receiver

If No Exemption – Then GET CONSENT!

Two things to think about in order to comply with a Non-exempt CEM:

• Need Consent from the receiver » Express Consent; or » Implied Consent

• CEM Content must contain » Information Disclosure » Unsubscribe Mechanism

Picture It . . . CEMs

Non-Exempt

Consent

Do I have??

Express

Gold Standard

Oral

Keep Records

Written

Preferred

Implied

Limited Time

Business Relationship

Is it really?

Non-Business Relationship

Close enough?

Published Info

Relevant Info

Content

Is it there?

Disclosures

Required Info

Unsubscribe

Mechanism

Express Consent

Go to form of consent

Required disclosures to obtain consent

• Purpose of the request

• Name and contact information of party making the request for consent

• Communication must include statement that consent can be withdrawn at anytime (an unsubscribe option)

Implied Consent – Onus on the Sender

Business Relationship • Contractual Relationships • Parties to leases, contracts for sale • Supply or Services contracts

Relationship Outside Business • Shared volunteer associations • Membership in clubs or groups

Address of Recipient is Published • Hasn’t previously withdrawn consent • Information is relevant to the recipient’s duties

Content Requirements

Disclosure of Information • Who is sending the CEM • The name of the agent used (if any) • Sender’s contact information

Unsubscribe Option

• Must advise receiver they can unsubscribe at anytime • Receiver must be able to reply directly to the notice

Express Consent Means EXPRESS!

Express Consent – Be Careful

Unsubscribing Examples

CASL – What is Compliance?

Be Prepared!

Main body of CASL comes online July 1, 2014

• 3 year transition period in some cases

During the Transition Period implied consent continues

• For a period of 3 years after July 1, 2014

• Until express consent is obtained

• Consent is withdrawn

Staff Knowledge & Compliance Groups

Internal buy-in is key • E-mails to staff / required replies • Senior and Mid-level management messaging

» Continual process, not a one time event

Cross organizational compliance group • Leaders across divisions

» Information Tech / sales & marketing / administrative • CASL compliant database of CEMs • ABR - Always Be Reminding

Go Data Mining

My commercial electronic message business is . . .

• Review databases for CEM communications

• Required disclosure from sales & marketing staff

• Categorize and classify CEMs » What categories and types are important » Risky CEMs with little value add » New types moving forward

• Make database easy and accessible

The CEM Database

Is a category of CEM

Are database management tools • Capable of tracking unsubscribe notices • Tracking time periods for implied consent • Capable of recognizing upgrades in consent

• Allowed by Express Consent

• Gold Standard

• Allowed by Exemption • Allowed by Implied

Consent • be careful

“The CASL 500”

CASL not a one lap race • Compliance today doesn’t mean no breach tomorrow • Coordinate departmental communications and develop/implement

training plan » Don’t forget new employees » Refresher courses » Targeted training

• CEM Database review benchmarks » Monthly / quarterly

· Are management tools working

Build Your Business: The CASL Way

Show Me the Solution!

voicemail or calls

events and meetings

email signature

online presence

Show Them How

Hand to Hand

promote your email list and encourage people to join from your business card and other

printed material

Customer Touch

Every interaction with a contact should be used as an opportunity to join your business list

• Business Card drops, voicemail, sales/service invoices & quotes