15 Recommendations to Strengthen and Simplify CASL

Following our testimony before the Standing Committee on Industry, Science and Technology of the House of Commons, and the rich and numerous exchanges we had with members of Parliament during the question period, we published a brief containing a series of recommendations to be taken into account in their review process of the Canadian Anti-Spam Law.

Here are the 15  recommendations that you can also download in its original PDF format:

—–

This brief presents a series of recommendations to supplement the presentation given by our president, Philippe Le Roux, at the Committee’s 79th meeting. The following recommendations support two main objectives:

  • Enhance the benefits of Canada’s anti-spam legislation (CASL) for consumers and businesses
  • Facilitate CASL compliance for businesses

1) Educate consumers about CASL

Consumers are aware of CASL’s existence, but they are not aware of the primary rules regarding consent. As a result, many complaints are being filed about messages that are fully compliant with the regulatory requirements but perceived by certain recipients as unsolicited. This places an unnecessary burden on enforcement agencies and creates needless friction between businesses and consumers.

R1: We recommend that a CASL education and outreach campaign be launched across the country to educate consumers about the kinds of messages and situations that are regulated as well as the defence mechanisms available, such as the Spam Reporting Centre (SRC) and the private right of action.

2) Educate businesses about CASL compliance

The main obstacle to CASL compliance is total or partial ignorance of the regulatory requirements. The latest studies show that less than 20% of Canadian businesses know that a compliance program is needed to make use of the due diligence defence. For small and medium enterprises, which account for 97% of Canadian businesses, this falls to less than 5%.

R2: We recommend that a campaign be launched to educate small businesses about the many regulatory requirements and the importance of compliance programs. This campaign should be carried out in cooperation with agencies that deal with small businesses, such as chambers of commerce, industry associations, and advocacy organizations such as the Canadian Federation of Independent Business (CFIB).

R3: We also recommend that the CRTC produce CASL awareness webinars based on the conferences given by the investigations and compliance team during the awareness campaign last spring in Toronto, and that these webinars be posted on its fightspam.gc.ca site.

3) Improve the fightspam.gc.ca website

The authoritative website for information about CASL is only updated a few times a year, leaving the perception that it is not really a topic of concern for businesses. As well, the site does not provide an objective-based user experience, but instead presents categories of information, making it very difficult for an inexperienced user to find what they are looking for. Lastly, the site hides the regulatory requirements for recordkeeping, the basis for most fines.

R4: We recommend that the fightspam.gc.ca website be redesigned based on a dual architecture: one section educating consumers about how CASL protects them, how to determine whether or not a message is compliant, and the various courses of action available if they receive a non-compliant message; and another section educating businesses about the requirements and the CRTC’s interpretations with respect to compliance.

4) Remove uncertainty surrounding the most common issues

During its two appearances before the Committee, the CRTC referred to some of the directives it has released over the past three years. We have identified about 100 common compliance issues affecting small businesses. The CRTC is clearly too slow to release information, adding stress and a needless burden on companies that wish to comply.

As well, the CRTC’s published decisions show that in each case, it has taken a narrow interpretation of CASL, each time creating an unreasonable requirement for small businesses that wish to comply. This way of dealing with businesses that make honest mistakes discourages small businesses from investing in compliance.

R5: We recommend that the CRTC establish an advisory committee made up of key stakeholders (consumer advocates, legal experts, email marketing experts, compliance experts) to identify and analyze the most common compliance issues and quickly release its compliance requirements and guides on these issues, in line with the advisory committee’s recommendations.

5) Oversee compliance services

CASL compliance service providers such as Certimail, Newport Thomson, AAM, Deloitte and KPMG are strategic allies for the CRTC in encouraging Canadian businesses to develop documented compliance programs. Despite our very limited resources, this year Certimail has educated more small businesses in Quebec than the CRTC has across Canada.

Companies would be more motivated to invest in a compliance program if they were assured that these programs are effective, which is not currently the case.

R6: We recommend that the CRTC publish codes of conduct that oversee, recognize and endorse industry-developed compliance programs, as is the case with the GDPR in Europe.

6) Range of fines

It is surprising that Canada’s biggest spammer, Compu-Finder, which generated up to 25% of the complaints filed with the CRTC at the time of investigation and consistently refused to cooperate throughout the process, was fined the same amount as Rogers Media, which acted in good faith and fully cooperated during the investigation.

As well, threatening a small business of 10–30 employees with $10 million in fines appears to be so disconnected from the reality of these businesses that they do not take CASL and its enforcement seriously and are not motivated to comply.

Although the $10 million cap needs to stay in place so that fines continue to serve as a deterrent and prevent multinationals from seeing fines as simply a cost of doing business, a graduated range of fines depending on the business, the offence and the context would make the threat more real and therefore more effective.

R7: We recommend that the CRTC set a range of fines taking into account the size of the business, its annual revenues, the number of complaints received, the seriousness of the offence, the intent and past history of the business. A minimum and maximum fine for each offence category could be set.

7) Private right of action (PRA)

As long as the number of fines remains negligible compared to the number of complaints (6 vs. 1.1 million), consumers and businesses need another avenue to protect their rights.

The PRA has a deterrence power that the CRTC has not been able to obtain in three years. We received 10 times the number of requests for information on compliance in spring 2017 than in spring 2014. This number plunged immediately following the government’s June 7 announcement that the measure was being postponed.

R8: We recommend that implementation of the private right of action be announced quickly with a deadline of July 1, 2018, so that businesses can be educated about the above recommended compliance requirements.

8) Limit withdrawals to the reference entity

The CRTC is currently interpreting “withdrawal of consent” more broadly than the consent itself. The following is an example given by the CRTC during a recent presentation in Toronto. If a consumer signs up for newsletters from Dove (a Johnson & Johnson brand), Johnson & Johnson cannot send that consumer commercial email messages (CEMs) about its other brands. However, if the consumer withdraws consent, by default this withdrawal must be applied to all CEMs sent by Johnson & Johnson, including those pertaining to brands for which there may be implicit or explicit consent, even though the consumer may not be aware that both brands belong to the same company.

R9: We recommend that withdrawal be limited to the brand in question, not the parent company’s entire line of brands, whose existence and breadth may be unknown to consumers

9) Transactional and service messages

Under section 6.6, transactional and service messages that do not require consent must now include withdrawal mechanisms, which imposes a burden on companies and creates confusion and frustration for consumers who receive them.

R10: We recommend that section 6.6 be simply repealed so that only identification information is required in such messages.

10) Differentiating the various types of commercial electronic messages

Currently, virtually all CEMs fit into three categories:

  • batch messages
  • automated marketing messages sent individually, but without human intervention
  • individual messages written and sent explicitly by someone for each mail out

However, CASL provides that, by default, withdrawal of consent in response to any of these messages must be interpreted as a withdrawal of consent for all commercial electronic messages of all types.

R11: We recommend that CASL be amended to reflect these different message categories and that the regulatory requirements take them into account, such as by limiting the scope of withdrawals to the category of message that initiated the withdrawal request by default.

11) Expand complaint forms and make them public

The current complaint form does not allow complainants to provide additional context when filing a complaint. This is extremely frustrating for some consumers, and it deprives investigators of information that could help validate and process complaints.

Furthermore, the SRC is a black box, and this lack of transparency is very frustrating to consumers who want to know if they are the only ones complaining about a company, and to companies interested in finding out how many complaints have been filed against them.

R12: We recommend that the complaint form be expanded to include fields that allow complainants to provide context about the offending messages, and that the complaints index be made accessible through an open data file as well as a web interface allowing searches on multiple criteria, including company names and brands. Of course, this information would be accompanied by a notice indicating the basis of the complaint has not been validated.

12) Speed up investigations to keep up with complaints

With just under 500 investigations and six fines issued in three years over more than 1.1 million complaints, the CRTC is leaving the impression that there is practically zero chance of getting caught. In fact, small businesses see CASL as little more than a game of Russian roulette with six bullets in a revolver with 1 million blanks, rather than a set of regulations that apply to everyone.

R13: We recommend that the CRTC develop mechanisms to automate complaint analysis and processing combined with a graduated range of fines to reduce the investigation workload required for each case.

R 14: We also recommend that companies subject to a first validated complaint receive a warning letter to raise awareness and to inform them that they could face investigations or fines.

13) Promote the benefits of CASL

Not only has CASL resulted in a sharp drop in spam in Canada, but it has also had a positive impact on the effectiveness of email marketing. The email marketing performance of Canadian companies has increased over 20% since CASL came into force. Promoting the competitive advantage of CASL compliance will help the government motivate businesses.

R15: We recommend that the government launch an education campaign about the effectiveness of email marketing when it complies with CASL best practices. This will allow companies to see the cost of compliance as an investment in marketing.

Those are our main recommendations based on four years working with dozens of small businesses of all sizes and in all fields to ensure they are compliant, as well as on over 20 years of expertise in effective email marketing. We are available to the Committee and its members to discuss these recommendations in greater detail.

 

Public Address of Philippe Le Roux Before the Parliamentary Committee on the Revision of CASL

Speech delivered by Philippe Le Roux, President of Certimail, during his testimony before the House of Commons Standing Committee on Industry, Science and Technology as part of the revision of the Canadian Anti-Spam Law.

Introduction

I want to thank the Committee for inviting me to testify today. Although not well covered by the media, the work of this committee is very important to the Canadian economy and its people.

I have of course followed the work of your Committee with great interest, and I have published a regular report on our blog. Unaccustomed to lobbying activities, I confess that I was particularly surprised by the number of approximations, exaggerations and alternative facts that you were served as scientific truths.

I will return to these statements later. As an Internet pioneer in Quebec, I founded in 1994 the first digital marketing agency through which I, for nearly 20 years, helped many organizations like VIA Rail, RDS, and Club Med USA to use the web to transform their marketing strategies, sales and sometimes even their business models.

I have always considered email as the heart of any digital marketing strategy and started to implement email marketing strategies for our customers in 1996. In 2013, I left the agency to establish Certimail whose mission is to help Canadian SMBs improve the effectiveness of their email marketing all the while complying with CASL. We are in fact the only company dedicated to CASL compliance.

Far from any dogmatism, the findings and recommendation that I present to you rely on my 20 years of email marketing experience, and 4 years devoted to analyzing CASL and its 13 regulatory documents to help tens of SMBs of all sizes to implement their compliance program based on the CRTC’s requirements.

The cost of conformity

Before going into the analysis of CASL and its application, I would like to answer a simple question that you asked at each of your sessions without ever getting an answer: to know what it costs a company to comply with CASL. The answer is simple; our certified compliance packages cost $ 699 for a sole proprietorship, $ 1,249 for a small business with less than 10 employees, and $ 3,000 to $ 15,000 for businesses with 11 to 300 employees. If my colleagues from Newport Thomson, Deloitte or KPMG who offer similar services to the largest companies were invited, they would tell you that their rates are between $ 25,000 and $ 100,000.

Surprisingly, neither the CRTC nor the industry associations have been able to provide you with this much needed and easily accessible information.

That being said, my intervention will focus on three points:

  • The importance and effectiveness of CASL
  • The inadequacy of the approach of the CRTC
  • Some recommendations to enhance the effectiveness of CASL all the while reducing its negative impacts

CASL’s relevance and effectiveness

It is as a marketing expert and socially motivated consumer that I wish to demonstrate to you that not only is CASL necessary but it is wanted.

Contrary to what was said by the many lobbyists who came before you, CASL is not a law on cybersecurity or IT risk, but a law that aims to develop consumer confidence in e-businesses.

In fact, as suggested in the report by the Task Force on Spam, CASL and its regulations are more like an Electronic Communications Highway Code than a Cyber-Threats Act.

When I crossed the Champlain Bridge this morning to attend this session, I noticed that the complex and stringent regulations put in place a century ago to supervise the few motorists at the time did not affect the development of this mode of transport.

And this Electronic Communications Highway Code, Canadians want it. They have demonstrated this by filing more than 1 million complaints in three years without having seen a single advertisement urging them to do so. And this support of CASL continues through the thousands of complaints filed every day.

This volume of complaints is enough to contradict the assertions delivered to you by the Canadian Chamber of Commerce in the last session. Receiving unsolicited commercial electronic messages is still a major problem for the vast majority of Canadians. Anti-spam technologies are becoming more efficient, but they have not solved the problem and are beginning to show their limitations.

The importance and effectiveness of CASL

In one year, CASL already reduced the volume of spam received in Canadian inboxes by 37%. This demonstrates the effectiveness of CASL for consumers.

But it is also effective for businesses, at least for those who want to do email marketing properly and not use it like traditional marketing à la Mad Men.

Since CASL came into effect, Canada has emerged from the pack to become one of the two countries where email marketing is by far the most effective. The second country is Australia, the only country that has broad and severe legislation similar to CASL.

For example, the reach rate (the proportion of outgoing messages that are visible to recipients in their email) is about 80% in most countries. In Canada, that rate rose from 79% in 2014 [1] to 90% today [2] . The only other country in the world that reaches a similar score is Australia.

Similarly, the open rate (the proportion of marketing emails opened by recipients) is from 12% [3] on the African continent to 24% [4] in the UK. With an open rate of 32% [5] Canada is second to Australia with 33%. Yet the open rate in Canada was only 26.2% in 2014 [6]

I have heard several witnesses claim that CASL affected the competitiveness of Canadian companies. Yet this is false. CASL is an excellent incentive to adopt best practices in the field and therefore to achieve better results. For almost 15 years Australia’s Spam Act is in force, and yet their economy does not seem to suffer particularly.

Reducing the scope of CASL would encourage Canadian companies to maintain an often outdated marketing approach rather than capitalize on innovation to be more competitive.

Especially since CETA enters into force just as Europe implements GDPR, a new legislation on data protection that seems to be modeled on CASL regarding electronic communications. Encouraging Canadian companies to comply with CASL gives them a leg up on the European market.

The inadequacy of the approach of the CRTC

That brings me to the second point I want to share with you, the inadequate approach of the CRTC. I could spend hours citing to you why the CRTC is failing in its implementation of CASL, but we do not have time, so I’ll just point out the main grievances.

Failure to properly educate Canadian companies

The first relates to communications, a gap that is denounced by Canadian companies according to various surveys done on CASL.

  • Aside from a small advertising campaign on the web and a few very limited presentations in 2014, the CRTC did nothing to educate businesses about CASL’s many rules. Mr. Harroun boasted that they sensitized 1200 companies in its different presentations in Toronto last spring. We should remind him that Canada is a little bigger and that at this rate, it will take a century to educate the millions of Canadian businesses that are still unaware of CASL and its details.
  • The Journal de l’assurance in May invited the CRTC to send a lecturer to Montreal this month to raise awareness amongst 400 companies in the sector during a one-day seminar on the subject. The CRTC declined the invitation in September, and the conference had to be canceled. These companies continue to ignore the rules of CASL and the importance of setting up a compliance program.
  • In May 2014, the CRTC issued a bulletin defining the criteria that a compliance program must adhere to for a company to demonstrate good diligence under Article 33 (1) of the Act should they need to defend themselves. The problem is that this newsletter is lost in the bowels of the CRTC’s website and is known only by a few specialists. There is no reference to the compliance program on fightspam.ca or in CALS’s FAQ. Yet the CRTC says in each of its private conferences that its main objective is to encourage companies to implement such program.

Yet three recent polls have estimated that 80 to 95% of Canadian businesses have no compliance program!

The website dedicated to informing consumers and businesses about anything related to CASL is not only poorly done and incomplete, but it is not even updated. The last notice dated more than a year ago!

The second major flaw of the CRTC relates to the interpretation of CASL and its regulations

In three years, the CRTC’s investigation and enforcement team issued just three interpretive materials while there are still dozens of unclear issues affecting most businesses. And do not try to call them for advice, they will refer you to an agent at the call center that prompts you to make your interpretation in the hopes that the CRTC will have the same interpretation should they investigate you.

Since I founded Certimail 4 years ago, I have been trying to establish contact with the CRTC’s investigation and compliance team: I sent out invitations via LinkedIn, emailed, phoned and left messages for Mr. Harroun’s assistant. I have never had any news until my name was confirmed as a guest witness by the committee this week. And this despite the fact that Mr. Harroun and his team constantly invite companies to contact them for advice on compliance.

And this is not the only double talk from the CRTC on CASL. It’s the same for investigations and fines. While the public discourse is that the CRTC does not want to lure companies to act in good faith and focuses on the offenders who are the most harmful, it is clear that in private conferences, the speech is totally different as demonstrated by the many fines given to companies acting in good faith Rogers, Porter, and even Kellogg’s Canada.

How does the CRTC explain the fact that it reduced to $ 200,000 from $ 1.1 million a fine imposed on Compu-Finder in 2015, an amount identical to that paid by Rogers who made minor errors next to the violations of Compu-Finder?

Recall that Compu-Finder is a company criticized in the media for years for its abusive email practices that illegally collected more than 400,000 email addresses of Canadian companies, which generated a quarter of complaints received by the CRTC to and who refused to collaborate during the investigation.

The third weakness of the CRTC is the volume of investigations

Mr. Harroun unveiled to you that the CRTC had opened 500 files (over 1.1 million complaints!) And completed 30 surveys including eight penalties that were made public in three years. How can we hope that companies feel concerned by CASL at this rate? In fact, companies feel they have more chance of winning the jackpot in the lottery than being investigated for their email practices.

I could go on for hours to present you with such aberrations that are detrimental to CASL’s objectives, but I’m out of time allotted to your questions, but I will be sending you our various recommendations shortly. These suggestions will help to improve the effectiveness of CASL all the while simplifying compliance for businesses.

 

[1] https://marketingland.com/study-email-deliverability-getting-easier-100074

[2] https://digital.returnpath.com/wp-content/uploads/main/2017/08/08104850/2017-Deliverability-Benchmark.pdf

[3] file: /// C: /Users/plr/Downloads/UVL12406USEN.PDF

[4] file: /// C: /Users/plr/Downloads/UVL12406USEN.PDF

[5] file: /// C: /Users/plr/Downloads/UVL12406USEN.PDF

[6] http://blog.inboxmarketer.com/the-state-of-email-marketing-in-canada-2016

 

Horrifying Email Marketing Requests and their Saintly Solutions

Although Halloween is soon upon us, scary email marketing strategies regularly occur throughout the year. Fellow email marketing professionals at MediaPost’s Email Marketing Daily recently published the commentary “Horrifying Email Marketing Requests.” It’s hard to imagine that companies still engage in such nefarious practices. But even our colleagues here at Certimail, are no stranger to similar requests, even with CASL in full force.

Let’s look at each one with regards to CASL and marketing efficiency.

1. Why can’t I spam my clients?

Although businesses may not necessarily say this out-rightly, many still do want to mass-communicate to a single list. If you have consent, it’s not necessarily spamming in the eyes of CASL, but mass email communication is SPAM-like. Simply because such a practice doesn’t take into account the preferences of the receiver; the value for them, the relevancy, the “what’s in it for me?”.

A one-size-fits-all approach can have you looking like a ghoul and will eventually lead to unsubscribes and complaints to the CRTC.

Instead, focus your main content and segment your emails based on customer, client, and contact interest clusters.

(For example, if you are a Vampire blood supply company, you can segment by blood types, antibody types, fresh harvest, aged harvest, etc.)

The BENEFITS of segmentation are plentiful in the short, medium and long-term, they include: higher open rates, higher click-through rates, higher to click-to-purchase rates, lower churn rates, lower unsubscribe rates, etc.

2. But I need to move this product!

Of course, you do! But that doesn’t mean that your entire email list is interested in that particular product. Remember, a one-size-fits-all approach will lead to unsubscribes and complaints to the CRTC.

Smart goblins segment on a combination of the following criteria: past purchases, cart abandonment, and past campaign clicks on the said product.

(For example, if you are a clothing company for monsters, based on past purchases, you don’t want to send emails about Witch outfits to Vampires. If a Vampire has left a velvet cape in her cart but didn’t purchase it, an email out velvet capes to her would be a good idea).

If you want to take it one step further, further segment based on RFM (recency, frequency, and monetary value) matrices. For quick wins, prioritize those high value/income generating segments.

This way you can still email groups of people, but you’ll be more efficient and see better results to your bottom line. Understand that there’s no need to communicate to someone who is not listening. It’s a waste of time and money.

3. We should capture 100 million email addresses.

Whoa OK! Remember that you need to have either EXPRESS or IMPLIED consent for each contact. Each has its conditions and limitations. And records of consent for each contact are required.

It also takes time and money to get those emails, and they won’t be of high quality if you are mass-harvesting them. Additionally, most Email Sendout Providers charge per batch of X number of contacts. So it’s a waste of time and money if you are trying to communicate to someone who is not listening.

Don’t be that fire-breathing hoarding dragon Smaug, instead, focus on smaller clusters, but that are of higher value. When it comes to getting email addresses, your website landing pages are your best sources. Make sure they are properly worded and placed.

Do you want to know if your email marketing program is raking it in like Gringotts? Here’s a quick algorithm to see if it’s performing as well as it should:  1$ spent on email = 38$ in revenue.

If you’re not sure about your email marketing program or have questions and concerns, one of the best places to start is with an email marketing diagnostic. Doing so will identify the problems and solutions to implement.

In the meantime, have a Happy Halloween and try to shelf those scary strategies.

Parliamentary Review of CASL: A Festival of Asinine Discourses

If you believe, like many do, that you still receive a lot of unsolicited messages (i.e., spam) in your inbox, you’re all hallucinating.

At least this is what the Canadian Chamber of Commerce seemed to imply when it told members today, during the second revision session of CASL by the Standing Committee on Industry, Science and Technology, that spam is no longer a problem.

Today’s session consisted of a long series of approximations and erroneous or exaggerated assertions. The discourses, whose similarity might suggest that they are secretly coordinated, all revolved around the same central idea:

Overseeing commercial electronic messages sent from businesses prevents the authorities from dealing with the “bad guys” who threaten IT security. So let’s give companies the opportunity to send all the messages they want to whomever they want because the real problem that the CRTC should be concentrating on are fraudsters.

This type of assertion is asinine: Imagine the CAA calling for the abolition of the driving rules so that the police can devote themselves to the fighting against terrorism.

Let’s look at and analyze the central pearls of this type of reasoning.

Spam is no longer a problem (???)

According to Scott Smith, Director, Intellectual Property and Innovation Policy at The Canadian Chamber of Commerce, spam is no longer a problem for Canadians. This hyperbolic assertion is taken from a report, supplied by anti-spam software vendor Trustwave, which Smith relies upon and states that anti-spam software blocks 99% of spam.

Even if this statement was objective and credible, how then does one explain the over 5,000 complaints that the CRTC continues to receive on a weekly basis, and the 1 million + complaints its registered in the last three years?

Technological illiteracy or misinformation?

The complexity of CASL has been rightly pointed out by speakers, especially when it comes to the various types of “implied consent”.

But to argue, as Mr. Smith did, that there is no technology that exists for businesses to manage consents, or that you have to invest a lot of money to do so, is to misinform and mock the intelligence of the members of the committee.

While not all marketing technology suppliers are up to regulatory compliance standards (a consequence of inadequate educational work on behalf of the CRTC regarding CASL), there are already several solutions available to manage and document different types of consent.

Providers, such as Dialogue Insight, iTracMarketer and Cyberimpact for mass mailings or emailChecker and CASL Cure for individual emails, all offer practical solutions tailored to all sizes of businesses, with costs that go from ten dollars to a few hundred a month.

A plethora of alternative facts

At a time when everyone is concerned about the phenomenon of “fake news” and its impact on society, it is impressive to see the number of “alternative facts” than the lobbyists delivered to the members of Parliament.

For example, Ms. Aïsha Fournier Diallo, Senior Legal Advisor at Desjardins General Insurance Group, daftly stated that CASL prevents her from sending SMSs to VISA Desjardins clients, informing them of their credit limit, or from sending password reset emails to customers.

Even Barry Sookman, senior partner of McCarthy Tétrault and considered a top figure in the field, gave testimony that could cast doubt on his credibility. He stated that CASL had no impact on fraudsters. In fact, because of CASL, the CRTC was able to dismantle an international network of cyber-pirates who sent out malware affecting millions of computers around the world.

He went on to illustrate the excessive nature CASL, by explaining that it prohibits a teenager from offering babysitting services to neighbors or prohibits a person from recommending their dentist to a friend. When deputy Eva Nassif challenged him, he acknowledged the exaggerated nature of his examples.

Me Sookman went on to talk about the perils that CASL causes to Canadians by referring to a National Post article, whereby American television game show Jeopardy had banned Canadian candidates specifically because of CASL. The producers of the show have since denied this fake news and indicated that Canadian candidates were never banned from the show, but that applications were simply suspended to take the time necessary to adapt its form to Canadian regulations.

Mr. Sookman even attempted to persuade the Honourable Maxime Bernier, (who addressed the fact that politicians should be held accountable under CASL) that if CASL applied to politicians, Mr. Bernier would not have been legally allowed to send messages to his list of 65,000 supporters during the Conservative Party’s leadership race. A false assertion because those 65,000 people subscribed to Maxime Bernier’s list to receive those messages.

Ignoring the real problems

What is most damaging in these testimonies and discourses, intended to represent the interests of businesses, is that the real issues and problems are ignored.

CASL and its enforcement by the CRTC pose real problems for SMBs, but at the same time, it’s an opportunity for businesses to improve their digital communications. Among these problems are:

  • The restrictive interpretation of rules by the CRTC
  • The numerous frequent situations still missing guidance from CRTC
  • The lack of clarity in the definition of commercial electronic messages
  • The challenge of documenting verbal consents
  • The lack of data on the volume of spam and its evolution
  • The lack of collaboration with Internet service providers
  • Etc.

We need a marketer in the room!

Having listened to the testimonies and debates of this session many times over, I’ve come to two conclusions:

1) Speakers, unfortunately, spent most of their time showing bad faith by demonizing CASL instead of using it to expose the real issues that affect businesses, so that members of Parliament can put in place solutions.

2) Entrusting the defense of digital and email marketing to lobbyists and lawyers who have no expertise in the field of email marketing is not the best way to improve CASL’s areas of contention, nor does it benefit companies, in particular, SMEs.

It’s time to start thinking about this law in terms of clear rules that make sense from a variety of angles and perspectives.

CASL’s first Parliamentary Review Session

The House of Commons Standing Committee on Industry, Science and Technology began yesterday their review of the Canadian Anti-Spam Law. The CRTC launched the presentation by addressing those key areas that are of concern to Parliamentary deputies. Little news has been made available to the public, but we’ve been on the watch and below you’ll find highlights from the review.

A questionable discretion

Considering that this law is the one that generates the most complaints from consumers, that it has been decried and actively challenged for years by lobbyists since its adoption seven years ago, it’s surprising that this review process was not publicly announced.

In fact, the only place where information has been disclosed is on the Committee’s agenda, which is generally followed only by professional lobbyists. However, given the importance of this legislation, and how much it affects ALL Canadian businesses, it was expected that this process would have been publicly announced, at least to those organizations concerned, to allow them to prepare for the Committee’s reflection.

One has to wonder what’s with all the discretion.

Department officials’ and the CRTC’s opening remarks

The first session was devoted to the hearing of department officials:

  • Mark Schaan, Director General, Marketplace Framework Policy Branch, Innovation, Science, and Economic Development Canada
  • Charles Taillefer, Director of Digital Transformation Service Sector in the Privacy and Data Protection Policy Branch, for Innovation, Science, and Economic Development Canada

Followed by CRTC officials:

In his address, Mr. Schaan gave a brief history of the law. He affirmed the law’s effectiveness and went on to say that spam has been reduced by more than one-third in Canada, explaining the importance of this legislation for the development of e-business in Canada.

The floor was then given to the CRTC. In his speech, Mr. Harroun cited the various enforcement mechanisms used to apply CASL, ranging from warning letters to administrative monetary penalties, to notices of violation and commitments.

He then highlighted the CRTC’s public education and awareness efforts, in particular for businesses, indicating that a total of 6 conferences were held in Toronto last May that reached 1,200 companies. One deputy member reminded him that Canada was not limited to Toronto. Finally, he explained the work done by the CRTC at the international level to develop collaborative agreements with the authorities of several other countries.

Requests for information are evolving

In response to the Committee’s first question, Mr. Harroun argued that requests for information received by the CRTC from businesses are increasingly about the development of compliance programs. While in 2014, the questions were more about the concept of consent and unsubscribe links. He then went on to stress the effectiveness of the various penalties that the CRTC can impose on companies.

The Private Right of Action

On June 7th, Minister Bains announced that he was temporarily suspending the private right of action (PRA), which was to begin on July 1, 2017, pending parliamentary scrutiny of CASL. It was therefore normal that the implementation of this right of appeal was the subject of several questions by members of the Committee.

These questions allowed Mr. Schaan to explain why the department had decided to suspend the PRA.

In particular, he explained that the main reasons are the risk of multiplying costly class action suits and the fact that there are still many gray areas concerning CASL compliance.

The CRTC, for its part, insisted that the PRA is an important enforcement tool and that similar measures are already present in the legislation of several countries, in particular, the United States, Australia, and the United Kingdom.

Already more than 1.1 million registered complaints

Mr. Barrat indicated that the CRTC has already registered more than 1.1 million complaints in its spam reporting center, which is the primary source used for investigations. And that complaints continue to enter at a rate of 5,000 per week. He also noted that complaints result from the activities of all industrial sectors and all sizes of businesses including the not-for-profit sector.

CASL is effective

As the committee continued, Mr. Schaan demonstrated the effectiveness of CASL by citing various independent reports. He referred to a US report showing that one year after the Act came into force, the number of emails received by Canadians decreased by 29%, and the volume of spam from Canada fell by 37%. He also cited a study done by Ipsos on behalf of CIRA showing that by October 2014, 62% of Canadians were aware of CASL and believe in its effectiveness. In fact, 84% of them had already taken advantage of it to reduce the volume of commercial messages they received. For their part, 49% of companies felt that the Canadian Anti-Spam Act Law had no impact on their marketing, 23% felt that the impact was minimal and 27% said they had a significant impact.

Mr. Schaan pointed out that Canada was one of the top 5 countries for generating spam. But since the passing of the bill, Canada is not even in the top 10.

The RCMP called in for collaboration

In a question on the means used to manage the international dimension of spam arriving in Canada, the CRTC explained that cooperation and agreements with authorities in other countries were increasing and that there was no particular difficulty at this level. However, he stressed that he doesn’t receive similar collaboration locally, particularly with the RCMP. He indicated help from them would be beneficial in enforcing CASL.

More than 30 completed investigations

The CRTC indicated that during the grace period it completed more than 30 investigations, of which only six have been made public to date. All other investigations are still in the process of negotiating commitments with collaborating companies. Some of the complaints received at the spam notification center are shared with the RCMP for criminal investigations to be conducted.

CASL as a benchmark

Witnesses indicated that the notion of consent as defined in the Canadian Anti-Spam Law is the benchmark for the ongoing revision of the Personal Information Protection and Electronic Documents Act currently being conducted by the Privacy Commissioner.

Meanwhile, MPs have made many parallels between the rules of CASL and that of the National Do Not Call List’s Rules, which is enforced by the same CRTC’s team and generates more than one hundred investigations per year for half the number of complaints received under CASL.

The CRTC is unable to provide numbers

A curious fact to note is that with each question relating to numbers and complaints or investigations, the CRTC was unable to answer. This was also the case when asked about the industrial sectors that generated the most complaints, the number of investigations and fines, and the types of complaints received.

When the Honourable Maxime Bernier inquired about the financial impact on businesses of becoming compliant, the CRTC was still unable to provide even estimates.

—–

You can listen to the full recording of the exchanges on the committee’s website until the transcription is published. Until then, we are currently taking steps to obtain the dates and participants of the next sessions, as well as to take part in the debates to present the point of view based on the dozens of SMBs in Quebec that we have already helped to implement CASL compliance programs.

 

CASL: What’s changed since July 1st?

After three long years, the grace period has ended, and companies must have established and implemented a compliance program. Businesses can no longer defend themselves by explaining that they weren’t aware of all the criteria necessary to be compliant.

From now on, to whom can you send messages to?

 

From now on, you may only send electronic business messages to:

  • persons who have given explicit consent,
  • clients who have made at least one transaction in the last two years,
  • individuals who have requested, within the last six months, to receive business information.

ATT: For all other contacts, you can no longer send them communications. This includes sending a consent request. The CRTC was very clear on this subject: an email requesting consent is a commercial electronic message and can not be sent without prior consent! 

What to do about leased or purchased lists?

The CRTC argued that when you obtain lists from a third party, you must verify that your supplier has obtained the appropriate consent for each contact. This includes consent for the type of communication (medium & content) one can send to an individual.

The CRTC clarified that in order to discharge your liability you must demonstrate that you’ve taken action to verify the legality of the consents obtained by your supplier. Otherwise, or if the CRTC deems that your actions are insufficient, you will be held responsible.

This practice also applies to directories. Before using the information from a repertory, you must verify that you have the right to do so and that the publisher of the directory obtained the proper consents. Otherwise, you will be held responsible.

Can agencies, ESPs and CRM suppliers be held responsible?

The CRTC has explained, in reference to the responsibility of agencies and technology platforms, that if the suppliers are involved in the content of the message, they may be held jointly liable for violations of Canada’s Anti-Spam Legislation.

For example, this applies to agencies that write copy and design emails (and other electronic messages) for their clients, as well as ESPs and CRMs that offer dynamic content customization or dynamic segmentation.

We’ll be consulting with our partner lawyers shortly for more information. Stay tuned for a detailed article on this subject.

Polls & Surveys

With regards to emails inviting individuals to participate in a poll, if the survey is just a study, it does not fall within the definition of a commercial electronic message and therefore does not require prior consent.

However, if the poll or survey refers to a product or promotes it, even subtly, it must meet all the requirements of CASL.

A good rule of thumb is to ask yourself if the individual who completes the survey can guess the name of the company or brand. If so, your survey is likely to be in violation of the law.

SMS and MMS messages

Although there are less commercial text messages sent in Canada than in other countries, consumer complaints about them are on the rise and these messages are in the CRTC’s viewfinder.

The CRTC explained that if companies send text messages for commercial (not necessarily promotional) purposes, or plan to do so, they must ensure that their compliance program covers these types of messages.

ATT: If a person is not on the National Do Not Call List (NDNCL), this does not mean you have consent to send them text messages.

Whereas the NDNCL uses an opt-out procedure (a person has to contact them to be removed from their list), Canada’s Anti-Spam Law uses an opt-in principle (individuals must give you permission to be contacted).

Transactional messages

The CRTC has clarified that transactional messages such as the confirmation of a transaction, change of password, scheduled alert, etc.) are not considered a commercial electronic message, as long as it does not contain a commercial offer. Also, transactional messages can be sent even if the person has withdrawn their consent.

However, the CRTC has made it clear that these transactional messages must comply with all the provisions of CASL, including those articles referring to “mandatory information” and “unsubscribe mechanisms”.

Brands and parent companies

When the CRTC discussed this point during an IAB presentation, the crowd told them they were crazy. Take note: Any withdrawal of consent applies to the whole company by default (affiliates and parent companies included), and not the just the brand or business indicated in the unsubscribe form.

Let’s take Loblaws and Shopper’s Drug Mart as an example: if a consumer unsubscribes from the Loblaws supermarket newsletter, consent is automatically withdrawn from the entire company and not just from supermarket communications. If the consumer was subscribed to the Shopper’s Drug Mart newsletter at the time when they withdrew their consent to Loblaws, under the law, they should no longer receive Shopper’s Drug Mart newsletters.

The only way to manage this situation legally is to propose an unsubscribe form in which the consumer can choose the brands from which he or she wishes to remain subscribed to.

When the CRTC was told that this was a bit crazy, their response was “We don’t know how you operate, guys! So come and talk to us so that we can understand you better”.

In conclusion, the law is tricky. For those not who are not vigilant or proactive, they will eventually be heavily fined and required to complete their compliance program.

The solutions and compliance programs offered by Certimail, built in collaboration with researchers from the Faculty of Law at Université de Montréal, meet the new requirements of the CRTC.

If you already have a program set up by us, you have nothing to change. You’re covered.

If you don’t have a compliance program, our experts are at your disposal to assess your situation and can offer you an efficient and inexpensive program that meets the CRTC’s requirements.

 

CASL: First Fine To A Corporate Executive

The CRTC announced that Ghassan Halazon has paid, as an individual, a fine of $10,000 to relieve himself of his responsibilities as CEO, in violations of the Canadian Anti-Spam Law (CASL) committed by the company he ran at the time. This is the first time a corporate executive has been fined, and there are several lessons to be learned.

Enforcement of CASL is toughening up

Several observers misinterpreted the government’s decision to postpone the right to civil and collective redress at the end of 2017, as a sign of easing of the application of CASL. This is not the situation and Halazon’s case demonstrates this.

The CRTC has always stated that the three transitory years that companies had to implement their compliance program was sufficient and that those who have not yet done so have no excuse. In fact, Steven Harroun, the CRTC’s Chief Compliance & Enforcement Officer, said at a recent conference:

Commercial electronic messages are the primary source of what prompts Canadians to report cases that require follow-up investigation — commercial email messages that you or your organisation may be responsible for sending. Email messages account for more than three-quarters of incidents reported to us.

(…) 

Every business should have a compliance program in place to help ensure each commercial message or telemarketing call is compliant. If your practices are ever called into question, a thorough compliance program can help you in a due diligence defence.

(…)

But let me be clear, CASL and Unsolicited Telemarketing Rules are not new. And ignorance is not a defence.

Look at it this way—if I do a U-turn on the 401 and my defence to the police officer who pulls me over is that I did not know I couldn’t make a U-turn, I’m still getting the ticket.

The same applies if violations under these laws have been determined. There will be consequences, which could include administrative monetary penalties and the obligation to implement compliance programs. At best. And, at worst, public shaming that will keep your public relations department busy for a long time.

The message is clear, very quickly, several penalties a year will jump to several fines per month, as was the case with the National DNCL, another organisation regulated by the CRTC.

Why was Mr. Halazon fined?

In 2009, Mr. Halazon founded Cough Commerce, the company that launched TeamBuy.ca in 2010 and bought Dealfind.ca in 2013. Unfortunately, the merger wasn’t successful, and the company had to file for bankruptcy protection on August 29, 2014. Halazon’s business was then bought on September 24, 2014, by nCrowd, an American company specialising in bundle purchases.

Nevertheless, according to the CRTC, between July 2 and September 9, 2014, TeamBuy violated CASL, by sending several emails with a withdrawal mechanism that was not functioning well or was too complicated. Ghassan Halazon being at the time CEO of the company was found personally responsible under section 31 of the Act, which states that:

Directors, officers, etc., of corporations

31 An officer, director, agent or mandatary of a corporation that commits a violation is liable for the violation if they directed, authorised, assented to, acquiesced in or participated in the commission of the violation, whether or not the corporation is proceeded against.

C-level, directors, managers, administrators are all personally liable

Section 31, on which Halazon’s fine is based, is one of the many provisions of CASL that few people know about nor is it discussed by the media. It’s unfortunate, because corporate protection under this section is removed, and thus makes individuals such as directors, managers, administrators, etc. personally responsible for CASL violations.

The CRTC’s Chief Compliance and Enforcement Officer has made this clear in a recent statement:

Receipt of commercial emails is the primary source of complaints from Canadians who report cases requiring follow-up investigations, and you or your organisation may be held responsible for sending these commercial emails. 

The CRTC’s adamant actions…

Canada’s Anti-Spam Legislation came into force on July 1, 2014, and TeamBuy went bankrupt two months later. Yet, the CRTC investigated this case, for almost three years, for emails sent over a very short period. This unyielding behaviour runs counter to much of the CRTC’s reassuring PR speeches. What their actions do seem to mean is that:

  • That the notion of transition period is not taken into consideration and that the CRTC expects companies to have been compliant since July 2, 2014,
  • Their enforcement is not solely for the goal of compliance, but for punishment,
  • Everyone, at any time, past or present, is at risk of being fined.

Another surprising move by the CRTC

It is also surprising to note that while the case file was concluded on June 12, 2017, the CRTC waited until Friday afternoon to publish this news on its website, and this without issuing a press release − an approach often used in politics to make sure journalists don’t talk about it. 

Are you insured?

More and more organisations are now taking out liability insurances, commonly referred to as an Errors & Omissions insurance (E&O) to protect their employees. A common practice with NGOs to protect volunteers, but that is now becoming more standard practice for private businesses, in light of CASL.

N.B.: Savvy insurance companies are starting to exclude CASL from their policies if the company can not demonstrate that it has implemented a complete compliance program.

In conclusion

Each decision made and conference given by the CRTC sheds a little more light on their approach regarding investigations and fines. Regardless, the words of the CRTC’s Chief Compliance and Enforcement Officer must be taken seriously:

Each company should have a compliance program to help ensure that every commercial or telemarketing message is compliant. If your practices are challenged one day, a comprehensive compliance program can help you establish a due diligence defence.

Now then, considering that the emails you, your company and your employees sent, or send today can haunt you in the future, it’s more important than ever to protect yourself and to implement a compliance program. Speak with one of our experts for free.

 

CASL Compliance: How badly informed are Canadian and QC firms?

Seven years after its approval by Parliament and three years after it came into force, a Canada-wide survey shows that businesses, small and large, are still confused about CASL compliance, the types of messages it regulates, and the means to protect oneself from fines and lawsuits.

Canadian companies

The study, which was conducted recently by the Direct Marketing Association of Canada (DMAC) and law firm Fasken Martineau DuMoulin LLP, surveyed over 200 individuals directly responsible for CASL compliance of their organisation. Here are some of the highlights from the study:

  • 64% didn’t understand how to make their message CASL compliant beyond consent and an unsubscribe link
  • 46% were unaware that an organisation could be ordered to pay damages
  • 40% of them didn’t know that they can be held personally liable
  • 64% stated that their organisation did not (or didn’t know if their organisation had) a formal compliance policy
  • 63% believed that employees and staff don’t require CASL compliance training
  • 60% indicated that their company never performed a compliance audit

This is quite disconcerting, especially considering that the last 3 points are items required by the CRTC, to be able to defend oneself, should you face an investigation or prosecution.

No better for Quebec SMBs

Although this study was conducted amongst medium to large business in English Canada, a similar study was just recently published surveying Quebec SMBs.

  • Less than 5% of Quebec SMBs comply with CASL
  • More than 75% were unaware that companies could be fined, even if they have explicit consent
  • Only 35% knew that from July 1st, 2017 onwards, companies will be subject to civil or collective redress
  • 40% were surprised to learn that SMBs, as well as individuals, can face the same charges as large companies
  • 38% didn’t know that many QC companies have already been investigated and received fines
  • 1 out of 4 were unaware that CASL regulates individual emails, as well as text and social media messages

The CRTC’s shortcomings

Although the CRTC enforces CASL, informing and educating businesses is their greatest shortcoming. An article exists to help companies defend themselves, but it must meet the CRTC’s eight required categories. However, finding these requirements on an official website is very difficult.

The regulatory body does give presentations, but for the moment, it is almost exclusively to large law firms in Toronto. Unfortunately, 97% of Canadian companies are small businesses that can’t afford to do business with these big firms.

What can you do for yourself?

Canadian law states that “no one is supposed to ignore the law“.

A compliance program is also the only way to protect you and your business, and your employees, from tens or even hundreds of thousands of dollars in fines and legal fees.

So what do you do? You don’t want to stop your email marketing activities because it’s the top digital performer when it comes to ROI. We’ve done the calculations and penny for penny, all things considered, even a small investment in a compliance program is better than no investment at all.

 

 

CASL: The 6 most common mistakes you weren’t aware of

Most companies believe that they already comply with CASL. But, of the majority of businesses we’ve met, they are in fact, not compliant, simply because they aren’t aware of the complexities and details of this law. Unfortunately, this ignorance is already costing companies and employees, heavily.

Of the approximately 100 compliance rules and items we validate for our clients, we’ve identified the 6 most common mistakes and how to resolve them. Check and see if your company’s compliance level is what you believe it to be.

N.B.: This is not a substitute for a compliance program as required by the CRTC, but is an easy way to assess whether your business is as compliant as you think it is. A full compliance program, which meets the CRTC’s eight required categories, is the only way to truly protect yourself from costly penalties and prosecution. Section 33 (1) of the Act states that “No person shall be held liable for a violation if they prove that they have taken all reasonable precautions to prevent its commission”.

Mistake #1: No unsubscribe mechanism in individual emails

While most companies ensure that they have an unsubscribe link in their newsletters, there is very little compliance with this requirement for their individual emails.

Simply put, CASL makes no distinction between a promotional newsletter sent to thousands of people and an email sent from one employee to another person. In both cases, these are “commercial electronic messages”, and the Act requires that each message includes mandatory information and a mechanism for unsubscribing.

Solution:

Make sure that your business email signatures and all of your employees’ email signatures include a statement indicating how one can withdrawal from your business’ communications.

For example:

If you receive an email from an employee at Deloitte Canada, you’ll note that their signatures always include the following statement: “If you do not wish to receive future Deloitte business emails, please send this email to ‘[email protected]‘. Similarly, at Certimail, my colleagues and I consistently include in our email signatures the following sentence, “If you no longer wish to receive commercial messages from Certimail, please indicate this by replying to this message”. Voilà. It’s as simple as that.

Mistake #2: Misworded newsletter sign-up forms

As per Canada’s Anti-Spam Legislation, the concept of consent is not equivocal; it is explicit. That is to say, the wording of consent given determines what one has the right to send and receive.

This means then if your subscription form refers to newsletters, consent, therefore, applies to newsletters and no other type of commercial email or communication. For example, this means that one or a series of emails from sales (news about promos, blog articles, “I think you might find this useful”, etc.) are in violation of the law, and risk fines.

Solution:
Check the wording on ALL your consent forms, so that they don’t limit your electronic communications, by using broader text, as illustrated in the example below.

For example:

On the left, taken from our website, consent is requested for advice and promotions for all electronic communications (see the form for yourself, and don’t be shy to sign up to stay informed of the law). On the right, consent is limited to newsletters, forcing a company to request permission again for other types of electronic messages.

Good and bad newsletter sign-ups

Good and bad newsletter sign-ups

Mistake #3: Records of ALL email communications are not kept

Many SMBs typically erase emails from their inboxes as soon as the content is no longer needed, useful, or relevant. People typically do this to free their attention span, and consequently, disk space.

Such a practice is dangerous under the Canada’s Anti-Spam Legislation. The CRTC requires that businesses retain the text of all their commercial emails should an investigation arise. Without these records, you have no way of defending yourself.

Solution:
Implement an email protocol to automatically archive messages on a server (IMAP or Exchange) or manually archive messages to folders instead of deleting them.

Mistake #4: Proof and records of consent are not kept

When under investigation by the CRTC, many SMBs justify themselves with the following: “We only send our newsletters to those who have registered on our website“.

In a notice published in July 2016, the CRTC states that a company claiming to have obtained consent for the sending of a commercial electronic message must provide proof of that consent and must retain all evidence of such consent (such as, but not limited to, completed forms, audio recordings, etc.).

Most US platforms such as MailChimp, Campaign Monitor, SalesForce, etc. don’t keep records of consent.

When a person, who once gave you consent in the past, makes changes to his or her profile, that new information replaces the original data. In the event of an investigation, you will not be able to provide proof that you once had that individual’s consent.

Solution 1:

Consider using a Canadian ESP, such as Cyberimpact or Cakemail. They are optimised for CASL and automatically archive and keep records of consent.

Solution 2:

Archive all your data by implementing an automatic or manual daily export of all the information and activity regarding your sendout lists. 

Mistake #5: Copies of forms and their version histories are not kept

Some SMBs do their due diligence and retain consent data provided through form submissions, such as the date, time and IP address of the user. Unfortunately, this information is not enough to prove consent.

Remember, consent must be explicit and not equivocal. You must, therefore, be able to provide proof that the information displayed on the form, that the user completed, was explicit. Considering the investigation process, if and when the CRTC contacts you, the chances are strong that your website has undergone a redesign or changes, and a form from a year ago is not the same as it is today.

Solution 1:

Consider using a Canadian ESP, one that automatically archives copies of forms.

Solution 2:
Take a screen shot with a time stamp of each of your consent forms every time you change or update your website or forms.

Mistake #6: No written compliance policy

While you may take all necessary measures to comply, you are never entirely immune to the error of an employee, subcontractor or technical problem that may put you in a violation of the law.

Fortunately, section 33.1 of Canada’s Anti-Spam Law provides some support and “defence” for businesses that have demonstrated good governance; though only if you have taken all the necessary measures to be compliant. The CRTC has stated that these measures must include a formal compliance program that meets eight specific requirements. One of these requirements is to have a written compliance policy that employees know and respect. Failure to do so will result in disciplinary action.

Solution:
Write your CASL policy following a full risk audit and analysis, and make sure your employees understand and apply it.

Running a business without having a written CASL policy like riding a motorcycle without a helmet: “It’s safe as long as there’s no accident”

What’s your score?

If you’re already aware of and make none of these mistakes, then bravo! You are one of the very few companies that do their due diligence. But there are over 100 rules to respect, so formalising your compliance program should be quick and inexpensive if you haven’t already done so. It would be a shame to be so savvy, yet fined for one of the 100 rules and regulations.

If you’ve found that some of these 6 mistakes apply to your business, it’s proof that you’re not compliant. July 1st has passed, and fines and class actions are multiplying. There are over 100 rules to respect, so now is the time to set up your compliance program to protect yourself, your employees, and your business.

We’re here to assess your situation, and to provide you with an inexpensive yet highly effective way, to set up a compliance program, which meets the CRTC’s requirements.

We know and understand that businesses don’t always have the cash or want to make the time to set up a program immediately, but our solutions are specially adapted to the reality of independent workers, small businesses to medium ones.

 

IMPORTANT: CASL is NOT just an anti-spam law!

Combining the term “CASL” along with “Anti-Spam” when talking about email marketing, has created significant confusion affecting many businesses and organisations.

In practice, true anti-spam legislation would only affect activities considered spam (i.e., mass mailings of promotional content). CASL regulates, not just mass mailings but ANY electronic message sent in a commercial context, regardless of the number of recipients and the presence, or absence, of promotional content.

CASL’s official definition

“CASL” is not another term to represent “anti-spam. The Canadian Anti-Spam Legislation is defined as follows: “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act” (S.C. 2010, c. 23).

This definition explains that the purpose of the Act is to promote the development of e-businesses in a context of consumer confidence.

The act as defined automatically amends and modifies four important pieces of legislation − 1) the Canadian Radio-television and Telecommunications Commission Act, 2) the Competition Act, 3) the Personal Information Protection and Electronic Documents Act and 4) the Telecommunications Act.

CASL governs ALL your business emails

Since the act’s passing, studies have shown that Canadians are receiving less spam. In addition, because of renewed consumer confidence, open and click-through rates are on the rise again.

Unfortunately, though, too many companies have, wrongly, reduced their email marketing activities to avoid fines and prosecution. Even if you don’t send any newsletters or email promotions, you are still at risk of violating the Act and can face fines or even a lawsuit. This is because CASL applies to, and is in place to regulate, ALL electronic messages sent in a commercial context, not just promotional emails. This includes single emails that employees send throughout the day to potential clients, partners, and associates. As well as, newsletters, text messages, social media messages, etc.

Often when we discuss CASL with business owners or marketers, they’ll spontaneously list the steps they’ve taken to make their newsletters compliant. One has set up a subscription form; another uses an email platform to have an automatic “unsubscribe” link at the bottom of their newsletters. But when we ask them what they’ve done, so that the commercial emails that their employees send throughout the day are also compliant, they are confused and have no answers. Unless you are an NGO or political party, you can assume that 99% of all the messages that are sent by your business and employees are regulated by CASL.

One hundred rules that each message must respect

There are in fact 100 rules that ALL electronic messages (email, newsletters, text and social media messages, etc.) must comply with. Items include prior consent, the message’s content, sender identification, withdrawal mechanism rather than its presentation, etc.

For example, some companies are aware that their individual emails must also comply with CASL. However, they only think about consent requirements and completely forget, or are simply not aware, that these emails also require a withdrawal mechanism (ex.: “If you do not want to receive commercial messages from our company, please let us know by replying to this message“). If such a withdrawal mechanism is not indicated and included, then your emails violate the act.

Canada’s Anti-Spam Legislation is so complicated, and at times vague, that it’s almost impossible to be totally compliant. However, if you follow rigorous steps to be compliant and set-up a program, you will most likely avoid fines and prosecution. Consider it like a protection program or a license to communicate electronically.

How to protect yourself against fines and trials

Given the complexity of the Act, Parliament has provided a defence to protect honest businesses if they’ve done their due diligence.

Section 33 (1) of the Act states that No person shall be held liable for a violation if they prove that they have taken all reasonable precautions to prevent its commission”.

This implies that if a company can demonstrate that it has taken the appropriate actions to comply with the Act, they can not receive a fine or be convicted in a trial if the company or employees accidentally violate the Act.

ATTENTION THOUGH: The CRTC has defined that “proper precautions” means putting in place a documented compliance program that meets eight required categories.

Such a compliance program involves verifying the company’s practices and then implementing a written policy and ensuring that all employees respect it on a daily basis in their electronic communications.

The advantage is that as long as the company is in good faith and enforces its policy and compliance mechanisms, this program becomes a license that protects it from fines and lawsuits if ever it accidentally violates the Act.

Now that July 1st, 2017 has passed, the only way to protect yourself from CASL is to quickly implement a compliance program that meets the CRTC’s eight required categories.