Combining the term “CASL” along with “Anti-Spam” when talking about email marketing, has created significant confusion affecting many businesses and organisations.
In practice, true anti-spam legislation would only affect activities considered spam (i.e., mass mailings of promotional content). CASL regulates, not just mass mailings but ANY electronic message sent in a commercial context, regardless of the number of recipients and the presence, or absence, of promotional content.
CASL’s official definition
“CASL” is not another term to represent “anti-spam”. The Canadian Anti-Spam Legislation is defined as follows: “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act” (S.C. 2010, c. 23).
This definition explains that the purpose of the Act is to promote the development of e-businesses in a context of consumer confidence.
The act as defined automatically amends and modifies four important pieces of legislation − 1) the Canadian Radio-television and Telecommunications Commission Act, 2) the Competition Act, 3) the Personal Information Protection and Electronic Documents Act and 4) the Telecommunications Act.
CASL governs ALL your business emails
Since the act’s passing, studies have shown that Canadians are receiving less spam. In addition, because of renewed consumer confidence, open and click-through rates are on the rise again.
Unfortunately, though, too many companies have, wrongly, reduced their email marketing activities to avoid fines and prosecution. Even if you don’t send any newsletters or email promotions, you are still at risk of violating the Act and can face fines or even a lawsuit. This is because CASL applies to, and is in place to regulate, ALL electronic messages sent in a commercial context, not just promotional emails. This includes single emails that employees send throughout the day to potential clients, partners, and associates. As well as, newsletters, text messages, social media messages, etc.
Often when we discuss CASL with business owners or marketers, they’ll spontaneously list the steps they’ve taken to make their newsletters compliant. One has set up a subscription form; another uses an email platform to have an automatic “unsubscribe” link at the bottom of their newsletters. But when we ask them what they’ve done, so that the commercial emails that their employees send throughout the day are also compliant, they are confused and have no answers. Unless you are an NGO or political party, you can assume that 99% of all the messages that are sent by your business and employees are regulated by CASL.
One hundred rules that each message must respect
There are in fact 100 rules that ALL electronic messages (email, newsletters, text and social media messages, etc.) must comply with. Items include prior consent, the message’s content, sender identification, withdrawal mechanism rather than its presentation, etc.
For example, some companies are aware that their individual emails must also comply with CASL. However, they only think about consent requirements and completely forget, or are simply not aware, that these emails also require a withdrawal mechanism (ex.: “If you do not want to receive commercial messages from our company, please let us know by replying to this message“). If such a withdrawal mechanism is not indicated and included, then your emails violate the act.
Canada’s Anti-Spam Legislation is so complicated, and at times vague, that it’s almost impossible to be totally compliant. However, if you follow rigorous steps to be compliant and set-up a program, you will most likely avoid fines and prosecution. Consider it like a protection program or a license to communicate electronically.
How to protect yourself against fines and trials
Given the complexity of the Act, Parliament has provided a defence to protect honest businesses if they’ve done their due diligence.
Section 33 (1) of the Act states that “No person shall be held liable for a violation if they prove that they have taken all reasonable precautions to prevent its commission”.
This implies that if a company can demonstrate that it has taken the appropriate actions to comply with the Act, they can not receive a fine or be convicted in a trial if the company or employees accidentally violate the Act.
ATTENTION THOUGH: The CRTC has defined that “proper precautions” means putting in place a documented compliance program that meets eight required categories.
Such a compliance program involves verifying the company’s practices and then implementing a written policy and ensuring that all employees respect it on a daily basis in their electronic communications.
The advantage is that as long as the company is in good faith and enforces its policy and compliance mechanisms, this program becomes a license that protects it from fines and lawsuits if ever it accidentally violates the Act.
Now that July 1st, 2017 has passed, the only way to protect yourself from CASL is to quickly implement a compliance program that meets the CRTC’s eight required categories.