Posts

CASL: What’s changed since July 1st?

/0 Comments/in , /by

After three long years, the grace period has ended, and companies must have established and implemented a compliance program. Businesses can no longer defend themselves by explaining that they weren’t aware of all the criteria necessary to be compliant.

From now on, to whom can you send messages to?

 

From now on, you may only send electronic business messages to:

  • persons who have given explicit consent,
  • clients who have made at least one transaction in the last two years,
  • individuals who have requested, within the last six months, to receive business information.

ATT: For all other contacts, you can no longer send them communications. This includes sending a consent request. The CRTC was very clear on this subject: an email requesting consent is a commercial electronic message and can not be sent without prior consent! 

What to do about leased or purchased lists?

The CRTC argued that when you obtain lists from a third party, you must verify that your supplier has obtained the appropriate consent for each contact. This includes consent for the type of communication (medium & content) one can send to an individual.

The CRTC clarified that in order to discharge your liability you must demonstrate that you’ve taken action to verify the legality of the consents obtained by your supplier. Otherwise, or if the CRTC deems that your actions are insufficient, you will be held responsible.

This practice also applies to directories. Before using the information from a repertory, you must verify that you have the right to do so and that the publisher of the directory obtained the proper consents. Otherwise, you will be held responsible.

Can agencies, ESPs and CRM suppliers be held responsible?

The CRTC has explained, in reference to the responsibility of agencies and technology platforms, that if the suppliers are involved in the content of the message, they may be held jointly liable for violations of Canada’s Anti-Spam Legislation.

For example, this applies to agencies that write copy and design emails (and other electronic messages) for their clients, as well as ESPs and CRMs that offer dynamic content customization or dynamic segmentation.

We’ll be consulting with our partner lawyers shortly for more information. Stay tuned for a detailed article on this subject.

Polls & Surveys

With regards to emails inviting individuals to participate in a poll, if the survey is just a study, it does not fall within the definition of a commercial electronic message and therefore does not require prior consent.

However, if the poll or survey refers to a product or promotes it, even subtly, it must meet all the requirements of CASL.

A good rule of thumb is to ask yourself if the individual who completes the survey can guess the name of the company or brand. If so, your survey is likely to be in violation of the law.

SMS and MMS messages

Although there are less commercial text messages sent in Canada than in other countries, consumer complaints about them are on the rise and these messages are in the CRTC’s viewfinder.

The CRTC explained that if companies send text messages for commercial (not necessarily promotional) purposes, or plan to do so, they must ensure that their compliance program covers these types of messages.

ATT: If a person is not on the National Do Not Call List (NDNCL), this does not mean you have consent to send them text messages.

Whereas the NDNCL uses an opt-out procedure (a person has to contact them to be removed from their list), Canada’s Anti-Spam Law uses an opt-in principle (individuals must give you permission to be contacted).

Transactional messages

The CRTC has clarified that transactional messages such as the confirmation of a transaction, change of password, scheduled alert, etc.) are not considered a commercial electronic message, as long as it does not contain a commercial offer. Also, transactional messages can be sent even if the person has withdrawn their consent.

However, the CRTC has made it clear that these transactional messages must comply with all the provisions of CASL, including those articles referring to “mandatory information” and “unsubscribe mechanisms”.

Brands and parent companies

When the CRTC discussed this point during an IAB presentation, the crowd told them they were crazy. Take note: Any withdrawal of consent applies to the whole company by default (affiliates and parent companies included), and not the just the brand or business indicated in the unsubscribe form.

Let’s take Loblaws and Shopper’s Drug Mart as an example: if a consumer unsubscribes from the Loblaws supermarket newsletter, consent is automatically withdrawn from the entire company and not just from supermarket communications. If the consumer was subscribed to the Shopper’s Drug Mart newsletter at the time when they withdrew their consent to Loblaws, under the law, they should no longer receive Shopper’s Drug Mart newsletters.

The only way to manage this situation legally is to propose an unsubscribe form in which the consumer can choose the brands from which he or she wishes to remain subscribed to.

When the CRTC was told that this was a bit crazy, their response was “We don’t know how you operate, guys! So come and talk to us so that we can understand you better”.

In conclusion, the law is tricky. For those not who are not vigilant or proactive, they will eventually be heavily fined and required to complete their compliance program.

The solutions and compliance programs offered by Certimail, built in collaboration with researchers from the Faculty of Law at Université de Montréal, meet the new requirements of the CRTC.

If you already have a program set up by us, you have nothing to change. You’re covered.

If you don’t have a compliance program, our experts are at your disposal to assess your situation and can offer you an efficient and inexpensive program that meets the CRTC’s requirements.

 

CASL Compliance: How badly informed are Canadian and QC firms?

/0 Comments/in , /by

Seven years after its approval by Parliament and three years after it came into force, a Canada-wide survey shows that businesses, small and large, are still confused about CASL compliance, the types of messages it regulates, and the means to protect oneself from fines and lawsuits.

Canadian companies

The study, which was conducted recently by the Direct Marketing Association of Canada (DMAC) and law firm Fasken Martineau DuMoulin LLP, surveyed over 200 individuals directly responsible for CASL compliance of their organisation. Here are some of the highlights from the study:

  • 64% didn’t understand how to make their message CASL compliant beyond consent and an unsubscribe link
  • 46% were unaware that an organisation could be ordered to pay damages
  • 40% of them didn’t know that they can be held personally liable
  • 64% stated that their organisation did not (or didn’t know if their organisation had) a formal compliance policy
  • 63% believed that employees and staff don’t require CASL compliance training
  • 60% indicated that their company never performed a compliance audit

This is quite disconcerting, especially considering that the last 3 points are items required by the CRTC, to be able to defend oneself, should you face an investigation or prosecution.

No better for Quebec SMBs

Although this study was conducted amongst medium to large business in English Canada, a similar study was just recently published surveying Quebec SMBs.

  • Less than 5% of Quebec SMBs comply with CASL
  • More than 75% were unaware that companies could be fined, even if they have explicit consent
  • Only 35% knew that from July 1st, 2017 onwards, companies will be subject to civil or collective redress
  • 40% were surprised to learn that SMBs, as well as individuals, can face the same charges as large companies
  • 38% didn’t know that many QC companies have already been investigated and received fines
  • 1 out of 4 were unaware that CASL regulates individual emails, as well as text and social media messages

The CRTC’s shortcomings

Although the CRTC enforces CASL, informing and educating businesses is their greatest shortcoming. An article exists to help companies defend themselves, but it must meet the CRTC’s eight required categories. However, finding these requirements on an official website is very difficult.

The regulatory body does give presentations, but for the moment, it is almost exclusively to large law firms in Toronto. Unfortunately, 97% of Canadian companies are small businesses that can’t afford to do business with these big firms.

What can you do for yourself?

Canadian law states that “no one is supposed to ignore the law“.

A compliance program is also the only way to protect you and your business, and your employees, from tens or even hundreds of thousands of dollars in fines and legal fees.

So what do you do? You don’t want to stop your email marketing activities because it’s the top digital performer when it comes to ROI. We’ve done the calculations and penny for penny, all things considered, even a small investment in a compliance program is better than no investment at all.