Complying with the new Canadian Anti-Spam Legislation (CASL) will require anyone that uses e-mail for business and commercial purposes to ingrain asking for informed consent into their DNA.
That was the key message at E-mailing Prospects – When is it OK?, an education seminar organized recently by the Canadian Channel Chiefs Council (C4). Stephanie McManus, a lawyer with Compliance Support Services, walked attendees through the anti-spam legislation, which will mean major changes for those that use email as a part of their business.
“It doesn’t just concern spammers,” said McManus. “It touches on every form of electronic communications that’s out there and it’s one of the most onerous pieces of legislation out there in what it demands of email marketers.”
Many everyday business activities will be covered, such as sending an email to a customer or prospect, operating a company web site, making a mobile application available for download, and even installing computer software. Sending commercial messages such as emails, texts and instant messages are all captured. And while a “grace” period is currently underway where some of the rules are relaxed and “implied” consent is acceptable for communications, the law will be fully enforced by July 1, 2017 so now is the time to adjust your business processes.
What makes CASL tougher than similar legislation in other jurisdictions is the requirement for an express “opt-in.”
“You can’t just allow them an unsubscribe option as in other countries,” said McMannus. “You will need to have a record of express consent with each person you communicate to electronically.”
The ongoing maintenance of that consent list will be one of the biggest challenges for companies, said McManus. Using an automated system such as Constant Contact will likely be necessary to avoid a significant logistical challenge. And there are specific rules around what constitutes consent.
The legislation casts a wide net, and it’s unclear how the government can reasonably hope to enforce and police compliance. Still, McManus said the key word to consider is commercial – if it’s about business it’s a commercial message. And after July 1, 2017, you won’t even be able to send someone an electronic message to ask for their consent.
“You must be cognizant that in any conversation that may result in a business relationship you should ask (that person) “can I communicate with you electronically?” and write down when and where,” said McManus.
There are several exemptions for the need for express consent, but they still require consent being requested in the first message. For example, if a colleague refers someone to you that they have a business relationship with, if someone hands you a business card, if a prospective client contacts you or if you have a personal relationship with them.
The legislation also requires express consent for installing programs, with requirements for disclosure of what the program does and options to uninstall.
Overall, the key, said McManus, will be recording consent for communications, including who it came from and when, as you need to be able to prove consent if challenged.
“It’s going to have to become part of your DNA, the requesting of consent and recording it,” said McManus. “That’s the only way to realistically comply with this law, making it part of your routine.”
With the enforcement of the legislation looming, McManus said companies need to put in place their CASL compliance plan now. She recommends following these seven key steps:
1/ Who should be on your team?
2/ What requirements apply to your business?
3/ Audit and document current practices
4/ Resolve preliminary “interpretation” issues
5/ Develop and document a CASL compliance plan
6/ Implement the CASL compliance plan
7/ Monitor, track and update the CASL compliance plan