Canadian Anti-Spam Law Update: Are You Compliant in 2017?
Brad Gurley, Senior Director of Deliverability, Real Magnet
If you’re a long-time reader of the Real Magnet blog (and who isn’t?) you’ve probably seen our previous posts about the Canadian Anti-Spam Law (CASL) or attended our CASL webinar in preparation. Certainly you took the steps we outlined and your email program is 100% CASL compliant, but you likely haven’t heard as much about CASL in the 2+ years since its effective date in July of 2014.
Later this year, a major new provision to CASL comes into effect providing a “private right of action” for recipients who have received mail that violates CASL. Make sure you download our 7 Step Guide to stay in compliance in 2017.
For now, let’s review the primary tenets of the Law.
1. Consent (permission) is required to send any email that can be construed as commercial. There are two types of consent: express and implied. Express consent is the gold standard, while implied consent primarily exists to provide a window for senders to get express consent from customers, members, etc.
2. Opt-in mechanisms must clearly identify the sender and inform the recipient they are signing up for commercial mailings and can unsubscribe at any time. The CRTC, who is responsible for CASL enforcement, has stated that pre-checked boxes do not meet the required standards and are not considered valid consent.
3. Messages must include clear identification of the sender (including physical address) and a clear unsubscribe method. Similar to CAN-SPAM, each message should clearly identify its originator and allow recipients to unsubscribe easily. While no specific timeframe is given, unsubscribes should be processed “without delay.”
4. Senders MUST maintain documentation of consent. If a CASL violation is alleged, the sender holds the burden of proof and they must show that the recipient(s) provided consent. This includes date/time, IP address, and any other data that confirms when, where, and how the recipient provided consent.
CASL in Action
In the time since CASL took effect, the Spam Reporting Centre (SRC) has received hundreds of thousands of complaints alleging CASL violations. Between July 2014 and May 2016, over 545,000 complaints were lodged, with the vast majority (93%) alleging violations of consent requirements.
The CRTC has investigated and taken action on a number of these senders, levying hefty fines in many cases. A few examples:
- In March 2015, corporate training company Compu-finder was fined $1.1 million for violations of CASL – specifically for repeatedly sending to recipients without consent.
- In June 2015, Porter Airlines was levied a fine of $150,000 for violations primarily related to missing or unclear unsubscribe options, although they were also cited for inability to provide documentation of consent. Porter also agreed to immediately change their practices in order to become compliant.
- In August 2016 the CRTC announced that food producer Kellogg Canada agreed to pay a fine of $60,000 after they and associated third parties sent messages without the consent of the recipients. Kellogg also agreed to become compliant as part of the settlement.
Changes to CASL in 2017
Failure to comply with CASL has led to some stiff penalties for violators, but this summer the damage is likely to become even more severe. On July 1, 2017, the Private Right of Action (PRA) provision takes effect. Under this rule, recipients who have been sent mail in violation of CASL can sue for actual and statutory damages against the sender.
As a sender, the best way to defend against such legal action is to ensure compliance with all CASL provisions:
- Confirm that your consent is properly acquired and documented.
- Check your unsubscribe process to make sure it doesn’t require recipients to login or take any additional steps.
- Clearly identify your organization at opt-in and in each message you send.
One area that is likely to be of particular concern is the concept of implied consent. CASL provides for implied consent when sending to recent purchasers, members, donors, or volunteers, but that implied consent is almost assured to be more difficult to defend in court than clear, express consent.
If you believe you have implied consent, now would be a good time to check in with your legal counsel to be sure (if you haven’t already). Our recommendation is to always use that implied consent primarily to request express consent from the recipient in order to continue sending them email. Even if your organization is certain your implied consent will hold up in court, it’s less likely you’ll run into potential issues if you center your email program around express consent.
If you haven’t reviewed your CASL policies since 2014, download our CASL whitepaper to make sure you’re in compliance with statutes coming into effect in July of 2017.
Disclaimer: Brad Gurley is not an attorney and the contents of this article should not be taken as legal advice.