5 Search Results for "CASL"

CASL Compliance: Q & A About Canada’s Anti-Spam Law

Posted on July 1st, 2014 by Sherry Lamoreaux

Canada is where it's at (sign)Recently David Fowler, Act-On’s Chief Deliverability and Privacy Officer, delivered a webinar about the impact of Canada’s Anti-Spam Legislation (CASL), which went into effect July 1, 2014. During the Q&A session, webinar attendees asked great questions about the details of compliance. Here’s a transcript of those questions and answers, in hopes that they may answer some of your own questions.

If you’re not familiar with the new law, you might want to begin with an overview of the key tenets of CASL. If you have questions that aren’t covered here, please let us know in the Comments section at the bottom of the post. Emilee Johnson, Senior Marketing Manager at Act-On, moderated this session.

NB: This discussion is an exchange of opinions, and cannot be considered legal advice. We encourage marketers’ organizations to consult with legal professionals for guidance on CASL compliance.

EMILEE:        The first question comes from Jeremy. He wants to know, “What is the impact to uploading or importing lists with Canadian email addresses into Act-On?”

DAVID:           Great question, Jeremy. Those Canadian addresses need to have implied consent – at the minimum. Think about how to take your recipient from the lower level of consent, which I think of as “implied consent” to express consent. That’s a confirmed opt-in kind of relationship.

So the question is, how do you get your email recipients from implied consent to express consent? You should make that transition now. Start reaching out to any segment of your mailing list of subscribers that you may feel need to have proactive outreach. And gently request permission again with any person in the file during the next transaction you have with them.

You have time to do it – it’s not like starting July 1, that’s it. But definitely start implementing new strategies or best practices as required under the new legislation.

How to identify an email as “commercial”

EMILEE:        Our next question comes from Colleen. She wants to know, “What’s an example of how you would put in a notice that the message is for commercial purposes?”

DAVID:           You could certainly put a line item in the body of the message. You could put a note in the subject line. Some form of disclosure is required. And the reality is, if I receive an email and the subject line and the From address all sync up with the body of the message, then I’ll determine that it’s a commercial note. I think the challenge becomes when you have a hybrid message. What’s the primary purpose of it? You don’t have the primary purpose rule in Canada, so one must assume that this is a commercial message. You could put that somewhere in the body of the message itself.

EMILEE:        Thank you. Question from Veronica: “Is a blog post considered a commercial message? For example, if someone subscribes to our blog and receives an email each time there is a new content posted, do those emails require a message that commercial content is included?”

DAVID:           I would interpret that as not expressed consent. That’s probably implied consent, in my opinion. You should get a legal view on that. But what you could do is assume that it’s implied consent, and then make a proactive effort to convert it into an express-consent relationship. You have the attention of the person, you know who they are. They’ve reached out to you via their blog subscription. It’s the same thing as a pre-checked box – it does not designate express consent. And pre-checked boxes under CASL are not allowed.

I consider it implied consent because they’ve already signed up and voluntarily taken the necessary step to sign up for it. But you need to take it one step further and button up that relationship in the email side of that business.

Are pre-checked boxes CASL compliant?

EMILEE:        A question came in from Valerie: “Pre-checked opt-in boxes – are they legal or illegal?”

DAVID:           Under CASL pre-checked boxes are not allowed. When you have a pre-checked box, you’ve assumed that the individual has granted consent to you. There’s no affirmation from the recipient to opt in. When you have a box that’s not pre-checked, and they have checked something, there’s a positive action that’s occurred to grant you consent.

And that is why pre-checked boxes, whether in Canada or down in the US, indicate a very low level of consent action. Because the recipient technically has to opt out of the message if they don’t want to receive it, as opposed to opting in. You’ve already taken the step to opt them in based on your perceived preference of what they’ve seen or what they would like to receive. It’s kind of a gray area, but I think under the ruling it’s definitely not compliant.

EMILEE:         Angela asks that you define “positive action” for opt in.

DAVID:           It means doing something that’s one step ahead of a normal opt in. So positive action would be something like a confirmed opt in or double opt-in request. I opt in, you send me a note to confirm the request, and I opt in twice. That’s a great example of positive opt in or positive action. Pre-checked boxes are not a good example of positive action and are also not allowed under CASL.

There are a lot of tricks that you can do. A welcome program’s a great way to do it. Onboarding programs, where I send you a series of notes over a period of time, and by building that rapport and building that relationship with you, I’m getting you more engaged in my program. I let you set the expectation or frequency of mail. I allow you to drive the relationship with me. I put the power in the hands of the recipients, instead of vice-versa. That’s a great example of positive engagement.

EMILEE:        A question from Colleen: “How does CASL define a business relationship?”

DAVID:           Okay, let’s assume I buy a product from you in January. Obviously I’ve opted in, and I have given you express consent to send me commercial messages. That consent lasts until your customer opts out. At the point of inception the business relationship begins.

From this moment, on it’s really up to you to implement the retention based strategies to cultivate the recipients brand experience to ensure that your customer is sent relevant, engaging and timely content.

How does buying or renting lists affect CASL compliance?

EMILEE:        Thank you, David. Veronica wants to know, “Does this mean that we cannot purchase email lists for marketing?”

DAVID:           Great question. It really depends on which side of the fence you sit on and where your thought process lies. Now down here in the US, it’s not illegal to buy or rent data, although the practice can be frowned upon as a way to build your database.

Under CASL, it’s not illegal to rent data or purchase data, but it is illegal to purchase data that has been permissioned via pre-checked box strategies. So you have to be comfortable with the vendor that you’re dealing with, and again this is just my opinion. If it was me asking the same question, I’d be doing the same things. I’d have those conversations with list providers. And if your spider-senses start tingling, then hey, maybe this isn’t an up-and-up relationship, or your providers or your vendors aren’t willing to sign documentation that state this is CASL-compliant permission data, then it may be a good time to sever that relationship and find someone else.

Different business models

EMILEE:        Thanks, David. Mitch is hoping you can comment on this statement: “So Canada makes no differentiation between a Russian criminal organization sending emails with the purpose of engaging in identity theft, and a small Canadian-based software company trying to reach out to some targeted prospects?”

I think he just wants to make sure that these operations are the same when it comes to compliance with the new CASL laws.

Open hand raised, Canada flag paintedDAVID:           If you’re in the business of downloading software to other people’s devices and that’s your product model, then that’s different. Your level of compliance is different, and you’re simply sending commercial messages. The thing is, we have a lot of the same issues down here when we’re dealing with CAN-SPAM. The good news is, as I said before, that July 1, for those of us who are senders of commercial email or purveyors of digital technologies, the curtain doesn’t come down for us.

There will be a period of time where the market and the regulators will figure out that some things will need to be fine-tuned. I’m not sure how that process works in Canada, but obviously down here, we saw that in 2008, the Federal Trade Commission efforts around amending CAN-SPAM, which addressed very specific issues under the interpretation of the fine print of the bill itself.

So I would expect the same to occur in Canada. We really won’t know the impact until we start to see activity around the bad actors. If you’re a good actor in a landscape where there are a lot of bad actors, you’re in a good spot because you’ll be perceived that way. We’ve seen a lot of activity down here in terms of enforcement that have been very focused on crime, very focused on the negative side of the business, the negative side of the web, doing the things they shouldn’t be doing, like illegal botnets and so on.

How about trade shows and events?

EMILEE:        Thank you, David. Daphne wants to know if you had any suggestions on how to gather consent from trade show leads: “Should we be getting people’s business cards?”

DAVID:           So let me turn that around. Let’s say I visit your booth and I stick a card in the jar and hopefully I win the goldfish during the drawing. That’s an example of implied consent. I’ve walked into the booth, I’m obviously interested in your brand or getting something. That’s okay. The question then becomes, how do you get me to give you express consent? And that’s got to do with the strategy, your program, and the tools that you use.

The good news is that under CASL, the way that I understand it, that’s perfectly fine. But it’s an implied-consent relationship. It is not an express-consent relationship. You still have two plus years to get me from implied to the consent level. But you have the name, you have the contact, and it’s just about the nurturing and the development of that contact.

EMILEE:        Thanks, David. Jamie wants to know, “If we aren’t selling anything, but inviting them to a free educational event, do we require the express-consent opt in?”

DAVID:           That’s a great question. I’m assuming these are contacts that are probably not in your database currently. If that’s the case, then I’m of the school of thought that some permission is better than no permission. Under CASL exemptions, if your interpretation is that these folks that fall into that bucket, that may be applicable to you. But I would encourage you to get a legal opinion on that. Your legal team may see something differently than we would. We can’t provide legal advice.

Consent is not required for quotes or estimates, messages that confirm or facilitate transactions, provide warranty, recall, safety or security information, information about ongoing use or ongoing purchase, and so on. So if I say, “Hey, come attend my webinar.” Great, that sounds good. You attend the webinar. But if I want to have a deeper relationship after that, then a commercial component kicks in and I have more of a consent obligation than I did in the initial pass.

Getting people from implied to express consent

EMILEE:        Thank you, David. This next one is from Kelty: “Could we send a consent request email blast to verify people before July 1, asking them to opt in or they get dropped?”

DAVID:           Yes, you can. You can certainly do that. Because the reality is, you probably have folks in your file that are either implied or have come on via an implied methodology or an expressed methodology. The question is, how do you segment them out? One way would be to look at your engaged contacts versus your unengaged contacts. I would assume, and again this is my thinking– this is not the way that I understand the law, but this is my opinion – I would take the folks who are unengaged, meaning they haven’t converted on your program for a period of time, and assume that they have implied consent. And I’d implement a strategy to get them to the express-consent level of permission.

Do that with things like reengagement campaigns. “Hey I haven’t heard from you in a while, hopefully you still love me, and so on. Here’s a great coupon.” Or reaffirm your permission practices: “Would you like to change the frequency of your messaging?” A subscriber manager is an ongoing building block of any great email program.

So I think the way you establish consent, and the way you establish engagement, and turn it around for the user experience, is going be so beneficial for your program in the long term because you’ve given the individual the ability to make that decision based on what they want and how they want to interact with you, rather than the other way around.

EMILEE:        Thank you, David. One more question from Theresa: “If a company is a customer, but we’ve added new contacts after July 1, do we still need to get opt in permission from these new contacts?”

DAVID:           Yes. Yes, you do. Any contact added after July must have express consent. All contacts in your database on July 1 will have implied consent. You have two years to convert your database into a 100 percent express consent listings.

Final thoughts

I think the days of non-opted in, un-permissioned emails are over. In the US, we are the only country in the world that has a non-permission requirement for our marketing efforts. So if you just take that one statement alone, reverse it and apply it to any program globally, the permission paths of that recipient is something that you need to obtain at some level. And under CASL, you have a couple years to get that done, but it’s definitely something that you need to be thinking about.

I can’t stress enough the fact that there are a lot of questions, and the way you interpret these questions is going to be how you apply that interpretation into your program. Seek out additional resources and legal opinions. We’ve done the same thing here at Act-On. We’ve having the same conversation with our suppliers and our vendors as well. I’m giving you some of the insight of what we’re doing as a company to prepare ourselves for potential issues that could be down the road.

Permission is the key in anything. Permission, disclosure, consent – all those things. If you have that buttoned up, then you shouldn’t have any issues as you move forward. If there are any holes in that process, that’s where you could get into trouble.

Questions? Let us know in the comment box below.

Marketing in Canada? You Must Comply with New Law by July 1, 2014.

Posted on December 9th, 2013 by David Fowler

Canadian MountiesThe hammer fell on Wednesday, December 4th:  Canada’s Anti-Spam Law (CASL) regulations were officially published, putting the marketing industry on notice that Canada means business when it comes to driving out spammers, phishers, and identity thieves.

They’ve set the bar high:

CASL applies to any commercial electronic message sent from or accessed by a computer system in Canada.

Meaning even if your intended recipient doesn’t reside in the Great White North, if he or she opens your communication while in Canada, CASL applies. Effectively this puts the onus on marketers to be cognizant of where (geographically) recipients are opening electronic messages.

Ouch.

Most of CASL comes into force on July 1, 2014.

 The key tenets

So what does that mean to marketers? Below is a summary of the essentials to help you better contextualize what compliance will mean for you.

Primary Scope:

  • Senders of any form of commercial electronic messaging (CEM), including (but not limited to) messages to email addresses and social media accounts, text and image messages sent to a mobile phone, and telemarketing.
  • Telecommunications service providers (TSPs) that install commercial software on another person’s computer system.

Consent:

  • Must obtain 100% express consent prior to sending any CEM.
  • Must obtain 100% express consent prior to installing a commercial computer program.
  • Must have proof of consent, including source and time.
  • Can rely on implied consent to send CEMs to recipients where there is an existing relationship.

Unsubscribing:

  • All CEMs must contain an opt-out method.
  • Marketers cannot confirm the opt-out request via a follow-up method.

Disclosure Requirements:

  • Clearly identify the sender of the message.
  • Include a clear “subject line” and “From” name that reflects the purpose of the CEM.
  • Include a notice that the message is for commercial purposes.
  • Include a physical address.
  • Include a URL, email address, or phone number where the sender can be reached and that is valid for up to 60 days after the CEM is sent.
  • Include a valid and working mechanism that will unsubscribe the recipient within 10 days.

Exclusions:

  • CEMs between individuals who share family or personal relationships.
  • CEMs sent within an organization and/or between organizations that already have a relationship.
  • Quotes and estimates.
  • Responses to complaints or inquiries.
  • Pre-existing transaction materials and/or factual information (e.g., loans, memberships, service accounts, bank accounts).
  • Fundraising on behalf of registered charities.
  • Contribution solicitations on behalf of political parties, organizations, or candidates for publicly elected office.

Penalties for Non-Compliance:

  • Fines up to $10M CAN per violation.

CASL versus CAN-SPAM

Although there is overlap between the US CAN-SPAM laws and CASL, there are distinct differences that marketers need to understand. Here are the main ones:

CAN-SPAM

  • Addresses spam onlyUSflag
  • Applies to email
  • Marketers can technically email a person at least once without prior consent
  • No private “right of action” (An individual or business cannot file a lawsuit against a suspected spammer. Only the government and/or ISP can do so.)

CASL

  • Addresses a broad range of Internet issuesCanadian flag
  • Applies to all forms of commercial electronic messages (e.g., email, SMS, social, voice)
  • Prior consent required prior to marketing
  • Private “right of action” is available to anyone (An individual and/or business can file a lawsuit.)

Bottom line: prepare now

If you haven’t already, I highly encourage you to ramp up your planning and implementation strategies to ensure you’re compliant by July 1, 2014.

A good way to start is to assess how you manage opt-ins across all of the electronic mediums you use, as well as how you maintain a record of each opt-in (source and time).

Although there will certainly be further guidance and provisions put in place once the Law goes into effect, don’t risk finding yourself on the wrong side of an expensive complaint.

Key dates

  •  Jul 1, 2014 – most CASL regulations come into force
  •  Jan 15, 2015 – the provision related to computer programs will come into force
  •  Jul 1, 2017 – the Private Right of Action will be enacted

Key resources

Photo of “We Are Mounties” by Calsidyrose, used under a Creative Commons 2.0 license.

Spring Into Compliance – The Canadian Anti-Spam Law (CASL) is Around the Corner

Posted on February 12th, 2013 by David Fowler

Canadian_FlagAre you sending marketing emails to prospects in Canada? You may need to alter your messaging in the next few months. The Canadian Anti-Spam Law (CASL) C-28 is scheduled for enforcement in Canada late this year to early 2014. The bill intends to promote ecommerce by deterring spam, identity theft, phishing, spyware, viruses, botnets and misleading representations online. Read a summary of the bill here.

David Fowler, Act-On’s chief privacy and deliverability officer and Kent McGovern, deliverability operations manager (who’s based in Canada), will be speaking about the new law and its ramifications in a webinar this Thursday, February 14th at 11 a.m. PT. You can look forward to hearing about:

  • U.S. CAN-SPAM compliance overview
  • Overview of CASL
  • What marketers should do in order to comply
  • How the Canadian law differs from U.S. laws

We will also be covering next steps for marketers which include updating  your company’s website and privacy policy, the forms and procedures that document consent, and addressing unsubscribe requirements, just to name a few.

Beyond the basics, there will also be a Q & A session following the webinar for anyone needing further information. Register for this webinar now.

 

Email Marketing to Canada? New Laws Will Affect You

Posted on September 4th, 2012 by David Fowler

Q: Who is the last of G8 contries to introduce into law compliance pertaining to Spam?

A: It’s Canada.

Canadian_Flag

The Canadian Anti-Spam Law (CASL) C-28 is due to become law in Canada in early 2013. Bill C-28 affects commercial emails that are either sent from or opened in Canada – and contains much stricter regulations than current US CAN-SPAM laws.

Although the legislation has been crafted and revised, the final approval is still pending. The CASL law is deemed to be the most aggressive piece of ant-spam legislation that is available and has several areas of compliance that are very unique for marketers to comply with.

The Canadian anti-spam law will be stricter than CAN-SPAM

Here in the US we have operated under CAN-SPAM since 2004 and have come to fully understand the implications and requirements, but CASL is going to be a little more problematic for marketers to understand and adopt. There are several differences between CAN-SPAM and CASL which you will need to understand should you be marketing to Canadian clients after 2013. Some of the key differences with CASL are that it:

  • Addresses a broad range of internet issues that affect the electronic marketplace today
  • Applies to all forms of electronic messaging (email, SMS, IM etc.) and NOT just email
  • Requires prior permission-based email, not opt-out as we are used to in the US
  • Allows private right of action available to anyone (individuals, businesses etc.) to bring a lawsuit based on the infraction.

Find out more about how this law will affect your marketing practice. 

Join me for a complimentary webinar as we discuss what marketers need to know about this new law. Topics will include:

  • Overview of Canadian Anti-Spam Law (CASL) C-28
  • What marketers should do in order to comply
  • How the Canadian law differs from EU laws

In addition to Bill C-28, I will also provide an overview on U.S. Can-SPAM compliance.

When: Thursday, September 6, 11:00 am Pacific; 12:00 pm Mountain; 1:00 pm Central; 2:00 pm Eastern

Register now for this free webinar, Fall Into Compliance. Hope you can attend!

Canadian Anti-Spam Update

Posted on October 18th, 2012 by David Fowler

I recently provided an overview of the pending Canadian Anti-Spam (CASL) legislation that is expected to enter into force in 2013.

While finalization of the Industry Canada regulations are still underway, the Canadian Radio-television and Telecommunications Commission (CRTC) is further ahead: it enacted its Electronic Commerce Protection Regulations in March 2012.

The CRTC recently issued two Information Bulletins on its Regulations.

These address practical aspects of obtaining consent to send commercial electronic messages (CEMs), and providing an effective unsubscribe mechanism.

The full Bulletins are available at Guidelines on the interpretation of the Electronic Commerce Protection Regulations (CRTC) and Guidelines on the use of toggling as a means of obtaining express consent under Canada’s anti-spam legislation.

A summary of these is set out below.

Obtaining-email-consent

1. OBTAINING CONSENT

Specific requests for consent must be clearly identifiable to the user and also indicate that the user’s consent can be withdrawn at any time. Consent can be obtained orally or in writing, and must be positive and explicit. In other words, it must be “opt-in”.

Acceptable:

  • An icon or an empty toggle box that must be actively clicked or checked to opt in.

Not Acceptable:

  • The pre-checked box, because it puts the onus on the person whose consent is being sought to take action in order to indicate that he or she does not consent.
  • Also not acceptable: a CEM in the form of a subscription email, text message, or other equivalent form to request express consent. Persons must be able to grant their consent to (for example) the terms and conditions of use or sale, while also refusing to grant their consent for receiving CEMs.

Not-acceptable-Canada-spam-law
2. UNSUBSCRIBE MECHANISM

The unsubscribe mechanism must be consumer-friendly, simple, easy to use, and must be set out clearly and prominently. Under the Regulations it must be capable of being “readily performed”.

  • Email example: a link takes the user to a web page where he or she can unsubscribe from receiving all or some types of CEMs from the sender
  • SMS example: The user should have the choice between clicking a link, or replying to the SMS with the word “STOP” or “Unsubscribe”.

 

So, as you can see by these examples, the CRTC has clearly provided documentation of acceptable methods of obtaining consent and unsubscribing.

Please consult with your legal teams on how the CASL regulations will affect your marketing efforts in Canada, and we’ll continue to provide you with updates as we learn more.

 

Cheers!

 

Note: The example images in this blog post belong to the Canadian Radio-television and Telecommunications Commission. These are not official versions of the materials reproduced.