What You Need to Know About Canadian Anti-Spam Legislation (CASL)

Fiber optical

Ken Pfeiffer is the Global Director of Delivery for Sailthru. Ken has been involved working in the email delivery space for more than 10 years, and specializes in delivery at scale. 

Despite being hailed as the world’s strictest anti-spam law, the Canadian Anti-Spam Legislation (CASL) might have managed to slip under your radar. The new legislation, scheduled to take effect on July 1, 2014, doesn’t only apply to email marketers, but all forms of online advertising, and is a big change in the anti-spam and deliverability space. With any new anti-spam legislation, it shouldn’t be taken lightly. For the context of Sailthru clients, I’m going to focus on email in this post, but I recommend for all online marketers to do their reading and not brush off CASL – this is a need-to-know, not a nice-to-know.

Some of you may be asking if you’re part of an American business that isn’t international, why should I care about a Canadian law? Even if your business is U.S.-only based, there is no way to know if one of your emails is going to be accessed in Canada. No one can be guaranteed exempt from CASL, which is why it’s critical to have all the information on how this affects your brand.

There has been much talk and discussion in the space of how this is very different from CAN SPAM and while it is, I urge all mailers not to view CAN SPAM as the pinnacle to strive for, rather as a barrier to entry. It’s really not hard to make your email CAN SPAM compliant, a few basic items and you are with in CAN SPAM. Though just being CAN SPAM compliant falls woefully short of email best practice and the TOS of every legitimate ESP as well as published acceptable use policies for the receivers of email.

The Important CASL Concepts Every Marketer Needs to Know:

1. CASL requires opt-in / consent.

There are two types of opt-in allowed under CASL – explicit and implied. Explicit consent is when someone gives you informed consent to be added to your email list. Think of an opt-in form where there is a checkbox that someone has give his or her address and do some action to in order to be added to your list. It’s clearly stated what you are signing up for and what kind of email to be expecting. This is considered explicit consent. When gaining explicit consent it is required that you inform the user of who will be emailing them, and let them know that they can opt out at any time. The second type of consent is called implied consent where there is an established prior business relationship, such as when someone drops a business card in a fishbowl at a conference or signup forms where consent is not given. You are allowed to email these subscribers for a period of two years during which you must obtain explicit consent in order to continue emailing.

2. Private right of action.

Under CASL a private right of action lawsuit can be brought on by an individual against the originator of an email. Take close note of the word originator: the ESP that sends the email is considered to be the sender and the company that is doing the emailing is considered to be the originator. CASL allow for damages of 10 million dollars per violation. This will not take effect until July 1, 2017.

3. Pre-checked sign up boxes are no longer consent.

There has been a lot of questions / debate around pre-checked checked opt in boxes and if that is allowed under CASL. Under the current guidelines pre-checked checkboxes are not an acceptable form of consent, and in reality it’s not a best practice anyways. Trying to force users into giving you their opt in information will only hurt the quality of addresses you do collect.

4. There is time for transition.

Luckily, senders are being given a 3 year window in which they must gain explicit consent from their email users. Every brand must make sure in this time to get their email lists in order and verify every individual user has given that consent.

The Good News, Bad News & What to Take Action On

The good news, if you’ve been following best email practices and work hard at obtaining explicit consent opt-in then you shouldn’t have too much to worry about. The bad news is for those who who haven’t been exhibiting due diligence for their email practices. I’d urge any email marketer to seriously reconsider how they are collecting and managing their subscriber lists. I also recommend including in your privacy policy verbiage around recording and maintaining opt in date / time and method for use in any CASL related claims.

Overall, the best thing senders can do is ensure they are always getting explicit consent from all additions to their email list. There is no way to know if an email is going to be accessed in Canada so all senders must move to strict and explicit consent methods of address collection, or possibly face consequence.