Multiple facets of security

Multiple facets of security. Email marketers must be aware of anti-spam laws in countries they are emailing.

by Mary Gospe with contributions from Janice Hulse and Sue Hay

Canada’s Anti-Spam Legislation, known as CASL, was passed in December 2010 and goes into effect on July 1, 2014. It requires that anyone sending commercial electronic messages (CEMs) to Canadian consumer or business recipients must have explicit permission. CEMs not only include email, but other forms or electronic communication including text and instant messages and social media. Failure to comply can result in stiff penalties, up to $10 million per violation – the toughest of all the G8 countries.

Deloitte’s paper on CASL states that “according to the new law, Canadian and global organizations that send commercial electronic messages (CEMs) within, from or to Canada need the permission of their recipients to send those messages, with very limited exceptions. This is in stark contrast to the US anti-spam law, which allows CEMs to be sent without permission until a recipient “opts-out”.

According to Yesmail, “implied consent becomes invalid after six months if the recipient doesn’t become a client and in two years if an existing client is inactive from purchasing, subscription or, account renewal. After CASL goes into effect, marketers must receive clear consent from email recipients by having them check a box or manually input their email address in a field.”

Deloitte describes the penalties for non-compliance as:

  •  “Up to $10 million per violation for corporations
  • Criminal charges for organizations that make false or misleading representations regarding the sender or subject of a CEM
  • Civil charges enabling businesses and consumers to seek damages of $200 per violation, to a maximum of $1 million per day
  • Personal liability for company officers and directors who knowingly infringe the law
  • Vicarious liability for companies whose staff don’t comply
  • Investigation of spam messages, which recipients can send to a Government of Canada reporting centre
  • Activities related to phishing, email harvesting and the use of spyware/malware will also be “investigated”

Next steps:

  1. Consider forming a cross-functional CASL team with members from your legal, IT, and marketing teams to review current practices, assess the state of your database and form an action plan
  2. If you do not have a double opt-in process in place, start now
  3. Reach out to your Canadian prospects, customers, partners, etc. and ask them to opt-in for ongoing communications. Once CASL is in effect, even an email asking someone to opt-in will be a violation
  4. Make sure you have at a minimum the country for every person in your database as relying on a .ca in the domain may not be sufficient
  5. Train anyone sending bulk email within your organization of the new law and process changes, including marketing, sales, support, client success, etc.
CASL resources:
Read Deloitte’s publication Managing the message – Canada’s new anti-spam law sets a high bar for more details and advice.  The following links will direct you to helpful resources, checklists and official guidelines to help you prepare for and comply with the new Canada Anti-Spam Law and the Electronic Commerce Protection Regulations.