What You Need to Know about CASL
By Clea Moore
Whether you love it or hate it, the Canadian Anti-Spam Law (CASL) takes effect on July 1st – roughly six months from now. If you are already CAN-SPAM compliant and you have clearly informed recipients of what they can expect to receive from you, and you can document that your entire list is confirmed opt-in (including where they came from and when)– then CASL most likely doesn’t impact you.
For the bulk of you, here’s what you need to know to avoid a legal action and fines (up to $10 million) from our Canadian friends. There are three core requirements for CASL compliance: including your contact information in messages, maintaining a functional and easy unsubscribe mechanism, and documenting subscribers’ consent to send them mail. The first two are pretty straightforward, so I’m going to focus on consent. Start with these questions to see where you stand with CASL:
1. Are you mailing to Canada?
Unless some geographical restriction prevents Canadians from joining your list, you probably are. Flagging .ca addresses absolutely will not identify all Canadian subscribers.
2. Can you identify (and document) where your subscribers live?
Have you always asked them during sign-up? Have you recorded the IP addresses they use during sign-up? When they open messages? Have you collected postal codes or full mailing address from point-of-sale sign-ups? How about from third-party sources?
3. Can you document properly logged consent from all Canadian subscribers?
That means subscribers’ explicit opt-in plus the originating IP address they signed up from, the URL they signed up from, and the date/time they signed up, as well as the disclosure language used at the time of sign-up.
Assuming that an audit of your file is likely to reveal at least some noncompliant addresses—people who live in Canada, or even who might live in Canada—this is what you need to do:
First identify all the addresses for which you don’t have consent. If you want to continue sending to these people after July, you’ll need to make sure you have the capability to collect and log their consent.
Then begin sending re-permissioning messages to solicit “expressed consent” from all non-compliant subscribers. You have close to seven months to get this. After July 1, 2014 any message you send them is a violation of CASL. There are exceptions, though.
You have a window of six months of “implied consent” to mail to Canadian subscribers on your list if you can document that they have inquired about your business or service. If a recipient “closes business” (i.e., buys something) with you within six months, this window of implied consent is extended for 24 months from that point. It extends again anytime they buy during the implied consent period. As long as these subscribers remain regular customers (by making a purchase within the two-year window), CASL allows you to mail to them without logging their expressed consent.
Other exceptions are narrower. Notifications about updates for software already installed are exempt. So are fundraising messages from registered Canadian charities and political parties.
One final note: As you make plans to adapt your sending policies to CASL requirements, please, please consult a qualified attorney to ensure compliance. Telling the Canadian government that you followed my advice absolutely will not get your fine reduced.
Clea Moore is receiver relationship manager, email intelligence group for Return Path.