Just in time for Canada Day, the new CASL kicks into gear on July 1, 2014. Anyone who’s been adding email addresses to their newsletter lists from random sources has set their panic mode to “maximum”. That’s because the rules are changing and soon you will no longer be able to pad your email list with addresses from things like purchased lists.
If you’re a business or organization sending automated emails in Canada, to anyone in Canada, or to anyone who might read it in Canada, this will change how you do things. The fines for getting on the wrong side of this law are pretty exciting too: up to $10 million for a business.
The panic mode kind of makes sense now, doesn’t it? Luckily there’s a 3 year transition period during which implied consent is OK – more on that below. If you’ve been taking the high road, however, and already use a subscription system that uses an active opt-in, you’re more or less in the clear.
The law is designed to help in the prosecution of all kinds of bad behaviour like hacking, malware installation, phishing, outright fraud and of course spamming. I am going to focus on the spamming part, and specifically with regards to email accounts. (The law applies to all “commercial electronic messages” (CEM), which also includes text messages and social media messages.)
Like most laws, it is long and complex. For email marketing, the basics of the new rules are:
- If you’re sending someone any kind of commercial message, you need to be able to prove consent. Let’s be absolutely clear here: the burden of proof is on you. Consent can be implied or express – again, I’ll get into that below.
- No more sneaky pre-checked checkboxes for newsletter signup on forms. The user needs to actively select a clearly labeled checkbox that tells them they are signing up for your emails.
- You can’t tell people they’re signing up for A, and then send them B. If you’re telling people they’re getting productivity tips and then sending them appeals from princes in small countries who really really really need money, that’s a no-go.
- Similarly, they need to know exactly who is sending the messages, so the “from” email name and address need to reflect your organization.
- Subject lines in emails can’t mislead people about the content.
- Your full contact information needs to be included in every email message, including a mailing address. For home-based businesses where you don’t want your home address showing, a PO box is fine.
- If you are emailing someone on behalf of another organization, they need to be clearly identified.
- All emails must have a link so that people can unsubscribe, and they need to work right away.
Express vs Implied Consent
CASL has two types of consent: express and implied. Implied consent acts as a kind of temporary grace period, after which you have to get express consent. You can’t keep someone on your list forever based on implied consent.
Implied consent exists when someone is in a business relationship with you but there is no explicit agreement to receive your emails. Perhaps they bought something from you, subscribed to a webinar, or gave you a business card.
If you’ve collected an email address before July 1 2014, then implied consent expires after 3 years. If you collected the address after July 1 then you have 2 years – unless they do something to keep the relationship going, like make another purchase.
Express consent is where someone knowingly signs up for what you’re offering, and is now required for any automated emails if you don’t have implied consent. If someone has given you express consent before July 1, you don’t need to worry about getting it again. It never expires unless they use your “unsubscribe” tool.
Transaction Emails and Other Exceptions
In the legislation, there is a class of exceptions for emails that “solely” complete a transaction. Sending order confirmations, password reminders, membership status confirmations, and shipping notifications should all be fine. But note the “solely” – the minute you add anything that engages, tempts, or lures you need consent.
- You can respond to any kind of request for information, like request a quote or contact form submissions.
- If you’re a registered charity, you can email anyone who has donated in the past 18 months, and you can continue to send emails for the purpose of collecting donations.
- If you’re a club or other member-based organization you can continue emailing your members, as long as you aren’t including non-members.
- You can continue email companies you already do business with.
- Legal messages related to recalls, warranty, safety, debt collection, or copyright.
- One referral can be sent as long as the referrer has a personal relationship with the receiver of the referral.
- Work-related emails between employees at the same company.
- You can keep emailing your family and friends. (Phew!)
What’s Next? Seduce Your List Into Re-Subscribing!
Many organizations want to stick to the high road and are getting express consent right away by inviting everyone in their database to re-subscribe. This is a great idea, but the question is how to do it without having your email get lost in the inbox soup and losing most of your subscribers.
The answer is to pitch a little woo, especially in your subject line. You want to stand out in the inbox so your reader will click. Here are some subject lines that I found especially click worthy:
- Jennifer, I thought we were friends
- Don’t Let This Be Your Last Message
- Please don’t go
Subject lines like that make it hard to say no!
In the email itself, provide a quick, clear explanation about why you’re asking them to resubscribe, and an easy to see link so they can follow through. Images help too. Have fun and be creative!
Quality, Not Quantity
Most of our clients who are worried about the legislation are generally already getting consent from their subscribers. If not, using a reliable industry-standard emailing tool like MailChimp or Constant Contact will get you most of the way there. In fact in many ways they go above and beyond the law. For example, they both have a double opt-in system in which the user has to confirm by clicking a link from an email after they use your sign-up form.
The main thing is to have a way for people to unsubscribe, so they’re not trapped into receiving an endless tsunami of messages they don’t want. If they’re not interested in what you have to say, you don’t want them in your database anyway, right?
- The official anti-spam law FAQ
- The CRTC’s examples of expressed consent
- The full official text of the new anti-spam law
- Constant Contact’s FAQ
- MailChimp’s Overview and Recommendations
I am not a lawyer. This article is just my interpretation of the information to help get you started. I urge you to play it safe and have proof for everyone on your list. If there’s something you’re doing that you’re not sure about, talk to a lawyer.
The law is also new and we have yet to see how it plays out in the courts. If you get prosecuted because you’ve been trying to walk the line, it’s not my fault, or Envision’s.
Credit Where Credit Is Due
Special thanks to Alex Katayama for some key initial research.
It looks like the courts are putting some very heavy fines on people who contravene the new law.
on November 20, 2015, the CRTC announced that Rogers paid $200,000. They are not the only violators. Porter Airlines agreed to pay $150,000 in June 2015, and Compu-Finder was fined $1.1 million in March 2015. (Thanks to Victoria at Ottawa Home Services for passing on the information.)