What you and your business need to know about CASL

Canada’s Anti-Spam Legislation (CASL) has been in place since 2014

It feels like FOREVER ago, but the reality is we still come across clients who don’t know what it is or how it applies to them.

Here’s the short of it, if you are a company or for-profit organization and you send electronic messages to Canadians trying to sell them your products/services, then CASL applies to you. We know from our conversations both internally and with clients that the topic of CASL fills people with anxiety and stress, while also boring them to death, which generally leads to ignoring and putting off doing the work needed to ensure you’re being compliant. We TOTALLY get it, and we want to help. In this article, we’re going to attempt to break CASL down in layman’s terms, make it more accessible and less scary.

Here we go!

What exactly is CASL?

As we mentioned above, CASL stands for Canada’s Anti-Spam Legislation. It is a set of laws that have been created to help protect Canadians from the misuse of electronic marketing communication by businesses and organizations sent for the express purpose of selling. In other words, CASL is protecting you and your inbox from the annoyance of spam. If you’ve done any reading on CASL, you’ve probably seen the term CEM. CEMs are commercial electronic messages – these are the potential spam we’re talking about above.

Quick note: It’s important to understand that electronic messages include emails, text messages, instant messages, direct messages, or certain social media messages sent to another electronic address. We’re mainly talking about emails in this post because that’s generally the way our clients are communicating with their audience, but if you do use any of these other forms of communication it’s important that you recognize that they also need to be compliant.

There are three components to CASL that you need to understand in order to comply:

1. Obtain consent before you can send any messages to anyone (we tackle consent further in the next section).
2. You must provide clear identification information in your message (people have to know who they are receiving the message from, including a business address).
3. You must, must, must provide a clear and easily found way for people to unsubscribe from your email list. And just to round this out, there are scenarios where CASL does not apply. You can read more about those here.

Why is consent important?

When talking about CASL there are two types of consent you need to be aware of and filter all of your communication through:

1. Implied – valid for up to 2 years
2. Express – valid until the person unsubscribes

You have implied consent to send an electronic message to someone if one of the following scenarios is true:

• They’ve bought something from you in the last 24 months
• You’re a registered non-profit or political organization and the person you are emailing has donated to, volunteered for, or attended a meeting pertaining to your cause
• You’ve collected business cards or been otherwise given or found an email that was published publicly and that person hasn’t expressly published or said that they don’t want spam or unsolicited messages.

If none of the above scenarios are true then you must have express consent to send electronic messages. Express consent looks like having a record of either their written or oral permission to send them communication.

NOTE: It is recommended that, even if you have an existing business relationship with someone (implied consent), you put proper mechanisms in place to capture express consent to continue to communicate with them beyond the specific reason that you connected in the first place. For instance, if someone buys something from you, they should receive an opt-in message that gives them the opportunity to give you express consent to continue to communicate with them after that initial transaction has taken place. If they choose not to opt-in at that point, it’s probably safer for you to remove them from your active communication list.

What happens if my business doesn’t follow CASL?

It can vary, but the short and the long of it is that your company or organization could face fines of up to $10 million, criminal/civil charges, and/or personal liability for officers and directors. All of this, because your e-communications aren’t compliant?! No, thank you. Do yourself a favour and keep reading for what to do next.

Steps to follow to get your business CASL compliant

You’re reading this post, so that’s step #1!

Clearly, you care about your business and understand that if left unchecked, your communication strategy (or lack thereof) could have very real, very negative impacts on your business. So, let’s have a look at what you can be doing right now to get your business CASL compliant:

1. Do a review of every kind of electronic communication your company sends and categorize them by the type of communication (CEM, customer service, etc) and the communication vehicle (newsletter, campaign, text, etc.).
2. Create a system for reviewing all communication your company or organization does, and using the information from step 1, create filters and checks and balances for your communications to go through before they get sent (eg. – who is receiving each form of communication and how/when did you receive consent to send these messages to them?)
3. If you aren’t using an email marketing system like MailChimp or Constant Contact, do your homework to decide which one is right for you and then start using it for all of your email marketing communication. These systems have built-in checks and balances to help you with CASL compliance, so although they can cost money to use, they are totally worth it.

If you haven’t previously been using an email marketing system like this, then chances are you don’t know if you have proper consent for everyone on your list, and you likely don’t have a record of how that consent was received. Don’t panic! Here’s what you should do:

1. Refer to #3 above and choose the email marketing system that’s right for your business.
2. Export your current email list in a .csv file format and upload it to your chosen email marketing system.
3. Create an opt-in campaign/message that clearly tells everyone what kind of messages they can expect to receive from you and asks if they would like to opt-in to continue to receive these kinds of messages.
4. Anyone who opts-in will be funnelled to a new list or lists, and anyone from the original list who didn’t opt-in can be scrubbed (removed) from your system.
5. You should be left with a clean list of people who have given you express permission to connect with them, AND you will have a record of how you obtained that permission.

See? CASL isn’t THAT scary

CASL is a lot to take in, and if you haven’t been giving your e-communication any thought, it can also be a lot of work to get on track, but the alternative – hefty fines and/or? – is probably a lot worse. It’s worth the time and effort to ensure your company communications are compliant. We hope that this has helped to break down CASL into something that feels a little less scary and a little more doable. If you do have any further questions or need any other clarification, don’t hesitate to reach out to us. We’re here to help!