Canada has enacted a new Anti-spam law that covers CEM, commercial electronic messages. CEM is not limited to email, but also includes text messaging, social media, and instant messaging. If you have customers or clients in Canada you need to take note of the important facts of this issue. The law makes sending commercial messages to a Canadian resident without their express consent very costly. According to the legislation, the maximum penalty per violation for an individual is $1 million per violation, and for a business, it is $10 million. The Act will begin to take effect on July 1, 2014 when most of the Act comes into force. Once the law is in force, it will help to protect Canadians while ensuring that businesses can continue to compete in the global marketplace. The law only effects messaging that is clearly commercial and there are plenty of exceptions to allow for businesses to continue to conduct business in a competitive marketplace. Hopefully I can help summarize some of the main points but I no way suggest my blog post is exhaustive and encourage you to go straight to the source and make sure you have a handle on this for the security and well being of your own business.
Any email going to a computer in Canada or being generated from a computer in Canada is affected by the new Canadian anti-spam legislation. So if you do business with companies or industries in Canada eh then you need to take note of this law. By no means is this post comprehensive enough to cover all the details of a the Canadian anti-spam law but I do want to point on some key factors and some resources where you can find out more for yourself.
First, under CASL, commercial electronic messages must meet three general requirements in order to not be considered spam.
1. You must have consent. Consent can be implied or explicit.
2. The email must contain identification of the sender i.e. company name, logo, phone number address, etc.
3. The email must have an unsubscribe mechanism in the email
*as with anything there are exceptions to these rules
Now take for instance the implied aspect of the first rule. You can consider that you have implied permission to email someone about your company or product if, for instance, you meet someone at a trade show and they give you their business card that contains their email address. Then the burden is actually shifts to them to take away the implication by saying something like “Here is my card but please don’t email me.” However, that is hard to remember if you are at a busy networking event where you are collecting copious amounts of contact info and leads. Under this new law I find a quick way to mark that card with reminder before slipping into your pocket. Maybe an X in the corner or if you have time jot down “do not email” on their card. In this case you are talking about opening up your organization to legal ramifications so you cannot take the stance “it’s easier to get forgiveness than it is permission.
Some let me offer some suggestions to help you comply and mind you this is by no means a comprehensive list nor am I advising you to do any of this without examining the issue for yourself. Here at Presco we use Mailchimp (whose terms of service are sometimes more stringent then what is in CASL) and they have a great post addressing CASL for their users. So some suggestions to begin the process of compliance.
1. Clean up your database.
2. Use a service such as Mailchimp or Emma (they come with built in analytics and built in protection that is going to automate your compliance.)
3. Do your best to read and understand the in’s and out’s of CASL and talk to your companies legal aid if you have questions that don’t seem to be answered in what you find.
I hope this helps and I strongly encourage you to go research CASL for yourself. One last source is the ZoomInfo webinar you can participate in.