CASL: Spam, Customers, and You

Aug 20, 2014
Categories: Business · Cyber
Staebler blog logo
Staebler Blog Featured Image
CASL: Spam, Customers, and You
In our previous post, we asked this question:
True or False: Employment Practices Liability insurance only protects employers against claims made by past and present employees.
Answer: 
False—but this is a bit of a trick question! EPL insurance actually protects employers against claims made not only by past and present employees, but by any prospective employee as well.
Did you know the answer?
Now for this post’s question!
Is Canada a primary source of email SPAM in Canadian inboxes? 
Check back for the answer in our next post!
Are you prepared for the new Canadian Anti-Spam Legislation (CASL)? This came into effect on July 1st , and there are stiff penalties for non-compliance. We’re going to take a brief look at what this means for you as a business owner, but we also urge you to investigate it on your own to determine the direct effect it will have on your business, and any legal responsibilities you may have.
What is CASL?
The legislation covers Commercial Electronic Messages, installation of computer programs, and altering of transmission data. The CEMs are likely most relevant to you, and refers to anything from emails to text messages with commercial intent sent to a customer, client, or potential client. Yes, this includes your subscriber email list… but more importantly, it includes a sales agent touching base with a client.
It’s as specific as that—a salesperson communicating with a client. That kind of communication probably makes up the bulk of your day-to-day interactions! And as of July 1st, you must have express or implied consent in order to send CEMs to anyone within Canada.
What is consent?
There are two types of consent: express and implied.
Express consent may be given in writing or orally, but you as the business / CEM sender must be able to prove consent upon request. This may be done through a sign-up form (on your website, in person), or with a recorded phone or in-person conversation.
Implied consent can be defined as an existing business relationship (ie. client has purchased from you within the last two years, or made a direct inquiry in the past six months), through a personal business card exchange, or as someone who has “conspicuously published” their email without a statement that they don’t want to receive unsolicited CEMs (though that final point is highly ambiguous).
Note that implied consent also expires after two years (after making a purchase) or six months (after direct inquiry).Once it expires, the onus is on you to receive express consent.
How am I responsible?
It’s up to you to receive either form of consent before sending a CEM within Canada. If someone makes a complaint regarding a message from you—whether it’s a legitimate complaint or not—you need to be able to prove consent from that individual. Perhaps most frustrating for many will be express consent received orally, because the only acceptable proof outlined for that is an “unedited audio recording.”
In addition to consent, any CEM sent out must include clear identification from you, including the business name, full postal address, and email address or phone number. You also need to make it easy and hassle-free to withdraw consent at any time, for example in the form of an unsubscribe link at the bottom of your CEM.
The content of your messages also needs to be truthful and not misleading, which doesn’t tend to be an issue with CEMs originating in Canada—but it’s important to be aware nonetheless. This includes your subject line, ID information, and any links included in the message you’ve sent.
What about social media?
Social media marketing is both covered and exempt from this new legislation, for better or worse. If the message you’re sending has a direct recipient or recipients, then it falls under the CASL legislation. If it’s posted as a general piece of information, it does not.
For example, posting a message to your business’s Facebook page or posting to your Twitter account are not governed by CASL. But if you send a commercial message directly to an individual or individuals via Facebook messaging or Direct Message on Twitter, your communication is considered a CEM.
What are the consequences? 
There are many inherent issues with CASL, and we have yet to truly know and understand how the legislation will be enforced. It may not stand up in its current iteration over the long term, but that doesn’t mean businesses shouldn’t do anything they can to remain compliant as the legislation’s bumps get worked out.
Presently, the CASL has the stiffest penalties of any spam legislation worldwide, with up to $1 million for an individual’s violation and $10 million for businesses/organizations.
You may already be seeing issues inherent in the legislation (ie. how simple it would be for a competitor, irate former employee, or someone with criminal intent to trick businesses into sending CEMs without “full” consent and threaten legal action with the intent of receiving a settlement), but presently, it’s important to be aware of how the legislation works and what you need to do to remain compliant.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Related Posts

Protect Your Property: High Winds

Protect Your Property: High Winds

This article is Part Two of our New Blog Series on protecting your property from natural threats.  Be sure to check back to the Staebler Blog for future articles to help protect your home. Part One: Flooding High winds are an all-too-common threat for property owners....

read more