Main Requirements Of CASL:
Although CASL’s roots might have been as a weapon against spam, it’s resulting implications extend to all businesses, even those who have been abiding by common best practices. Here are some of the key highlights of CASL:
- Multiple rules about consent. A key focus of CASL is detailing the exact ways you can acquire consent to send emails. Moreover, it makes consent an absolute requirement in most scenarios.
- Requests for consent must also include a statement that the person can withdraw their consent at any time.
- When obtaining consent, it must be an affirmative action. This means you cannot pre-check form fields to obtain legitimate consent.
- Your message must have a working unsubscribe mechanism. If someone requests to be unsubscribed it must be processed within 10 days.
- Unsubscribes cannot be reconfirmed. So, there is no sending of “Are you sure you want to unsubscribe?” e-mails.
- No misleading or false subject lines or sender names. You must make it very clear who you are when collecting data and when sending messages.
- Must include a physical postal mailing address and one additional way to contact the sender (e.g. web form, email address or phone number). PO boxes are accepted as a valid address.
- When sending on behalf of another organization, that organization must be identified.
- If you send an initial email to someone based on a referral, the person who made the referral must be stated in the message.
The implications for companies is that significant changes will need to be made to their existing databases as well as the procedures (both online and offline) for when data is added to mailing lists.
Exemptions From CASL
While most organizations will be impacted by CASL in some form, there is a detailed list of items that are exempt from CASL’s reach.
One primary complaint about CASL is that the regulations are so broad that it requires a long list of exemptions. This opens up the criticism that it is impossible to imagine every specific scenario that warrants an exemption to ensure it is included. Nonetheless, it does make these exemptions an important part of the law.
The following scenarios are exempt from CASL’s consent and form/unsubscribe requirements:
- Messages sent by an individual to an individual recipient with whom the sender has a personal or family relationship. (Industry Canada has specific definitions for each type of relationship.)
- Messages sent to a person that relates directly to an inquiry for commercial goods and services.
- Interactive two-way voice communications (e.g. telemarketing), faxed or messages sent by phone.
- Messages sent by an employee, representative, consultant or franchisee of an organization to another employee, representative, consultant or franchisee of the same organization (i.e. internal communications) which concern the activities of the organization.
- Messages sent by an employee, representative, consultant or franchisee of an organization to an employee, representative, consultant or franchisee of another organization (i.e. business-to-business communication), as long as the organizations have a relationship and the message concerns the activities of the organization to which the message is sent.
- Messages sent in response to an individual's request, inquiry or where the message was solicited by the person receiving the message. This is largely the “email reply” exemption.
- Messages sent in regards to a legal obligation or to enforce or provide notice of existing/pending legal rights or actions.
- Messages sent and received on a social media platform, if the information and unsubscribe function are readily available on the user interface through which the message is accessed. In addition, the person who was sent the message consents to receive it either expressly or by implication.
- Messages sent by a person who reasonably believes the message will be accessed in a foreign country that is on the list of accepted countries that maintain their own anti-spam laws. (view country list)
- Messages sent by or on behalf of a Canadian registered charity (as defined in the Income Tax Act), assuming the message is primarily about raising funds for the charity. Note that these organizations in other countries (i.e. U.S.A.) are not exempt. It is also important to highlight that it is only registered charities, so other organizations that conduct fundraising initiatives that might even issue donation receipts are not included in this exemption.
- Messages sent by or on behalf of a Canadian political party or organization, or a person who is a candidate for publicly elected office, assuming the message has the primary purpose of soliciting a contribution as defined in the Canada Elections Act. Note that these organizations in other countries (i.e. U.S.A.) are not exempt.
Differences Between CASL And Can-Spam Act
CASL isn’t just an “email” law (similar to the American CAN-SPAM Act of 2003), it covers other digital channels such as text messages (SMS) and installed computer programs. That means becoming CASL-compliant isn’t an exercise focused exclusively on email mailing lists, but other databases as well.
While the Can-Spam Act is based on an opt-out model, CASL is on the complete opposite side and based on the opt-in model. This means that under CASL, emails can only be sent when the recipient, through implied or express consent, requests the email, whereas under Can-Spam the messages can be sent until the recipient requests they stop.
One other difference is that CAN-SPAM only applies if the email has a primary intent that is commercial. CASL applies if there is any commercial activity encouraged. A good example of this is a transactional message that follows a customer purchase. A business may send them an email that summarized their recent transaction along with a secondary marketing message, such as other products they may be interested in. CASL would apply to this message because there is some commercial activity encouraged, where CAN-SPAM would probably not apply since it’s not the primary reason for the email.