Login Contact Us
Speak to an Email Marketing Expert
877-789-ELITE (3548)
Email Marketing > Learning Center > CASL (Canada's Anti-Spam Legislation) > How To Prepare For CASL

How To Prepare For CASL

CASL is coming! CASL is coming!
What should you do?
Don’t panic, calm down. Take a deep breath.

This guide will walk you through all the important steps to get you from where you are today all the way through to the magical land of CASL compliance.

Step 1: Know The Date

Go into every calendar you look at, whether it’s your Outlook calendar, Gmail calendar, or that good ol’ paper calendar on your bulletin board and put a note for July 1, 2014 with CASL in big bold letters.

Everything you do from this point forward is to get ahead of the July deadline so that once CASL goes live, your organization is in good shape.

While there is a transition period that applies in certain scenarios, you don’t really want to have a game plan based on special exceptions, your goal is to be fully compliant.

Step 2: Get Out That Rage

If you’re like most marketing folks, shortly after circling July 1 on your calendar, you are going to be pretty mad about all the new work you have to do related to CASL and you’ll probably be fairly angry at those lawmakers in Ottawa.

Get that all out of your system. Take a few minutes to bang your desk, raise your fists in the air, shout out some curse words, and any other action that you should probably do with your office door closed.

You don’t want to be harboring this rage going forward since you want to be focused on what you have to do, not being mad that you have to do it.

Step 3: Internal Awareness

At this point, you’ve read this entire guide so you are equipped with an abundance of CASL knowledge. But, most people in your organization probably don’t have a clue about this game-changing legislation. Now is the time to fix that.

Bring everyone in the organization, from senior management all the way down, up to speed on what’s happening. You don’t have to get into the nitty-gritty details, but you do want to put this on everyone’s radar so they are not completely caught off guard later when you start talking about changes, revised workflows, etc.

Step 4: Identify Key Players In Your Organization

CASL has very broad rules that can impact many parts of your organization and all of them need a detailed review.

Take a moment and figure out whom in your company is involved in some way with something that would be affected by CASL.

If you’re a small company, then it may just be you, but in a bigger company, this could involve people in marketing, sales, HR, etc.

The benefit to building your team of internal CASL compliance superheros is that you can be much more confident that nothing will get overlooked or slip through the cracks. You don’t want to risk making your marketing department compliant, while completely ignoring all the emails the sales department is sending.

Step 5: Initial General Assessment

Pull out the fine-toothed comb because it’s now time to look at every aspect of your organization to pinpoint the areas where CASL can have an impact.

The key things you want to identify are:

  • Online data capture (e.g. mailing list signup forms, landing page forms, lead generation forms, etc.)
  • Offline data capture (e.g. trade shows, phone leads, received business cards, etc.)
  • Offline forms (e.g. registration forms, etc.)
  • Existing mailing lists
  • CRM (customer) databases
  • Current triggered emails (e.g. welcome email, confirmation email)
  • Current email campaigns (including engagement metrics)
  • Current manually sent emails
The list of items you identify here will ultimately form key things on your to-do list.

Step 6: Deep Dive into Existing Databases

It’s now time to take a good long look at all of our existing databases.

If you’ve been following email marketing best practices, you may have a large contingent of subscribers that have already given you express consent as defined by CASL. Industry Canada has clearly stated that express consent that is compliant with PIPEDA will also be compliant with CASL. The interpretation of this is still a bit murky, so if you want to be extra cautious you can treat everyone on your database like they have not given you express consent.

But, if you want to try to shuffle some people into the “express consent” group, here is an example of what a typical Elite Email customer would look for:

  • You have put a mailing list sign up form on your website.
  • The form is clear that people are signing up to receive emails from you and it clearly identifies that your organization is going to be the sender.
  • The form in no way tricks people to join your mailing list by having a sneaky pre-checked checkbox that opts them in.
  • Upon form submission a welcome email is sent to the supplied address.
  • The welcome email contains a confirmation link (for double opt-in) that the new subscriber must click.
  • Throughout this process, your email marketing system has captured the date/time of the new sign up, along with the subscriber’s IP address.
  • At no point did this subscriber unsubscribe (automatically by clicking a link or by emailing you) or request to be removed from your database.
If at this point, you feel you have concrete evidence that a subscriber explicitly requested your emails, then you can treat those people as CASL-compliant.

Create a new segment of your mailing list for these subscribers and make sure they are removed from the “everyone else” group of addresses that are not compliant.

You now have a nicely defined database of those addresses that will require further confirmation. You’ll come back and use this data again very soon, but let’s keep heading down the ‘getting organized’ path first.

Step 7: Customers with Implied Consent

In Step 6 your goal was to find people who had given you express consent. Now in Step 7 it's time to look for implied consent. Realistically, you want to get express consent from everyone, but identifying implied consent is important because it means you can continue emailing them even while you work towards getting express consent.

Plus, with CASL’s special transitional period, you can have three full years before the implied consent expires. That’s a very long time and isn’t something you want to miss out on!

Hopefully you have a CRM system that tracks the date of a customer’s last purchase (or contract). This is very important because CASL builds a window of implied consent based on that date. If you’re not tracking last purchase date, then put a new item on your to-do list: “Track last purchase date”.

The other item you have to determine is whether or not emails are currently being sent to these customers. The transitional period only applies if messages are being sent before CASL comes into effect, otherwise it’s the normal two-year rule. We tackle this in Step 8 to give you an extra edge!

Coming out of this step, your goal is to have a clear picture of which customers qualify as having implied consent. These are the folks you can keep emailing even if you don’t have express consent.

Step 8: Start Emailing Your Implied Consent Contacts Before July 2014

Ready to get a little crafty?

The CASL transition rule that gives you three years for implied consent instead of the typical two years is only valid if you’ve been emailing those contacts before CASL goes live.

So, find everyone in Step 7 who you identified as having implied consent but who you are not currently emailing. Then, go over to your marketing people and tell them that you absolutely need to find something (...something of value!) to email these people. The objective is to get the messages flowing now, so you can secure an extra year to get express consent.

Keep in mind, the focus here is not on going back to every customer you’ve ever had since you really do not want to bother people that you know truly don’t care to hear from you. But rather to find the customers you’ve gotten in the “not too distant past” and start communicating with them.

Once you’ve got those emails going, your CASL timeline now extends further for these contacts, because it’s three years from July 2014.

Step 9: Whip Every Inbound Data Process Into Shape

In Step 5 you did a high level summary of all the areas of your organization that feed in data both online and offline. Now it’s time to make sure every one of those processes follows the new CASL rules.

If you go back in this guide to the section about “Express Consent”, it will show you a clear checklist of items you must have in order for express consent to be valid. Be meticulous because once you come out of Step 9, every new subscriber you get should be CASL-compliant.

This is also the step where you’re going to want to get everyone you identified in Step 4 so that you can double check (...and triple check) that every process has been thoroughly audited. Leave no stone unturned!

Take a good long look at every signup form you have online and make sure you don’t have any pre-checked boxes because that is often a common mistake. Also, look at messages that trigger after the form is submitted (such as a welcome email) to make sure the content lends itself to full compliance.

For processes that happen orally, this is a lot trickier because you have less of a paper trail. If you’re capturing email addresses over the phone, it is generally a good idea to send those subscribers a welcome email right away because then you can capture their click on a confirmation link and that acts as your evidence of express consent. If you’re recording and archiving every call, then having a well-crafted express consent script that the subscriber agrees to will also be valid, but then you have to store and catalog a whole lot of recordings.

Before moving on, take a moment and grab a screenshot of all your online forms. This way you can do one final check that you’ve hit every item on the requirements list and also so you have further evidence of the exact form people would have filled out.

Step 10: Ready. Set. Reconfirm!

This is a very important step because if done effectively, it will salvage the majority of your mailing lists even once CASL is in full force.

In Step 6 you identified those subscribers that have already given you express consent and those that haven’t. Right now you’re going to focus on those that haven’t in an effort to get them shifted over to the other column.

The goal is to send these subscribers an email and get them to click a link that confirms they wish to continue receiving your emails. When they click this link, the date, time and IP address must be tracked, as that becomes your hard evidence for express consent.

Keep in mind, opening your emails or clicking on other links does not qualify as express consent. The subscribers needs to click a link that clearly identifies that they are very clearly requesting to receive your emails.

Looking at some example link text:
“Visit Our Website” == Not even close to express consent
“Click here to confirm your interest in receiving our emails” == BINGO!

There are two core types of re-confirmation messages:

  • Dedicated Confirmation Campaigns
  • Embedded Requests in Typical Campaigns
Dedicated Confirmation Campaigns
This is a campaign where the sole focus is on acquiring confirmation. The email should be very clean and simple with a clear call to action of clicking the confirmation link. There should be very little competing content, which can act as a distraction from clicking that ever-important confirmation link.

While these campaigns can be very effective, you don’t want to overuse them because there’s very little intrinsic value from the subscriber's point of view. One of the reasons they’ll want to continue receiving your emails is because they are of value to them (ie. discounts, information, news, etc.), and yet in an ironic twist, this specific confirmation email doesn’t add all that much value to their day.

If you continually try to hammer these confirmation campaigns at your subscribers, they may not only choose not to confirm, but they may unsubscribe even sooner.

This type of mailing should be treated as a tool in your arsenal, but not one that should be abused.

Embedded Requests in Typical Campaigns
This is a campaign where you are sending out your usual content, but within that message you have an additional call to action for confirmation.

The reason this type of campaign works is because you have time before CASL takes effect to still email everyone on your database without worrying about specific CASL compliance. The goal is to seize the opportunity on every email to move people from lacking express consent to having express consent.

The advantage with these embedded requests is that your email still has the same value it always does in the eyes of your subscriber. You’re not pestering them with a message in their inbox that exclusively asks them to click the confirmation link. This means you don’t have to schedule extra campaigns on your content calendar because every planned campaign between now and July 2014 is acting as a confirmation email as well.

The disadvantage is that since your email is filled with a lot of competing content and calls to action, it makes it more difficult to get the subscriber to click the link you want.

In terms of strategy, a mix of both dedicated confirmation emails and embedded requests works best. You don’t have to just choose one or the other. Take a look at your planned campaigns and map out when you want to send your dedicated confirmation emails. Also, keep track of the frequency at which you are asking people to reconfirm. While that reconfirmation is important to you, it’s also important you don’t frustrate your subscribers.

Remember, from this point forward a key success metric of each campaign is how many confirmations you secured. Don’t neglect your other engagement metrics, but add this one into the mix.

CASL is coming, there is no longer any doubt. With only four months left (from the time of publication of this guide) before the law comes into affect, businesses should start preparing now.

Step 11: Purge Non-Compliant Subscribers Before CASL Goes Live

If you’ve always wanted to be a doctor, now would be the time to say “scalpel please” because you’re about to slice and dice your way through your organization’s databases.

Anyone who has not yet given you express consent and does not meet the criteria for implied consent needs to go.

While this may make you sad, and you should pause to shed a tear, you need to remember that it is for the greater good. Plus, after all your efforts to reconfirm these contacts, if they still didn’t express interest, then there’s a good chance these were not your high value subscribers anyway.

Once you’re done with this step, all of your organizations databases should only have people that are CASL-compliant and all new data coming in is going through a process that will satisfy CASL. In short, this is a milestone moment.

Step 12: CASL Is Here!

The date you’ve had circled on your calendar for so long has arrived.

Pat yourself on the back for doing a great job with all the preparation. Let your boss know you deserve a raise… or at least a trophy of some kind because this wasn’t easy.

Also, equally as important is calling all your other marketing friends who are in a panic and rub it in their face that your organization is sitting pretty. (Just don’t tell them the folks at Elite Email told you to do that!)

Step 13: Document Your Efforts

Take a little bit of time and document everything you have done to become compliant.

If you get into trouble with CASL, but can demonstrate that you made very strong efforts (due diligence) to comply with all the rules and have done everything to obtain proper consent, then that will play a factor in the event a lawsuit comes up.

It’s for this reason that it’s important to track and document everything so you can cover yourself later with a stronger case if things get messy.

This might also be a good time to take a look at your organization’s privacy policy to see if it needs updating.

Step 14: No Deceptive Messages Going Forward

At this point, your organization is in great shape on the consent side of things, but CASL also has rules to prevent sending deceptive messages.

Make sure the people who are responsible for crafting your organization's email campaigns know that there’s a new rulebook to follow which really frowns upon shady activity that tricks people.

Step 15: Keep An Eye On Things

Getting CASL-compliant is one thing, but staying CASL-compliant is another.

You worked hard to get your organization to this point. You definitely don’t want someone to do something that makes things fall out of compliance.

People in your organization may try to work around your new policies, but don’t let them. Be strict! If they question why you are being so strict, remind them of the million dollar fines that exist for violating CASL. They probably don’t want to cover those fines for your organization, so they’ll probably understand why you want to strictly play by the rules.

Elite Email Blog

Get inside information from the email marketing experts at Elite Email. Tips, Tricks and
more to boost your
email marketing.

Elite Email Blog >>>

Let's Get Social!

Stay up to date on the world of Elite Email and email marketing by following us on various
social networks.

Like Us on Facebook Follow Us on Twitter Add To Google+ Circles

Learning Center

Become a true email marketing guru. Sharper your skills and learn new tactics in the most comprehensive resource
for email marketers.

Learning Center >>>