The new Canadian Anti-Spam Law (CASL) is coming into effect July 1. There is time to comply – until Jan 2015 to be exact. It does not hurt to go through an internal checklist at this time, and we recommend some housekeeping to ensure that enforcement will not cacth you blindsided.
If your organization is like most businesses, you are not offering installed software or are in the business of transmitting data. Thus, the only relevant section of CASL are related commercial electronic messages (CEMs).
Generally, CEMs are now subject to opt-in regulation, I.e. the recipient should expect the email/text message/chat and consent to receiving it. Such consent can be given expressed and implied. Current practices of person-to-person email are typical business communication and should be monitored to ensure that they fall under the exceptions for the rule. Compliance preparedness involves spending some time to do basic housekeeping:
1. Catalog your current practices of communication to identify exceptions (there are many):
- Implied Consent (existing business or non-business relationship, or public contact info)
- Quote or estimate as requested (RFP, etc)
- Subscription or membership
- Employment-related emails
- Product/Service Information
2. For the non-excepted CEMs (newsletters, broadcasts, etc), ensure that:
- Unsolicited CEM are only sent to opted-in recipients (consent)
- Any email database you already have and are using for CEM should be checked that you have consent for each entry. You have time to get consent, but should follow CASL-approved wording on requests for consent.
- Express consent gathering follows a proper process, keeping the evidence of consent on file.
- CEMs have CASL-compliant content in them. This includes:
- disclosure (why you are contacting recipient)
- opt-out (= unsubscribe) link.
To summarize, what an enforcement auditor would look for is that the right processes and data management systems are in place in your organization. Having proper data management, a solid customer relationship management (CRM), and Content Management System (CMS) in place are important tools and systems that any auditor would look for.