In July 2014, Canada put into effect an expansive and comprehensive anti-spam law, formally known as Canada's Anti-Spam Legislation (CASL). Regarded as one of the toughest of its kind globally, this law was designed with the intent to shield Canadians from the influx of unsolicited electronic communications, which span emails, text messages, and unsolicited messages on social media platforms.
The CASL impacts businesses of all sizes, but for small businesses in particular, the implications are significant. The complexity and stringent nature of this legislation may prove challenging for small business owners who may not have the resources or the expertise to ensure they're fully compliant.
What is CASL?
Canada's Anti-Spam Legislation, or CASL, is a comprehensive set of rules that govern the way businesses can use electronic communication channels to reach consumers.
At its core, CASL requires businesses to gain consent, either explicit or implied, before sending commercial electronic messages (CEMs) to consumers. CEMs encompass any electronic message, including emails, texts, or social media messages, that encourages participation in a commercial activity.
Explicit consent refers to a clear agreement from the recipient to receive CEMs, usually achieved through a direct request and the recipient's affirmative response. This consent can be gained either verbally or in writing, but the burden of proof rests on the business to demonstrate that they have obtained such consent.
Implied consent is a bit more complex and is generally based on a pre-existing relationship between the business and the recipient. This could be a commercial relationship (for example, a previous purchase) or a non-business relationship (for example, membership in a club or organization). Implied consent can also be considered if the recipient has publicly displayed their contact information without specifying a refusal to receive unsolicited communications.
The penalties for non-compliance with CASL can be severe. Businesses found in violation of the law can face fines of up to $10 million per violation. This emphasizes the importance for businesses, especially small businesses, to understand and comply with the requirements of CASL to avoid potentially crippling penalties.
Explicit vs. Implied Consent
Understanding the distinction between explicit and implied consent is key to ensuring your business stays on the right side of Canada's Anti-Spam Legislation.
Explicit consent is fairly straightforward. It is a clear and direct indication from the recipient that they are agreeable to receiving commercial electronic messages (CEMs) from your business. This agreement can be expressed in two ways: orally or in writing.
Oral consent can be given in person or over the phone, while written consent can be acquired via an email, a website form, a physical form, or any other format where the recipient indicates their consent in writing.
Importantly, under CASL, the onus is on the sender to prove that they have obtained explicit consent. Therefore, if you're relying on oral consent, you must have a reliable way to record and store that information.
Implied consent is more nuanced. It's not given directly, but rather, it's inferred from certain actions or relationships. There are several circumstances where implied consent may be applicable under CASL:
- Existing Business Relationship
If you've had a business interaction with the recipient within the last two years, including transactions or inquiries, you might have implied consent to send CEMs.
- Existing Non-Business Relationship
Non-profit organizations, charities, or clubs may have implied consent to communicate with their members or donors.
- Publicly Published Electronic Address
If the recipient's email address or phone number is publicly available—say, on a website or a social media profile—and they haven't associated it with a statement that they do not want to receive unsolicited CEMs, it can be considered as implied consent.
While implied consent might be more challenging to prove, it's equally valid under CASL. As with explicit consent, businesses should maintain robust records of when and how implied consent was established.
Ensuring compliance with CASL is critical for all businesses, but especially for small businesses that could be significantly affected by the penalties for non-compliance. Here are some more detailed steps to help your business adhere to these regulations:
- Obtain Consent
The cornerstone of CASL is the concept of consent. You must always obtain consent, either explicit or implied, before sending commercial electronic messages (CEMs). Develop a systematic and documented process for requesting and recording consent. This could involve setting up opt-in forms on your website, ensuring customer agreements include consent clauses, or maintaining detailed records of business transactions that could imply consent. Remember, the responsibility to prove consent lies with the business, so meticulous record-keeping is crucial.
- Identify Your Business
Transparency is a key principle under CASL. Every CEM sent from your business must clearly identify your business, providing accurate and up-to-date information. This includes your business name, mailing address, and either a phone number, email, or web address. If the message is on behalf of multiple entities, all should be identified clearly.
- Provide an Opt-Out Mechanism
One of the fundamental rights protected by CASL is the recipient's ability to control the CEMs they receive. Therefore, all CEMs must contain a clear and user-friendly mechanism that allows recipients to opt out or unsubscribe from future messages. This could be a link to an unsubscribe page on your website or a reply-to email address where recipients can request to be removed from your mailing list. Once an opt-out request is received, you must honor it within 10 days.
Understanding and implementing these steps will not only help your business navigate the complexities of CASL but also build a reputation for respecting customer preferences and maintaining transparent business practices.
Proper record keeping is not just an essential part of adhering to CASL, but it's also a best practice that reinforces your business's commitment to operating within the law and respecting customer preferences.
Under CASL, businesses bear the burden of proof when it comes to showing that they had the required consent to send any commercial electronic messages (CEMs). If your business is audited or faces a complaint, you'll need to demonstrate that you had either explicit or implied consent from the recipient at the time the CEM was sent. This is where robust record-keeping comes into play.
Your record-keeping system should be comprehensive, including:
- Explicit Consent Records
These could be screenshots of online forms, copies of signed consent forms, or logs of oral consents. Make sure to record the date and manner in which consent was obtained.
- Implied Consent Records
For implied consent based on an existing business relationship, maintain records of transactions, contract agreements, or inquiries. If consent is based on publicly available contact information, keep a record of where and when the information was obtained.
- Unsubscribe Requests
Document any requests to opt out or unsubscribe from your CEMs, including the date of the request and the date your business ceased sending CEMs to that individual.
- CEM Records
Maintain a record of the CEMs sent, including the content of the message and the date sent.
CASL requirements have no specific time limit on how long you should keep these records. As a rule of thumb, considering that complaints can be filed within three years after the date of the alleged violation, maintaining records for at least three years would be a prudent approach.
Through vigilant record-keeping, your business will not only be prepared to respond to audits or complaints but will also demonstrate a clear commitment to complying with CASL's requirements, thereby enhancing your brand's trustworthiness and reputation.
Canada's Anti-Spam Law may seem daunting, but with proper understanding and procedures, your small business can navigate it successfully. This will not only help avoid potential penalties but also build trust with your customers, enhancing your reputation as a responsible business. Remember, when in doubt, always seek legal advice to ensure your practices are compliant.
Please note that this post provides a general overview and doesn't constitute legal advice. Each business has unique requirements and circumstances that may need legal consultation to address properly.