If you're a marketer for a North American company, chances are high that you send commercial email to consumer or business recipients in Canada. You may be aware, then, that new commercial email regulations are being introduced as law in Canada.
Called the Canadian Anti-Spam Law, the legislation is designed to deter spammers from targeting Canadian consumers and to provide Canadian law enforcement officials with more effective methods for combating malicious senders.
At the core of the new legislation is what Canada defines as "commercial electronic message," or CEM. So what constitutes a CEM? According to the Canadian Radio-television and Telecommunications Commission, a CEM includes any electronic message that encourages participation in a commercial activity, including, but not limited to, offering, advertising, or promoting a product, a service, or a person. The law applies to all businesses or persons sending CEMs, regardless of whether there is expectation of profit.
Regulated messages include common message formats such as email, SMS (text) messages, and instant messages (IMs). Additional regulated message formats or delivery vehicles may include Web applications, websites, blogs, voice over IP, and URLs.
In this article, we'll examine how this new legislation affects commercial messages sent via the email channel.
New Email Sender Regulations
At the highest level, the law requires email senders to be in compliance with four new requirements:
- Consent: You must have express or implied consent to send a CEM.
- Identification: You must clearly identify yourself and the business or organization sending the CEM.
- Unsubscribe mechanism: You must include an unsubscribe mechanism on every CEM sent.
- Contact information: You must provide a way for the recipient to contact you: A physical address and electronic address are required in all your CEM communications
The Complexity of Consent
Identification, unsubscription, and contact information are the more clear-cut of these four basic planks of the new legislation. Perhaps less straightforward is consent.
What is consent, in both of its forms, and how can you or your organization ensure you are in compliance with Canadian regulations around consent?
In its most basic form, consent means that the recipient has indicated a willingness to receive commercial messages from you or your business. Consent can happen only before you send an email.
There are two primary forms of consent under the new law: express and implied.
- Express consent requires senders to clearly and simply provide the purpose for which consent is being sought. In return, the receiver provides an email address for future communications.
- Implied consent applies to messages when (1) a recipient has existing business relations with you or your organization, or (2) a recipient has disclosed an address online publicly without stating an unwillingness to receive CEMs.
Implied consent can also include the following:
- Messages sent within a business (they must be related to your business)
- Messages sent in response to a requests
- Quotes or estimates
- Receipts
- Security information (recalls, warranties, etc.)
- Ongoing usage with your business (recurring purchases)
- Service upgrades or updates
- Product deliveries
Under the new regulation, if a new recipient does not become a client or customer, their implied consent remains valid for only six months after being implied. Similarly, if an existing client or customer does not purchase future products or make future subscriptions, implied consent expires after two years.
The law also permits you or your organization to gather consent via third parties. For example, you may have a partnership with a company that offers related products and services. You can remain in compliance as long as all parties follow the basic guidelines outlined earlier and as long as the recipient is directly made aware of the potential to receive third-party emails. This situation would also require all parties using an email list to unsubscribe an address at the same time.
Information Storage and Documentation
The new law also requires all CEM senders to store certain information for every recipient address, including the following:
- The type of email opt-in (paper, landing page, signup, etc.)
- An example of signup webpage (if applicable)
- The date a recipient opted in
- The connecting IP address (if applicable)
As you or your organization makes the changes required to comply with Canadian law, it may be wise to audit you opt-in and documentation process. As a starting point, you may want to examine where and how your organization stores opt-in data, what type of opt-in data you store, where the master record is kept, and whether you make and keep back-up copies of this record.
Your organization should consider sending a campaign to Canadian receivers informing them you can email them only with express consent, which they can provide by clicking on the link you are providing in the email. This approach is similar to reconfirmation campaigns.
Compliance Timeline and Additional Information
For any organization sending to Canadian recipients, the legislation requires that businesses make these changes for all new mail recipients. For existing email subscribers, organizations have until July 1, 2017 to bring their email programs into compliance.
For more information, visit CASL's website and access the full text of the CASL.
