Listen to this post.
A few years ago the Canadian federal government passed a new law – Bill C-28 – the Electronic Commercial Protection Act. It’s taken a while to get itself organized but the new law takes effect July 1st 2014… that’s not too far off. The law, sometimes referred to as CASL – Canadian Anti Spam Legislation – has been described as draconian by some and confusing by others. Still other have applauded it as a massive step towards consumer protection. So what – you say. Well if you are a business owner, marketer or salesperson who uses any kind of electronic communication to connect with customers or prospective customers AND you don’t have a million bux to spare… well you should pay attention!
The cost of not knowing
Three federal agencies will be ensuring compliance with the new law – The Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner of Canada. From the legislation, it looks like the CRTC will be able to fine individual violators up to 1 million dollars and corporations may be fined up to 10 million per occurrence. Ouch!
You can read the details of the legislation on the official site or on the slightly friendlier official site. No really, you need to read the full legislation and then maybe go see a lawyer, depending on how much of your business relies on email marketing, content marketing or online prospecting.
This law is complex with lots of exceptions. For example it looks like political parties and charities will be exempt and if you have an existing two-way relationship i.e. co-workers and family, you should be ok to email them. It also looks like you are ok to email the business contact that gave you his/her business card – just be extremely fastidious about documenting that you were given the card and invited to email him or her. Ya, right… sales folks documenting… hmmm
The upside is that it also looks like the CRTC will not go after you or your business unless there is a complaint – so be really, really nice to everyone from now on, just in case.
The gist of new law
First I am not a lawyer and this is not legal advice. I am still trying to wrap my head around the greyer areas of this legislation myself. So take the following as a place to start and with several grains of salt.
This new law, as it applies to online or digital marketing – there are other parts to this legislation that apply to other things – is based on consent. In many ways it’s permission marketing at it’s finest. The very basic message is that you can only send commercial electronic messages (CEM) in digital format, to people that have given you either express consent or implied consent. Recorded voice and faxes are not included but pretty much everything else is, including text and SMS.
Express consent – has to be clear, ask for an opt-in to specific types of communications – consent can be written, electronic, or verbal (keep records!)
Implied consent – applies if you have an existing business relationship – current customers within past 24 months, people who have made an inquiry within the past 6 months – best to get express consent as soon as possible
Exceptions – if you find an email address on a public website and they have not stated that they don’t want to receive unsolicited communication then you can contact them provided the contact relates to their official capacity
Referrals – you can send one message to someone that has been referred to you as long as they have an existing relationship with the person you get the referral from and you identify the referrer in the message
Proper sender identification – in all cases you need to include who you are, the physical address of your business (could be a PO box if you run a home based business), your contact information and a functional unsubscribe option
In Canada, to Canada – if you send an email to an American prospect who has not opted in but has not opted out (the US as opt out legislation) and that person is in Canada when they receive your email – you are in violation of the law
Due diligence – there is wording in the legislation that suggests that as long as you are exercising due diligence you will be ok. That also means you have to be diligent and clean your email list and not be spammy
Some examples
Business card drops – You have a bowl set up for a prize draw and ask people to drop their business card in for a chance to win. You can still do that but can you use those email addresses or phone numbers to send emails or text messages intended to solicit business. Maybe You could email the winner… I think.
Pre ticking an opt-in box – Don’t do it. The example at left is from the CRTC website. Note that the box is not pre-ticked and there are clear links to the company’s privacy policy.
Undated signup forms – If you use a paper document that asks for customers to sign up for your email letter, the document they signed up on has to clearly define what they are signing up for and it ought to be dated AND you ought to keep that original document.
Sending LinkedIn inmail and Facebook mail and maybe even DMs on Twitter – The law applies. Does not appear to apply to public updates however.
Need more information?
There are some really good things about this legislation and there are some things that are really unclear. Fortunately there is a lot of information available online.
I found this great webinar on YouTube. The video features Shaun Brown, @emarketinglaw on Twitter, a lawyer, author and privacy expert explaining CASL ins and outs. I have to say I found Shaun’s group blog to be really interesting and useful, so do check it out. Constant Contact has a one page cheat sheet well worth a look also.
So what do you think? Confused? Ready for it all? Let me know and please, if you have a clear and easy to understand resource, share it in the comments or in a tweet to @justinsite or @jamiebillingham