Managing the message Canada s new anti-spam law sets a high bar



Similar documents
Crawford Chondon &Partners LLP. Is your Business Ready for Canada s Anti Spam Law?

Managing the message. Businesses brace for new digital marketing compliance requirements

Canada s New Anti-Spam Regime: Guidance for Your Organization

Anti-Spam Toolkit February 2014

Canada Anti-Spam Legislation: Obligations and Opportunity. Presenters: Matthew Wansink Chris Bakker

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

Guidance on Canada s Anti-Spam Legislation (CASL) for REALTOR Members

CASL Compliance: A Primer on Canada's Anti-Spam Legislation. Whitepaper by David O. Klein, Esq.

Unsolicited Electronic Messages Act 2007

A SIMPLIFIED EXPLANATION OF CANADA S NEW LAW ON SPAM

PRIVACY, ANTI-SPAM AND YOUR BUSINESS: WHERE DO WE STAND? Presented by: Cameron Mitchell B.A., LL.B.

New Rules for Telemarketing and the National Do Not Call List Telecom Decision Important Implications for IIAC Members

SERVICES ADDENDUM TO EULA

AN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.

Privacy, Data Collection and Information Management Practice Team November 13, 2003

Privacy Law in Canada

CAN-SPAM Policy & Data Verification Guide

Privacy by Design Setting a new standard for privacy certification

ANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON

Personal Information Protection Act. Information Sheet 12: 1. Service Providers Outside Canada: Notification, Policies and Practices

Spam Act 2003: A practical guide for business

CANADA S ANTI-SPAM LEGISLATION THIRD PARTY CONTRACTS

EMERGING ISSUES THE CANADIAN ANTI-SPAM LEGISLATION. BDO Connections - The Canadian Anti-Spam Legislation Page 1

THE ANTI-SPAM REGULATORY POLICY FRAMEWORK FOR THE KINGDOM OF SAUDI ARABIA

and Text Message Campaigns. Justine Young Gottshall Partner, InfoLawGroup

Quick help guide on upcoming antispam legislation and your parish

Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP

Regulatory Policy. Unsolicited Electronic Communications

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

How To Comply With The Can-Spam Act

THE CASL COUNTDOWN. Your week-by-week checklist to ensure your organization is CASL-ready for July 1st

THE NATIONAL DO-NOT-CALL LIST. Information for REALTOR members

Marketing: CAN- SPAM Act Compliance

Exercising Your Right of Consent to and Opt-out from Direct Marketing Activities under the Personal Data (Privacy) Ordinance 1

Data, Privacy, Cookies and the FTC in Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

SAMPLE CLAUSES FOR OBTAINING AND WITHDRAWING CONSENT 08 MAY 2015

940 CMR: OFFICE OF THE ATTORNEY GENERAL

NATIONAL DO NOT CALL LIST

Western Union Money Transfer Service User Agreement

Anti-SPAM Policy v

CITIZENS MEDICAL ALERT SERVICE AGREEMENT

APPENDIX B. SUMMARY OF COURT ORDER ENTERED IN FTC v. IRA SMOLEV, ET AL. FOR DEFENDANT BRUCE TURIANSKY ON DEFINITIONS

Question 2: Deloitte s Response:

MISLEADING ADVERTISING GUIDE

The DMA s Analysis of Can Spam Act of 2003

Terms and Conditions

Data Protection Good Practice Note

Zeanz Ltd shall not be responsible for any malfunctions, errors, crashes or other adverse events that may occur from your use of the Site.

Taking care of what s important to you

Best Practices A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER

ADMINISTRATIVE PROCEEDING BEFORE THE SECURITIES COMMISSIONER OF SOUTH CAROLINA

Website Privacy Policy Statement

Municipal Lobbying Ordinance

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

FinCEN Issues Notice of Proposed Rulemaking that Would Extend AML Requirements to Registered Investment Advisers

Privacy Law in Canada

Transcription:

Managing the message Canada s new anti-spam law sets a high bar

According to a recent Deloitte poll, only 13% of organizations say they understand CASL requirements and have begun to apply them to their business. Contents New laws target electronic communications...1 Enforcement...2 Consent...4 Exceptions & compliance...6 Contacts...9 ii Managing the message Canada s new anti-spam law sets a high bar

New laws target electronic communications Canada s Anti-Spam Law 1 (CASL), is coming into force in 2014, will be one of the toughest of its kind in the world. Texts, tweets, Facebook posts and emails will all fall under its purview. In fact, CASL and its regulations will apply to any electronic message sent in connection with a commercial activity, even if it is sent without the expectation of making a profit. Simply encouraging participation in a commercial activity is enough to get caught by this Act. Consent is a key feature of CASL. According to the new law, Canadian and global organizations that send commercial electronic messages (CEMs) within, from or to Canada need the permission of their recipients to send those messages, with very limited exceptions. This is in stark contrast to the US anti-spam law, which allows CEMs to be sent without permission until a recipient opts-out. The result? Organizations will need to amend their electronic marketing practices and update their customer relationship management databases to comply with CASL s stricter consent model. Are you prepared to comply before CASL comes into effect? Managing the message Canada s new anti-spam law sets a high bar 1

Enforcement A focus on enforcement The Canadian Radio-Television Telecommunications Commission (CRTC), the Privacy Commissioner of Canada and the Competition Bureau will all play a role in enforcing CASL. In addition to sharing information among themselves, these agencies can coordinate with foreign jurisdictions to pursue violators. Organizations that don t comply risk serious penalties: Up to $10 million per violation for corporations Criminal charges for organizations that make false or misleading representations regarding the sender or subject of a CEM Civil charges enabling businesses and consumers to seek damages of $200 per violation, to a maximum of $1 million per day Personal liability for company officers and directors who knowingly infringe the law Vicarious liability for companies whose staff don t comply Investigation of spam messages, which recipients can send to a Government of Canada reporting centre. Activities related to phishing, email harvesting and the use of spyware/malware will also be investigated Private-sector bids closed [January 6] on helping the government to establish and operate a facility that observers say is desperately needed to meet international standards and eliminate Canada s reputation as a spammer haven. Montreal Gazette, January 5, 2012 2 Managing the message Canada s new anti-spam law sets a high bar

More stringent rules on the way Before CASL Organizations could send a CEM based on express or implied consent as long as the recipient had the option to opt-out After CASL Organizations need express consent from recipients before sending a CEM using opt-in; implied consent applies in limited circumstances You could add recipients to your list by simply pre-checking a box to opt-out Recipients must indicate a positive and explicit consent by checking a box or typing an email address into a field Organizations could bundle requests for consent with the general terms and conditions of use or sale You need express consent separately for each act regulated by CASL, such as sending a CEM, altering transmission data in CEMs or installing a computer program on another person s computer, and that consent can t be bundled into the general terms and conditions of use or sale According to a recent Deloitte poll, only 22% of organizations have a customer relationship management (CRM) system equipped to handle CASL. Managing the message Canada s new anti-spam law sets a high bar 3

Consent What constitutes consent? To send a CEM, organizations need to get express consent either orally or in writing and the onus to prove consent rests with the sender of the communication. Oral consent can be verified by an independent third party or with a complete and unedited audio recording. Written consent can be paper-based (e.g. filling out a consent form at the point of sale) or electronic (e.g. checking a box on the web or an app), as long as you store the date, time, purpose and manner of consent in a database. But there s a catch: once CASL comes into force, you can t send an electronic message requesting consent because it will be considered a CEM. Beyond the basics Although not a requirement of CASL, the CRTC expects organizations to confirm a recipient s consent if obtaining electronic consent. This type of double opt-in imposes an additional responsibility on organizations to not only obtain express consent, but to notify individuals that their consent has been obtained. To comply with CASL, you must provide recipients with: The name of the person or organization seeking consent A mailing address and either a phone number, voice message system, email address or website where recipients can access an agent for more information, and which remains valid for at least 60 days after the CEM is sent A statement identifying the person on whose behalf consent is being sought The identity and contact information of any third party or affiliate used to obtain the recipient s consent A free unsubscribe mechanism that takes effect within 10 days maximum giving recipients two ways to electronically opt-out of communications, such as by email or hyperlink The ability to opt-out of all types of communications sent by either your organization or a third party partner (e.g. not just newsletter lists, but also invitations to seminars or any other type of CEM you send) If you re seeking express consent, you also need to explain why you re contacting the prospect, in addition to including all the mandatory contact information and providing an unsubscribe mechanism. If you can t include this information in a CEM, you ll need to provide a link to an easily accessible web page that clearly displays this information. 4 Managing the message Canada s new anti-spam law sets a high bar

Consent can be implied but only in certain circumstances 1If your organization sends a CEM in the context of an existing business or non-business relationship. An existing business relationship is one where the recipient has: bought or leased a product, good or service from your organization been involved in an investment or gaming opportunity with your organization entered into a written contract with your organization in the last two years made an inquiry or application to your organization in the last six months An existing non-business relationship is one where the recipient has: made a donation or gift to a registered charity or political organization volunteered with the charity or political organization in the past two years been a member of the organization s club, association or not-for-profit volunteer association in the last two years 2If recipients conspicuously publish their electronic contact information without indicating they don t want to receive communications. This publication exception applies when you get an email address from a published directory, on a corporate website or through a social media site, as long as the CEMs you send are relevant to the recipient s business, role, functions or official duties (e.g. an invitation to a seminar or information on new industry rules). 3If recipients voluntarily disclose their email contact information to the sender without indicating they don t want to receive communications. This exception would apply if a recipient provides your organization with a business card, as long as the CEMs you send are relevant to the recipient s business, role, functions or official duties. Implied consent expires in six months if a prospect doesn t become a client and in two years if an existing client doesn t buy something new or doesn t renew their subscription, loan, account or contract. Managing the message Canada s new anti-spam law sets a high bar 5

Exceptions & compliance There are exceptions In limited cases, you don t need express consent to send a CEM although you still need to provide recipients with all mandatory information required by CASL. You don t need express consent where the CEM is solely intended to: Provide a quote or estimate in response to a request Facilitate or complete a commercial transaction Provide warranty, product recall or safety alerts about a product Provide factual information about the ongoing use of an existing product, service or good or an ongoing subscription, membership, account, loan or similar relationship Provide information about an employment relationship Deliver a product or service (including upgrades) And CASL doesn t apply at all when sending CEMs to family or friends or when responding to inquiries or applications. The key to compliance Updating your electronic databases to manage consents and unsubscribe requests can be a complex task. But it also promises to yield rewards that extend far beyond compliance. As you update your digital marketing practices, you can establish more meaningful communications with your customers and prospects ones that are solicited and anticipated in accordance with CASL. Review your current state Examine your current consents, unsubscribe methods and electronic communication practices, as well as cross-marketing initiatives with affiliates, to identify compliance gaps. Consider establishing an internal CASL working group comprised of individuals from marketing, event planning, IT, legal and privacy to identify enterprise-wide processes. Develop an implementation plan Depending on the extent of online marketing and business development your organization conducts, reaching a ready-state for CASL can take weeks or months. For example, if you have various teams who contact prospects in different ways (e.g. email, social media, event marketing), you may need to establish a central do not email list to enable recipients to opt-out of all CEMs across the organization. Get express consent Express consent never expires unless it s revoked, so it makes sense to convert your implied consents into express consents. This means getting consent from recipients on an opt-in basis. As an added benefit, going through this exercise lets you refresh older contacts and re-establish relationships. 6 Managing the message Canada s new anti-spam law sets a high bar

Make it stick To ensure ongoing compliance, consider appointing a CASL officer to oversee compliance, review online communications, monitor consent and business contact practices, train staff to understand their responsibilities and implement appropriate procedures and policies. Training is particularly critical for organizations that send out different CEMs by region or business unit. By taking this step, organizations may be able to rely on the due diligence defense to avoid liability under CASL. According to a recent Deloitte poll, 71% of organizations expect it will take a medium to high effort for their compliance and marketing teams to comply with CASL. Does CASL apply to you? Step 1 Inventory of customer and prospect touchpoints and related CEMs Is message electronic? Sent by any means of telecommunication e.g.: 1. Text 2. Sound 3. Voice 4. Image 5. Email Does sender and recipient have a personal or family relationship? Is the sender an individual with a personal relationship or family relationship with the recipient? Is CEM sent from or received by computer systems in Canada? Message sent from a computer system located in Canada or message accessed by a computer system (e.g. electronic messaging device) located in Canada Is the sender engaged in commercial activity? Commercial activities include any transaction, act, conduct or regular course of conduct of a commercial character including not-for-profit In-scope CASL applies Proceed to step 2 Out-of-scope Is not subject to CASL: Okay to send Managing the message Canada s new anti-spam law sets a high bar 7

Are your messages safe to send? Step 2 Does the message qualify for implied consent by virtue of: Does the message consist solely of: Has the recipient expressly consented to receiving the CEM? 1. The message is sent in the context of an existing business relationship 2. The recipient has conspicuously published his/her email contact information, relevant to the person s business, role, functions or duties in a business or official capacity; or 3. The recipient has disclosed his/her email contact information without indicating they do not wish to receive communications and the message is relevant to the person s business, role, functions or duties in a business or official capacity. 1. Providing a quote or estimate for the supply of a product, good or service, if the quote or estimate was requested by the recipient; 2. Facilitating/completing or confirming an existing commercial transaction between the parties; 3. Providing warranty, product recall or safety information about a product or service that the recipient uses, has used or has purchased; 4. Providing notification of factual information about an ongoing subscription, membership, account or loan; 5 Providing information directly related to an employment relationship or benefit plan; or 6. Delivering a product, good or service, including upgrades, further to an existing relationship. Do not send Is the identity and contact information of sender and unsubscribe mechanism provided? Okay to send Get it right, right now As Canada s regulators crack down on spam and other forms of commercial electronic messages, organizations in every sector will be affected. To avoid monetary penalties, civil liability and the risk of reputational damage, it makes sense to comply with CASL early. The key is to start obtaining consents now, before your CEMs are deemed spam once CASL comes into force in 2014. In most cases, this means getting new or refreshed consents from individuals on an opt-in basis. The clock is ticking. Be sure to respond quickly. 8 Managing the message Canada s new anti-spam law sets a high bar

Contacts Deloitte can help you get ready for CASL before this new law comes into force. To find out how, please contact: Sylvia Kingsmill Senior Manager, Enterprise Risk skingsmill@deloitte.ca (416) 643-8238 Endnotes 1 An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, S.C. 2010, c.23 This POV summarizes the anti-spam requirements under CASL, which incorporates the draft regulations passed by Industry Canada in the summer of 2011 and the draft regulations finalized by Canadian Radio-Television and Telecommunications Commission (CRTC) in March 2012, as well as recent CRTC implementation guidelines published in October 2012. However, Industry Canada is expected to release a second version of draft regulations exempting certain activities from being deemed spam, which will be subject to a 30-day public consultation period before they are registered. Organizations should review these final regulations once registered to ensure overall compliance.

www.deloitte.ca Deloitte, one of Canada s leading professional services firms, provides audit, tax, consulting, and financial advisory services. Deloitte LLP, an Ontario limited liability partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte operates in Quebec as Deloitte s.e.n.c.r.l., a Quebec limited liability partnership. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte & Touche LLP and affiliated entities. Designed and produced by the Deloitte Design Studio, Canada. 12-3037

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information