CASL is now in Effect! Are you Compliant?

710 visualizações

Publicada em

CASL is now in Effect! Are you Compliant?

  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

CASL is now in Effect! Are you Compliant?

  1. 1. CASL is now in Effect! Are you Compliant? Inbox Marketer
  2. 2. Today’s Agenda • CASL Overview & Timing • Keys terms defined: EBR, CEM, Implied, Express • Identification & Unsubscribe Requirements • B2B Exemptions • Next Steps & Recommendations Disclaimer: We are not lawyers , this is not legal advice.
  3. 3. What is CASL? Canada’s Anti-Spam Legislation Intended to deter the most damaging and deceptive forms of Spam: Spamming Fraud Hacking Harvesting Malware Privacy Invasions
  4. 4. Important Dates CASL Passed Dec. 2010 March 2012 CRTC Regs Finalized Industry Canada Regs Finalized Dec. 2013 July 1, 2014 Provisions in force Computer program provisions in force Jan. 15, 2015 July 1, 2017 Private Right of Action in force
  5. 5. What is a CEM? A Commercial Electronic Message that encourages participation in a commercial activity CASL provisions apply to all Commercial Electronic Messages sent to or from Canada. Commercial Electronic Messages Electronic Messages • Email • Text / instant messages • Social Media Commercial Activity • Offers to sell/lease of product/service • Offers Investment/business opportunity • Promotes individual • Requests for Consent
  6. 6. What is an EBR? Existing Business Relationship An existing business relationship is defined as a business relationship that involves or arises from: • the purchase, lease or bartering of product, goods or service within last 2 years • a written contract within the last 2 years • an inquiry of a recipient within 6 months immediately preceding the date the Commercial Electronic Message was sent
  7. 7. 1. Consent • Do you have Express or Implied consent? 2. Identification • Messages must identify sender(s) & provide contact information 3. Unsubscribe • Must be clear & prominent, able to be readily performed and accomplished at no cost to the customer There are 3 Primary Rules
  8. 8. What is Implied Consent? Implied Consent – the sender & recipient have an existing business (or non business) relationship Implied Consent is where the recipient has supplied/published work related email address and they have not included a statement that indicates they do not wish to be communicated via email Implied Consent is where the recipient has willingly disclosed their email address i.e. business card
  9. 9. fdf What is Express Consent? Express Consent – recipients give a positive or explicit indication of consent to receive CEM’s Your Email SubmitOR Under PIPEDA, pre-checked box’s are considered Express when the knowledge & consent of the individual is given They may check a box or type/write in their email address
  10. 10. Consents cannot be bundled “A request for consent cannot be bundled with, requests for consent to the general terms and conditions of use or sale.” A user must be able to consent to the general terms of sale while being able to refuse consent to receiving CEMs
  11. 11. Will Express consents under PIPEDA be grandfathered as express consents under CASL?
  12. 12. If you obtained valid express consent prior to CASL coming into force, you will be able to rely on that express consent (as long as you can prove having obtained valid express consent) A Big Win for Digital Marketers
  13. 13. Does your organization have Implied records in its database?
  14. 14. … you will have 3 years to upgrade (July 2017) Transitional provision for Existing Email Contacts – If you have (or had) an existing business or non-business relationship that already includes communication by commercial electronic message, you will have 3 years to upgrade Implied consents to Express Begin thinking about how your database will need to be configured to keep track of when customers upgraded For all existing implied records…
  15. 15. Does your organization actually have to upgrade their Implied consents to Express? The next question is an interesting one…
  16. 16. After CASL Comes into Force … YOU CAN RELY ON IMPLIED CONSENT UNDER 3 SCENARIOS 1. Existing business relationship arising from an inquiry, if no further action is taken, you have 6 months to continue to send and upgrade them to Express before you lose them 2. Existing business relationship arising from a purchase, lease, contract, barter (see section 10 for full definition of EBR) then organizations will have 2 years from time of EBR to continue to send & upgrade them to Express before you lose them
  17. 17. After CASL Comes into Force … YOU CAN RELY ON IMPLIED CONSENT IF Existing business relationship arising from a purchase that involves an ongoing use or ongoing purchase under a subscription, company will have 2 years from when the relationship terminates to continue to send & upgrade them to Express
  18. 18. A Best Practice to Consider Do not turn on and/or refresh the email permission every time a member transacts with you if they have unsubscribed. It is allowed under a strict reading of the legislation Not an ideal customer experience and therefore not recommended
  19. 19. If you do choose to upgrade to express • Upgrade message(s) should identify value proposition of your email program; give recipients a compelling reason to confirm their express consent. Be very clear on what they will be agreeing to receive • If database is large enough, test different offers. • Encourage customers to visit a preference center to update their email preferences. Our recommendation is to consider the value of an Upgrade campaign now vs. 2 years from now.
  20. 20. Industry Example of Upgrade Campaign
  21. 21. How to collect Express Consent under CASL
  22. 22. Requirements for Collecting Express Consent Ensure clarity of language & branding so that customers are well informed as to what they are agreeing to receive and the purpose(s) for which their consent is being sought. Yes, I would like to receive emails from CompanyABC with the latest information on your products, services and special offers
  23. 23. Requirements for Express Consent Pre-checked boxes will not be allowed Your Subscribe Page/Form must include: • company postal address & either phone number OR web address OR email address • link to Privacy Policy • a statement indicating that recipient can unsubscribe at any time
  24. 24. Fully CASL Compliant Example
  25. 25. Confirmation email is recommended A confirmation (or welcome) email should be sent after sign-up Recommendation: Send immediately or within 24 hours Asking recipients to confirm their opt-in is considered “double opt-in” and is the Gold Standard! Welcome message(s) helps to manage expectations and add clarity to what subscribers will receive as part of the email program
  26. 26. Rule 2: Identification Requirements Messages must identify sender & provide contact information for the sender and if different, the person on whose behalf it is sent The mailing address & either a phone number OR email OR web address must be present on the CEM Also required: A link to your privacy policy A link to your unsubscribe page Messages must not have false or misleading headers, subject lines or content
  27. 27. Rule 3: Unsubscribe Requirements Must be clear & prominent and accomplished at no cost to the customer Must be able to be readily performed (should be simple, quick and easy for the consumer to use) Cannot require a login Requests must be flagged without delay or no later than 10 business days Unsubscribe mechanism must remain functional for 60 days post deployment
  28. 28. Unsubscribe Requirements An unsubscribe link must be present on all transactional emails A recipient can unsubscribe from receiving transactional emails however if you do not include any marketing/promotional/commercial info, you may continue sending factual information about their account and/or purchases
  29. 29. How is Social Media effected by CASL?
  30. 30. Social Media under CASL CASL covers all CEMs including social media messaging. The Good: - Posting your commercial content to your brands social media accounts are ok - Twitter, Facebook pages, blogs, etc… The Bad: - Sending a DM if it’s a CEM is captured by CASL - Sending an @ mention message may be non-compliant
  31. 31. Social Media under CASL Recommended Social Media policies for CASL Compliance: 1. Official accounts: list these on your website and in the profiles of each account 2. Training of staff using these accounts and rules for posting 3. Maintain a policy around use of personal social media accounts vs. corporate or client accounts 4. Know the differences between what a reply is vs. Commercial messages 5. Use a commercial social media management account
  32. 32. For B2B Organizations, there are some exemptions to know about
  33. 33. There are some B2B Exemptions Feedback: Stakeholders argued that the legislation will prohibit regular business practices that are not among the malicious activities the Act was intended to capture. These would include sending banking e-statements, warrantee & recall messages, messages sent within or between firms with a current business relationship, etc.
  34. 34. B2B Exemptions … Section 6 of the Act does not apply to a commercial electronic message that is sent in response to a business request, inquiry, complaint or is otherwise solicited by the person to whom the message is sent that is sent to satisfy a legal or juridical obligation that is sent within a business or sent between businesses that are already in a business relationship where the messages are sent by an employee, rep, contractor or franchisee and are relevant to the business, role or function of the recipients
  35. 35. Also, Express Consent is Not Required if… The CEM delivers a product or service (including updates) that the recipient is entitled to receive under the terms of a transaction Third party referrals – only the 1st email can be sent without consent & you must identify the person’s first and last name who has provided the referral
  36. 36. Next Steps & Recommendations
  37. 37. Create a CASL Compliant Database Streamline your email programs • Align the data teams • Having multiple teams increases your risk of not being compliant • Create a centralized communications database and/or a centralized preference center • Create a centralized unsubscribe policy & database If companies don’t have the means to consolidate all their data across the different lines of business, at minimum, a central unsubscribe database is recommended.
  38. 38. Companies need to be able to prove compliance if ever challenged
  39. 39. Proper Documentation Required The burden of proof is on the sender Recommended data capture fields Level of Consent (Express vs. Implied) Date & time of the opt-in (for express) Date & time of the Existing Business Relationship (for implied) Source i.e. POS, web page, events, co-registration, list rental Why was email address collected? Newsletter? Promotions? IP address (nice to have, not a requirement) Capture what the subscribe form looks like – archive pages as they get updated Also consider implementing a “stop send” mechanism to track when implied consents expire and need to be suppressed Data Best Practice: suppress records, don’t delete
  40. 40. Identify all of your input sources: • Point of Sale • Call Center • Web Forms • Social Channels • Offline Contests • Events • Third parties • Other? What level of permission are you collecting (Express or Implied) at each source? If Express, ensure all prescribed information is present
  41. 41. Identify all of your output sources: • Email Service Provider • Mobile Marketing Provider • Web pages/triggers • Ecommerce solutions • Corporate emails • Social Networks • Other?
  42. 42. Identify all of your output sources: Data management will be key to compliance Review existing data and group consents: • Explicit * • Implied • Third party • Unknown • None
  43. 43. Who needs to be involved? Build a multi disciplinary swat team with a check list for each department 1. Privacy/Compliance 2. Legal 3. Marketing 4. Database Analytics team 5. Deployment team 6. Agents 7. Brand Managers 8. Sales team 9. Vendors & Partners
  44. 44. Additional Recommendations 1. Contact your legal counsel. Get their input and sign-off as well as your Privacy Officer 2. Educate all employees on the appropriate use of email addresses 3. Create a training program for all employees on what it means to be CASL compliant 4. Create a CASL compliance scorecard or checklist 5. Create a due diligence process & document it 6. Update all forms & processes that document consent
  45. 45. Other things you should know… • A Spam Reporting Center will be set-up and managed by the CRTC • Consumers & businesses will be able to report emails being sent without consent an emails with false or misleading content • Heavy fines for non-compliance - $10 million per violation for a corporation - $1 million per violation for individuals Permission was a best practice with PIPEDA, soon it will be the law!
  46. 46. Need help becoming CASL compliant? • Inbox Marketer offers turnkey email marketing solutions that are fully CASL compliant. • Digital Strategy & Email Best Practices • Email Design & HTML Development • Database Management & List Processing • Campaign Management & Email Deployment • Detailed Reporting & Analytics Call us at 519-824-6664 to hear how we can take your email program to the next level!

×