November 22nd, 2013
If your organization has not yet taken steps to comply, we suggest taking the following steps both to prepare for the possible implementation of Canda's Anti-Spam Legislation ("CASL") and to improve your e-mail marketing practices.
- Conduct an inventory of all e-mail mailing lists that are used in your organization. Consider all sources and senders as there are often more lists kicking around than first thought. Who has access and control over the lists and the information on them? Is it centralized or decentralized?
- Next, look at your recipients and consider how they were added to the list. Did they give you their express consent to join the list? Do you have a database or other record of this including details such as when and how it was obtained? Under CASL rules, express consent must contain specific information and should be recorded and followed up in a specific manner.
- If you intend to rely on exceptions to CASL, identify those categories and then consider how you will track the limited time period for which most exceptions are valid? Does your database allow you to block emails after a set period? How will these dates be inputted and tracked? Certain categories of commerrcial eletronic messages ("CEM") recipients are not required to provide consent.
Possible exceptions under CASL include:
- those in a familial or personal relationship with the sender;
- those who requested a response through a request, inquiry or complaint;
- those who the sender is enforcing a legal right against; and
- those who are in an ongoing business relationship with the sender (time-limited).
- If your review has revealed that you either do not collect consents or do not have CASL-compliant consents, consider obtaining fresh consents which are CASL compliant sooner rather than later. CASL provides that an electronic message that contains a request for consent is itself a CEM. Therefore, corporations and persons are only permitted to request consent through CEMs until the implementation of CASL. Afterwards, any such request may constitute a breach.
- Remove recipients from your lists who have not expressly consented or whose implied consent has expired as well as those for whom the expiry date cannot be tracked.
- Create or update your database for recording consents, setting out the date, time, purpose and manner in which consent was obtained, in addition to the dates when unsubscribe requests were received.
- Create a CASL compliance committee to create, oversee and monitor policies and procedures that provide for ongoing documentation of consents. Not only should this committee periodically evaluate the adequacy of the system, but it should educate employees to ensure general CASL knowledge and compliance.
- Finally, revise CEMs to ensure all CASL formalities are satisfied. CEMs must identify the sender, contain the sender's mailing address and either the sender's telephone number, e-mail address or web address; and CEMs must include a unsubscribe mechanism that allows the recipients to unsubscribe to receiving future CEMs in a simple process.
By acting now and following these suggestions, your organization can be ready for CASL and have better e-mail marketing capabilities for the future.