CASL (Canadian Anti-Spam Legislation) comes into effect July 1st, 2014. This federal legislation is aimed at preventing the unsolicited sending of commercial electronic messages (email, messages to a social media account, SMS texts to a cell phone) without the recipient giving prior consent. If you are marketing for your organization, and you are reported as having spammed someone, your organization can be fined up to $10 Million. CEO’s and owners are directly liable for the spamming actions of their organizations. This legislation has been put in place to reduce SPAM and to protect people from their information being collected for online fraudulent activity.
The Law has 3 main prohibitions:
- Requires prior expressed recipient consent before you send them commercial message. Rather than opt-out;
- Installation of computer programs – you can’t install a computer program on someone’s systems with prior expressed consent;
- Prohibition on re-routing of messages without expressed consent (fraudsters/phishing. An example of this is if you get a message from “Apple” about your iTunes account requesting an update of your account information. This is not Apple, but an impersonator trying to access your information and send it to a third-party to use for fraudulent purposes.
Overview of the Law – Who is affected? Who is exempt?
Any organization that engages in online commercial marketing or online commercial communication is affected. Non-profits, fundraising or political communications are exempt from this legislation.
Opt-in law: unlike other anti-spam laws, this requires consent before-hand. You may not send the message until you have received expressed consent from the recipient.
How to Prepare: Be aware of all commercial messages sent out from your organization. Your staff may need training and your marketing strategies may need to be adjusted.
If you have a pre-existing business (commercial) with a recipient, you have a 2 year window to switch from implied consent to expressed consent.
To obtain express consent, the email sender must:
- Clearly describe the purposes for requesting consent;
- Provide the name of person seeking consent, and identify on whose behalf consent of sought, if different;
- Provide contact information for either of those persons (mailing address & telephone number, email address or web address);
- Indicate that person can unsubscribe at any time;
- Needs to have a date and time stamp.
- Needs to have expressed (not implied) consent
Source : Cake Mail blog