Canada’s anti-spam legislation (CASL) dates back to 2014. However, with the “private right of action” provision coming into force this July, it’s critical that companies take another look at their email marketing practices.
NOTE: The implementation of CASL’s new provisions has been suspended. Click here for more information.
Have you ever received an email from an organization and thought “Huh, I didn’t sign up for that that!?” Chances are, the answer is yes. In fact, I received one while writing this blog post. Ironic! And definitely not CASL compliant…
While I’m sure that you try to follow email marketing best practices and maintain compliance with CASL, it can sometimes be difficult to understand who, in a database of thousands or more emails, has given their consent. Especially if you’ve inherited a database and/or don’t have the technology/processes in place to properly capture this data.
In this blog I’ll not only describe processes that you can implement in order to take steps towards CASL compliance, but I’ll also provide a brief explanation of Canada’s Anti SPAM legislation and explain how upcoming changes will affect companies and their email marketing practices.
What is CASL?
Put into effect on July 1st, 2014, Canada’s anti spam legislation was implemented in order to “protect Canadians while ensuring that business can continue to compete in the global marketplace” (Government of Canada). It is aimed at regulating electronic messages (email, sms and social) of a commercial nature. The full legal definition of a commercial electronic message can be found here.
The legislation applies to all companies (irrespective of whether they are Canadian or not) sending commercial electronic messages (CEMs) to Canadian recipients.
CASL’s requirements for CEMs can be grouped into three categories: Consent, Identification and Unsubscribe Mechanisms.
CASL is an opt-in law. In other words, it is based on the principle that you should only send CEMs to people who consent to receive your emails. It specifies two different kinds of consent: implied and express.
What’s the difference between implied and express content? Implied consent means that while the recipient didn’t specifically opt-in to your emails, a relationship exists which implies consent. For example, they purchased goods or services from you, donated money to your organization, have membership in your organization or submitted an inquiry.
Express consent is provided when the recipient has proactively and clearly agreed to receive a CEM. The consent can be either written and oral and does not expire. In other words, you can send CEMs until the recipient says otherwise (i.e unsubscribes).
The requirements surrounding identification state that in order to gain express consent, senders must clearly identify themselves and the organization that the message is being sent on behalf of. This means that opt-in forms should clearly include the organization’s name and mailing address as well as their phone number, email address or url. If using a double opt-in process, organizations can include this information in the subscription confirmation email.
These requirements also apply to the CEMs themselves. In other words, every commercial electronic message should include this information.
All opt-in forms must indicate that the recipient can unsubscribe at any time. If using a double-opt process, this requirement can also be fulfilled in the subscription confirmation email. All CEMs should include this notification as well as an unsubscribe link or button.
How is CASL Changing?
As previously mentioned, CASL was first implemented in 2014. However, certain parts of the legislation were delayed, providing organizations with a transition period in which to work towards compliance. This transition period will end on July 1st, 2017.
The end of the transition period will be accompanied by two key changes that companies need to be aware of. Firstly, implied consent will expire. More specifically, it will only be valid for 24 months after a purchase and 6 months after an inquiry.
Secondly, and perhaps more significantly, the “Private Right of Action” provision will enter into force. In short, this provision will allow individuals to sue organizations who fail to comply with the requirements set out in CASL.
How to prepare for CASL with Dynamics 365 & Click Dimensions
If the idea of being sued doesn’t appeal to you, don’t worry – there are practices you can implement to work towards CASL compliance. One such practice is to use a “Double Opt-in” system. With Double Opt-in, users who submit your subscription web form receive an auto-responder email asking them to click a link/button to confirm their subscription.
Getting Explicit Consent: Setting Up Double Opt-in With Dynamics 365 and Click Dimensions
1. Determine your integration point . Where you will be securing subscribers from? Your website? A landing page?
2. Create the double opt-in flag on your lead and contact forms. The default value of this flag should be “No.”
3. Create dynamic marketing lists. Create one for contacts and one for leads. Each should be based on the criteria of the double opt-in flag being set to “Yes.” Using a dynamic list – as opposed to a static list – means that you can “set it and forget it.” You don’t need to worry about updating this list when a recipient subscribes/unsubscribes.
4. Create the “confirmation” landing page. To create the landing page in Click Dimensions go to Settings > Web Content > New > Type: Landing Page. You can also create the landing page directly in a CMS, such as WordPress.
5. Embed the Link Once you’ve finished designing the landing page, click on “Embed” and “Embed as Link” (while still in the editor). Copy the URL. If you created the landing page elsewhere, copy the link from there.
6. Create a subscription form. To do this, navigate to Settings > Web Content > Add New > Type: Form. At a minimum the form needs to include an e-mail address field. You can also include fields for name, phone number, and company for example. It depends what you want to capture. Below is an example of our newsletter subscription form.
7. Create an email template (Marketing > Email Templates > New) and add the link to your confirmation page. Let’s not forget that – as per CASL requirements – either the subscription form or this confirmation email should clearly indicate what recipients are opting-in to, your company information (name, address, phone, email, url etc.), the message that recipients can unsubscribe at any time, and an unsubscribe mechanism. Here is an example of our confirmation email:
8. Create the auto-responder. Go back to the form you created and click “Design.” Once the new window opens, click “Actions ” and in the auto-responder field select the name of the template you created in the previous step.
9. Create a workflow. When a recipient clicks the confirmation link in the auto-responder, you will want to trigger a workflow that will set the double opt-in flag to “Yes” on the associated contact or lead. This will in turn add the contact to the marketing list you created in Step 3.
To create a workflow, go to Settings > Processes > New Process > Category: Workflow. The logic for the workflow should look something like this:
10. Add the form to your website
11. Test, Test, Test!
What About Upgrading Implied Consent?
Given that implied consent will have an expiration date as of July 1st, its probably a good idea to try and convert implied consent to express consent. One way to do this is to send an “opt-in” email to everyone who has given you implied consent. It should be noted that you cannot just send this email willy-nilly to everyone. The recipient must have provided implied consent. If they haven’t, your email will not be CASL compliant.
To set up an opt-in email, start at Step 2 of the above process and skip steps 6, 8 and 10. In other words, skip every step that has to do with forms. Just be sure to create a new flag (called single-opt in, for example) and separate marketing lists. Because the onus is on organizations/senders to prove that they have gotten consent, its important to be able to demonstrate how consent was received.
Canada Anti-SPAM Legislation: Additional Resources
If you have questions about the steps outlined in this blog, please don’t hesitate to get in touch. Don’t worry, I give you my express consent!
Please note: The content of this blog does not constitute legal advice and following the above steps does not guarantee CASL compliance. CASL is a complex piece of legislation; if you have concerns about your company’s compliance it is best to contact a lawyer.