caslimages.transcontinentalmedia.com/20140620_bro5007/casl_last_minute... · act (casl)...
TRANSCRIPT
2014 1
CASL Canada’s Anti-Spam Legislation
In force - 1 July 2014
2014
2014
Disclaimer
2014
The information included in this presentation may not reflect the
views of Industry Canada, or the Canadian Radio-television and
Telecommunications Commission. This information was created
to provide a practical application to CASL. None of the
information provided should be used as legal advice. For all legal
matters, marketers are encouraged to speak with their own legal
counsel .
2014 3
Background
Substantive Requirements
Three Primary Rules
Compliance guidance
Getting ready
Agenda
Background
2014
2014
Purpose
2014
An Act to Promote the efficiency and adaptability of the
Canadian economy by regulating certain activities that
discourage reliance on electronic means of carrying out
commercial activities, and to amend the Canadian Radio-
television and Telecommunications Commission Act, the
Competition Act, the Personal Information Protection and
Electronic Documents Act and the Telecommunications
Act (CASL)
fightspam.gc.ca
“
”
2014 6
Background
MAY 2004 IC establishes task force on spam
APRIL 2009 Bill 27, introduced in Parliament
MAY 2010 Re-introduced as Fighting Internet & Wireless Spam Act (FISA)
DECEMBER 2010 Receives Royal Assent
MARCH 2012 CRTC presents final regulations
DECEMBER 2013 IC presents final regulations
JULY 2014 CASL Enforcement begins. Law is enforceable and compliance is required
JULY 2017 PRA delayed until then
2014 7
CASL Review
LEGISLATION Against unsolicited
electronic communication
DETAILED RULES For commercial
electronic messages sent from or
accessed in Canada
CONSENT Sender must attain
some form of consent before sending CEM
FINES Up to $10 million for corporations and $1 million for individuals
ENFORCEMENT No minimum # to be caught
2014
Substantive Requirements
2014
2014 9
What Does CASL Cover?
• Commercial electronic messages
• Installation of computer programs
• Altering of transmission data
2014 9
Note: exemptions apply
2014 10
Commercial Electronic Messages (CEM)
• What is CEM?
• What may not be CEM?
Note: does not encourage participation in commercial activity
2014 11
Is My Message CEM ?
2014 11
2014
Three Primary Rules
2014
Consent Identification Unsubscribe
2014 13
Consent: Express vs Implied
Express
Implied
Oral
Written
Non business relationship
Published info
Business relationship
Disclosure
2014 14
Consent Exemptions (Unsubscribe and ID Requirements still apply)
• Requested quotes
• Commercial transactions with recipient’s prior agreement
• Warranty or safety information
• Subscription or membership information
• Employment or benefit plan information
• Delivery of goods or services
• Referrals (only 1 CEM allowed)
2014 15
Grandfathering Consent
Implied Burden of Proof Express
Oral
Written
Business/non-business relationships
Published info
Disclosure
2014 16
Referrals, Forward to a Friend
2014 16
2014 17
Identification
EVERY CEM NEEDS TO INCLUDE:
• Identity of collector/sender
• Identity of advertiser
• Mailing address
• Either telephone, email, web address of list owner or third party
• Unsubscribe mechanism
2014 18
Unsubscribe
• Readily performed
• Functional and available for 60 days
• Simple, no cost
• Sent, not received
• SMS short codes, ‘Reply’, ‘click a link’ and ‘email to unsubscribe’ acceptable
• Multi-part messages (plain text & HTML)
2014 19
CASL Exclusions
• Personal and family relationship
• B2B
• Inquiry message
• Response to enquiry
• Legal message
• Closed platforms
• Foreign messages
• Charity and political parties
2014 19
2014 20
Amendments
PIPEDA
• Address harvesting
• Fabricated addresses
• Unauthorized collection of personal information
COMPETITION
• Prohibits false or misleading representations
2014
Getting Ready
2014
2014 22
Last Minute Preparations
• 12 days left until deadline
• Prioritize your initiatives (awareness, sites, etc.)
• Have a back up plan
• Finish your re-permission campaigns
• Mark any user as un-mailable, if you do not have valid
consent
2014 22
2014 23
• Audit inventory • Owned/operated web pages
• Forward to a Friend
• Contests
• Create internal CASL policy • Outline verbiage for all forms of consent (Newsletter, contest, affiliate, etc)
• Inform internal parties the do’s and don’ts around subscription and deployment
• Have a single point of record for all of your databases
• Single data point for all partners/vendors
• Verify partners are compliant • What does this mean?
Internal Initiatives
2014 24
Is My Message CEM ?
2014 24
2014 25
Templates
• Standardize subscription verbiage
• Create mock ups, and create ongoing
audit plan
• Multiple examples for different
purposes (contest, newsletter, alerts,
etc)
• Be sure it clearly informs end users
what they are opting-in to.
• Prescribed information
• Unsubscribe mechanism
• Update Term & Conditions and
Privacy Policies.
2014 26
Data
• Standardize data capture policy
• Update data retention policy
• Only collect required information
• Notification statement for non
essential information (postal code)
• Work with legal to determine
minimum data required
• Net new customers
• Grandfathering provisions
2014 27
Identity / Unsubscribe
• Standardize identification
• Full physical address
• Electronic address
• Standardize unsubscribe policy
• Automatic
• Easy and no cost
• No log-in required
• Standardize footer
• ESP/agency
2014 28
Consent
• Segment consent
• Express
• Implied
• Track implied expiry
• Sign up pages /preference center
• Informed
• Easy to navigate
• Opt in = Opt out
• Who is responsible for consent?
2014 29
Grandfathering of Consent
Expressed
Implied
Burden of proof
2014 29
2014 30
Guidance from CRTC: Information Bulletins
Forms of gaining oral
consent
Bundling of request for
consent
ESP
identification Confirmation of consent
Pre-checked boxes
2014 31
Ongoing CASL:
• Team Education – New team member training
• Ongoing audits
• Test unsubscribe processes
• Create escalation paths in case of
complaints/undertaking
2014 31
2014 32
Best Practices
• Err on the side of caution.
• Reviewing staff access – Least privilege principal
• Create a deployment checklist and approval process –
Document for proof of due diligence, can you see who
logged in
• Be sure all CEMs include link to the privacy policy
2014 32
CONTACT
Ryan Moss
Director, ISP & Client Relationship
TC Media
2014
416-218-3609
?