2014 1

CASL Canada’s Anti-Spam Legislation

In force - 1 July 2014

2014

2014

Disclaimer

2014

The information included in this presentation may not reflect the

views of Industry Canada, or the Canadian Radio-television and

Telecommunications Commission. This information was created

to provide a practical application to CASL. None of the

information provided should be used as legal advice. For all legal

matters, marketers are encouraged to speak with their own legal

counsel .

2014 3

Background

Substantive Requirements

Three Primary Rules

Compliance guidance

Getting ready

Agenda

Background

2014

2014

Purpose

2014

An Act to Promote the efficiency and adaptability of the

Canadian economy by regulating certain activities that

discourage reliance on electronic means of carrying out

commercial activities, and to amend the Canadian Radio-

television and Telecommunications Commission Act, the

Competition Act, the Personal Information Protection and

Electronic Documents Act and the Telecommunications

Act (CASL)

fightspam.gc.ca

“

”

2014 6

Background

MAY 2004 IC establishes task force on spam

APRIL 2009 Bill 27, introduced in Parliament

MAY 2010 Re-introduced as Fighting Internet & Wireless Spam Act (FISA)

DECEMBER 2010 Receives Royal Assent

MARCH 2012 CRTC presents final regulations

DECEMBER 2013 IC presents final regulations

JULY 2014 CASL Enforcement begins. Law is enforceable and compliance is required

JULY 2017 PRA delayed until then

2014 7

CASL Review

LEGISLATION Against unsolicited

electronic communication

DETAILED RULES For commercial

electronic messages sent from or

accessed in Canada

CONSENT Sender must attain

some form of consent before sending CEM

FINES Up to $10 million for corporations and $1 million for individuals

ENFORCEMENT No minimum # to be caught

2014

Substantive Requirements

2014

2014 9

What Does CASL Cover?

• Commercial electronic messages

• Installation of computer programs

• Altering of transmission data

2014 9

Note: exemptions apply

2014 10

Commercial Electronic Messages (CEM)

• What is CEM?

• What may not be CEM?

Note: does not encourage participation in commercial activity

2014 11

Is My Message CEM ?

2014 11

2014

Three Primary Rules

2014

Consent Identification Unsubscribe

2014 13

Consent: Express vs Implied

Express

Implied

Oral

Written

Non business relationship

Published info

Business relationship

Disclosure

2014 14

Consent Exemptions (Unsubscribe and ID Requirements still apply)

• Requested quotes

• Commercial transactions with recipient’s prior agreement

• Warranty or safety information

• Subscription or membership information

• Employment or benefit plan information

• Delivery of goods or services

• Referrals (only 1 CEM allowed)

2014 15

Grandfathering Consent

Implied Burden of Proof Express

Oral

Written

Business/non-business relationships

Published info

Disclosure

2014 16

Referrals, Forward to a Friend

2014 16

2014 17

Identification

EVERY CEM NEEDS TO INCLUDE:

• Identity of collector/sender

• Identity of advertiser

• Mailing address

• Either telephone, email, web address of list owner or third party

• Unsubscribe mechanism

2014 18

Unsubscribe

• Readily performed

• Functional and available for 60 days

• Simple, no cost

• Sent, not received

• SMS short codes, ‘Reply’, ‘click a link’ and ‘email to unsubscribe’ acceptable

• Multi-part messages (plain text & HTML)

2014 19

CASL Exclusions

• Personal and family relationship

• B2B

• Inquiry message

• Response to enquiry

• Legal message

• Closed platforms

• Foreign messages

• Charity and political parties

2014 19

2014 20

Amendments

PIPEDA

• Address harvesting

• Fabricated addresses

• Unauthorized collection of personal information

COMPETITION

• Prohibits false or misleading representations

2014

Getting Ready

2014

2014 22

Last Minute Preparations

• 12 days left until deadline

• Prioritize your initiatives (awareness, sites, etc.)

• Have a back up plan

• Finish your re-permission campaigns

• Mark any user as un-mailable, if you do not have valid

consent

2014 22

2014 23

• Audit inventory • Owned/operated web pages

• Forward to a Friend

• Contests

• Create internal CASL policy • Outline verbiage for all forms of consent (Newsletter, contest, affiliate, etc)

• Inform internal parties the do’s and don’ts around subscription and deployment

• Have a single point of record for all of your databases

• Single data point for all partners/vendors

• Verify partners are compliant • What does this mean?

Internal Initiatives

2014 24

Is My Message CEM ?

2014 24

2014 25

Templates

• Standardize subscription verbiage

• Create mock ups, and create ongoing

audit plan

• Multiple examples for different

purposes (contest, newsletter, alerts,

etc)

• Be sure it clearly informs end users

what they are opting-in to.

• Prescribed information

• Unsubscribe mechanism

• Update Term & Conditions and

Privacy Policies.

2014 26

Data

• Standardize data capture policy

• Update data retention policy

• Only collect required information

• Notification statement for non

essential information (postal code)

• Work with legal to determine

minimum data required

• Net new customers

• Grandfathering provisions

2014 27

Identity / Unsubscribe

• Standardize identification

• Full physical address

• Electronic address

• Standardize unsubscribe policy

• Automatic

• Easy and no cost

• No log-in required

• Standardize footer

• ESP/agency

2014 28

Consent

• Segment consent

• Express

• Implied

• Track implied expiry

• Sign up pages /preference center

• Informed

• Easy to navigate

• Opt in = Opt out

• Who is responsible for consent?

2014 29

Grandfathering of Consent

Expressed

Implied

Burden of proof

2014 29

2014 30

Guidance from CRTC: Information Bulletins

Forms of gaining oral

consent

Bundling of request for

consent

ESP

identification Confirmation of consent

Pre-checked boxes

2014 31

Ongoing CASL:

• Team Education – New team member training

• Ongoing audits

• Test unsubscribe processes

• Create escalation paths in case of

complaints/undertaking

2014 31

2014 32

Best Practices

• Err on the side of caution.

• Reviewing staff access – Least privilege principal

• Create a deployment checklist and approval process –

Document for proof of due diligence, can you see who

logged in

• Be sure all CEMs include link to the privacy policy

2014 32

CONTACT

Ryan Moss

Director, ISP & Client Relationship

TC Media

2014

ryan.moss@tc.tc

416-218-3609

?