- On September 26, 2014
There is a new anti-spam law in Canada that went into effect on July 1, 2014, which has established specific requirements for electronic communication (either by SMS or email). Violation of this law can result in fines of up to $1 million for individuals and up to $10 million for businesses so it is important, if your firm communicates or with individuals or businesses in Canada, to be sure that your electronic communications comply with this law.
The law contains three key requirements:
- You must obtain express or implied consent in order to send an electronic message to that person.
- Your message must clearly identify yourself and the organization sending the message.
- There must be an unsubscribe mechanism on each message that is sent.
A question that many may have is whether their existing methods of consent are sufficient to comply with Canada’s new law. In order to obtain express consent, the recipient must have given you an explicit indication of consent to send them electronic messages. This means that a recipient must take an action to specifically request to receive your communications.
Express consent must be granted through an opt-in rather than opt-out process. For example,
Imagine that your site has a contact form which also includes a checkbox to receive email communications from your firm.
- If the user must check that box to submit the form and receive your messages in the future, this would qualify as “express consent”
- If the box is checked by default, this would not qualify as “express consent”
It is important to note that, in the first case described above, the language on the form must clearly state the nature of the communication that will be sent to the recipient. Then, going forward, the actual messages that you send to the subscriber must remain consistent with what was communicated on your form. If a user subscribes to your IP client alert today, you shouldn’t be sending him or her invitations to office warming parties in the future.
Another common feature that many sites offer is a field for potential recipients to enter their email address in order to receive communication from that organization. Provided that the text that accompanies this email field clearly states the type of messages that will be sent, this is considered a sufficient form of consent. However, many email services (Constant Contact, MailChimp, Feedburner, etc.) add a second opt-in method to this process by sending an email that requires the recipient to click a link in the email to confirm consent. While not necessary for compliance with CASL, it is a prudent additional step to take to ensure that the person whose email address was entered on your site does actually want to receive your emails (and entered the correct email address).
Implied consent is also acceptable but to meet this requirement you (the sender) must be able to show that there is either:
- an existing business relationship
- existing non-business relationship (only applies to charities, political candidates/parties, clubs, associations or voluntary organizations)
- or that the recipient’s email address was conspicuously published or sent to you.
Please see this page on Express Consent vs. Implied Consent for more information.
One important note about Implied consent is that it does expire after two years. If your business relationship ended more than two years ago, then implied consent is no longer considered valid.