On February 16th the Canadian Marketing Association held a CASL Workshop to help ensure that CMA Members are taking the right steps to maintain their CASL compliance programs and avoid hefty fines.
The Workshop was a great success, with a strong turnout and a number of productive conversations taking place. Attendees of the workshop were divided into eight tables, each of which discussed two specific areas within CASL. Some of the key observations and conclusions from each area can be seen below.
Third Party Marketing & Referrals
- According to recent rulings, third party use of implied consent to send CEMs is a violation of CASL.
- The party with the consent ought to be considered as the sender.
- Providing an opt-out on behalf of two organizations gives consumers more control, but can be confusing and may not be strictly necessary.
- When a message is being sent out with messages of multiple parties, the list owner ultimately has the relationship, and is therefore the one to manage unsubscribe.
- It is important to appreciate the interaction between marketing and sales, and to capture business card information.
- The onus of proof is on the sender that the content of a CEM is tied to the role of the recipient.
- The human factor plays a critical role when relying on the B2B provisions, and making a judgement about a relationship.
- As demonstrated in the Blackstone case, the CRTC will consider the size of your business and previous offences when assessing an AMP.
- When collecting contact information, even at a trade show, ensure that your intentions are prominently displayed.
- SMEs and large corporations have different approaches when it comes to proving Existing Business Relationships.
- If you inherit a list of implied consents based on Existing Business Relationships, you should be overly cautious in your communications with them – don’t take the chance.
- Don’t be afraid to consult the CRTC with any questions you may have about forms of consent – they seem willing to discuss openly.
- It’s vital to be transparent with customers when asking for consent (what are you using their information for?)
- Section 6.6 states that service type emails are exempt from CASL’s consent requirements, however they technically require an unsubscribe.
- When including an unsubscribe on a service message, only give the recipient the option to unsubscribe from marketing communications – not future service messages. Ideally use a preference centre.
- Do not mix marketing communications with service emails.
- Surveys are only considered CEMs when the incentive is seen to be benefiting the company deploying the survey.
- To exempt surveys from CASL, ensure that any incentive is unrelated to your business.
July 1, 2017
- Section 66 describes the expiration of 3-year transitional implied consent for CEMs rule.
- Label people for whom you have express consent with a green light. Label people who have unsubscribed with a red light. Label people who you are relying on either the 3-year, 6-month, or 2-year consents with a yellow light.
- Try to harvest consents at live functions.
- The view is that PRA will not have retroactive application, though this could ultimately be decided in court if there is a PRA.
- Try to re-engage with 3-year transitional provision people before July 1, 2017.
- When you receive a business card, you should physically keep the card, or digitally copy it and track it in your CRM.
- Track consents across messaging types (SMS, email, social media, etc.)
- Ensure annual training and written policies to keep all staff up to speed.
- Plan in advance and be ready for the regulator and/or class action. Have a set of instructions for your company.
- Anything that is “posted” does not qualify as being covered by CASL. However instant messaging platforms are covered, but they may have CASL compliant features.
- Tweets may be CEMs in nature, but the act of publishing does not fall under CASL.
- When relying on the personal relationship exemption, do you really know the person on social media? Or only their alias.
- You can rely on the B2B provision if the email address is conspicuously published, there is no disclaimer, and the message is relevant to the recipients business role.
- Most social media platforms have built-in mechanisms that comply with CASL (identification, unsubscribe, consent)
- Is the installation of a mobile app from an app platform regulated by CASL? If so, when a consumer clicks “install”, is that adequate consent – presumably, unless there’s software operating that the consumer wouldn’t expect, like malware.
- With very limited real estate in mobile apps, it’s challenging to provide written acknowledgement and implementation of all CASL requirements.
- Are cookies regulated by CASL? It’s essentially a tool, so it should be regulated. But Parliament added an exception which expanded the scope. Another area open to interpretations and challenge.
July 1, 2017 remains a significant day for Canada’s marketing community. Not only will businesses communicating electronically in Canada lose the benefit of CASL’s transitional provisions, but one of the most potentially damaging provisions of the law will be coming into force: the private right of action.
While many organizations have already devoted a considerable amount of time and resources ensuring compliance with CASL, the risks and potential costs of non-compliance are to grow exponentially because of PRA. In the meantime, it’s critical that organizations review their compliance programs with these two developments in mind.