Complying with Canada’s anti-spam legislation (CASL) requires that you obtain consent from anyone who is to receive your commercial electronic messages (CEMs). You must back up that consent with a foolproof system that can prove you received consent.
Your backup process is especially important because of the way infractions will be monitored. For the first three years of CASL’s existence, federal government agencies will be the only bodies qualified to enforce the legislation. Beginning in July 2017, however, private citizens will have the power to sue for violatons of CASL, according to Wendy Mee, an associate with Blake, Cassels & Graydon LLP in Toronto, who specializes in privacy, marketing and advertising law.
That is why creating backup systems that can document all of your efforts to stay compliant must be a part of your CASL strategy.
Here are two ways to protect yourself:
> Retrieve permission online
While CASL recognizes consent that is given orally, you should be working to ensure that your clients, prospects and other contacts agree in writing to receiving your CEMs.
Having your contacts subscribe online to regular updates or send you an email stating they would like to receive this content gives you a digital record of their consent. You will have a record showing exactly when they gave consent and the internet protocol address for the exchange.
You could even go a step further, says Robert Burko, president of Elite Email in Toronto: Take a screen shot of the form each person submits and file it.
When using online forms, you must be very clear about what the individual will be receiving in exchange for his or her consent. You can no longer use pre-checked boxes that would give consent to place that person’s contact information on more than one mailing list. For example, if the subscription form for your newsletter includes a pre-checked box that presupposes this person wants additional materials from your firm, that form providing express consent becomes invalid.
Tracking implied consent (consent based on an existing business relationship) is equally important because this type of permission has an expiration date. Remember that renewal requires that your client actually buy another product or sign another contract within two years of the previous transaction. You need to track when that time is going to come up so you can renew the consent properly.
> Document your efforts to stay compliant
Should you ever be challenged on your adherence to CASL, any efforts you have made to learn about the legislation and apply it to your practice would be considered as evidence in your favour.
“That’s why it’s important to have systems and policies in place,” Mee says. “If you can show that you demonstrated due diligence, you may be able to mitigate your liability.”
Therefore, you should consider creating a “living document” of your efforts, Burko says. Document all of the ways in which you tried to stay on the right side of CASL. So, if you’ve done any research on CASL, save your notes. If you went to an educational event to learn more about the legislation, keep proof of your attendance.
List all of your efforts toward updating your client database with information on the permission that was obtained and evidence of the way in which you obtained that permission.
“If this document you’re building is to build a defence,” Burko says, “anything you can do to substantiate it is good.”
This is the second instalment in a five-part series on Canada’s anti-spam legislation.
Next: Creating a compliant message.