preparing for casl

© 2014 Marketo, Inc. #MKTGNATION14

Preparing for CASL

Kiersti Esparza, CIPP/USManager, Privacy Team | Marketo


Preparing for CASL

Disclaimer:“The information provided in this presentation can not be considered legal advice, and is not legally binding.”


Preparing for CASL

Disclaimer:• Marketo would be pleased to answer questions you

may have about CASL

• To avoid potentially misleading participants, Marketo is not in a position to answer hypothetical or situational questions such as “what if I” as we cannot measure the varying circumstances or procedures you may have in place. These types of questions should be either reviewed by your legal counsel or sent in writing to the CRTC, for their review and interpretation.


What is CASL?

• Canada's Anti-Spam Legislation

Anti-SpamAnti-

Malware

Anti-Hacking

Rules for sending Commercial Email Messages (CEMs)

Rules for installation of computer programs

Prohibition against unauthorized alteration of transmission data


What is CASL?

• Canada's Anti-Spam Legislation • CEMs – Commercial Electronic Messages• “an electronic message that, … it would be reasonable to

conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity” Transactional or Operational messages with ANY commercial or

marketing purpose


Who enforces CASL?

• Canadian Radio-television and Telecommunications Commission (CRTC)• Enforcement Agency

• The Competition Bureau of Canada• Office of the Privacy

Commissioner of Canada


Requirements under CASL

• Consent• Express or Implied • Several exemptions

• Clearly identify yourself• Provide a method where the recipient can

readily contact you• Unsubscribe mechanism• Functional for 60 days• No cost• Must process without delay


Types of Consent

• Express Consent

• Implied Consent

• Inquiry Consent


Types of Consent

• Express Consent• Did the recipient say “yes” to receiving your CEM?• An individual must take action to “opt-in” to a stated

purpose


Types of Consent

• Implied Consent• Can you show that you have an existing business or non-

business relationship?• Did the recipient disclose their address to you?• Is the address published? Is there a statement saying they

don’t wish to be contacted?• Expires within 2 years


Types of Consent

• Inquiry Consent• Expires within 6 months


Types of Consent

• Express Consent

• Implied Consent

• Inquiry Consent


Types of Consent

• Don’t be afraid to ask!


Can you prove Consent?

• You are required to maintain an auditable record of consent No Pre-Checked Boxes for Express Consent• Request for consent must be separate from general terms

and conditions • Record the date, time, purpose, and manner of consent in a

database• Filling out a consent form at a point of purchase


Can you prove Consent?

FAQs: What about verbal consent?• where oral consent can be verified by an independent third

party; or • where a complete and unedited audio recording of the

consent is retained by the person seeking consent or a client of the person seeking consent.


Timing

• Came Into Force July 1, 2014 • You will need consent from any new customer or lead and

each CEM must include identification and unsubscribe mechanisms

• Transitional Provisions • Previous express consent remains valid under CASL • Implied consent to continue sending for 3 years


Special Cases

• A person can get consent on behalf of yet to be determined third parties • All parties relying on consent obtained by others are

accountable for managing that consent. • Identification and unsubscribe requirements still apply e.g. A Frequent Flyer program gets consent from members

to send them messages on behalf of third parties that will be identified in the future (i.e. a car rental company). Must be a separate Opt-In from the main company’s Opt-In

process.


Special Cases

• Third Party Referrals • You may refer a prospective customer to another person if

you have an existing relationship with the prospective customer

• If you receive a referral, you may send one CEM to the prospect

CEM must include the full name of the individual who made the referral


When is consent NOT required?• Personal emails between family and friends• Communications within an organization• In response to a request; quotes or estimates • Messages that facilitate or confirm transactions • Provides warranty, recall, safety or security information • Provides information about

• ongoing use or ongoing purchases • ongoing subscription, membership, accounts, loans or similar • employment relationships or benefit plans

• Registered charities and political candidates (Canadian only)• When the recipient is protected by equitable data protection laws in

their own county

NOTE: Identification and Unsubscribe mechanisms are still required for these types of messages


• To catch blatant offenders• Responsible senders who are making efforts

to comply are not the target of the law.

What is the goal of CASL?


Enforcement Process


Pop Quiz!


Pop Quiz!

• As long as your email is not commercial, CASL will not apply.

a) Trueb) False


Pop Quiz!

• Which of these could violate CASL? a) An investment advisor gets a list of fellow attendees at a

financial seminar and emails them all a sales pitch b) A business consultant emails someone she has never met in

response to an inquiry about her professional services c) A computer salesperson emails someone about a laptop

sale a year after selling her a computer d) A registered charity emails you asking for a donation


Pop Quiz!

• Which of the following is not an exemption category? a) Personal relationshipb) Family relationshipc) Existing business relationship d) Existing privacy consente) Existing non-business relationship


Pop Quiz!

• Once CASL is fully in force, violations may result in: a) Penalties of up to $1 million for individuals b) Penalties of up to $10 million for organizations c) Civil liability for compensatory damages d) Civil statutory liability of up to $1 million per day e) All of the above


Checklist - Top 10 Steps

Determine which of your messages are CEMs Identify any exemptions that may apply to your CEMs Record all consents, inquiries, applications, complaints and requests

and when they were received Establish a process to help you refresh your consents Ensure that parties that have unsubscribed or otherwise not to receive

CEMs will not be sent any requested Use an opt-in mechanism to gather consent Ensure there is a compliant unsubscribe function Ensure there is a compliant identification included Approach external service providers to ensure they can support

marketing activities taken on your behalf in compliance of CASL Review legal developments relating to CASL to clarify some of the

ambiguities surrounding the legislation


Key Resources • Marketo’s webinar on CASL

http://www.marketo.com/webinars/getting-ready-for-the-canadian-anti-spam-legislation/

• Information Session on Canada's Anti-Spam Legislation http://www.crtc.gc.ca/eng/com500/info.htm

• Shaun Brown, Legal Counsel – http://www.nnovation.com

• CASL Statute: http://laws-lois.justice.gc.ca/eng/acts/E-1.6/index.html

• CRTC Regulations: http://laws-lois.justice.gc.ca/eng/regulations/SOR-2012-36/index.html

• IC Regulations: http://fightspam.gc.ca/eic/site/030.nsf/eng/00273.html

• Industry Canada’s Regulatory Impact Analysis Statement: http://fightspam.gc.ca/eic/site/030.nsf/eng/00271.html

• CRTC’s Information Bulletin (2012-548) on formality requirements: http://www.crtc.gc.ca/eng/archive/2012/2012-548.htm

• CRTC’s Information Bulletin (2012-549) on express consent: http://www.ic.gc.ca/eic/site/064.nsf/eng/07401.html

preparing for casl

Business

operational messages

marketing purpose page

stated purpose page

industry canada

types of questions

competition act

situational questions

computer system