preparing for casl
TRANSCRIPT
Page 1 © 2014 Marketo, Inc. #MKTGNATION14
Preparing for CASL
Kiersti Esparza, CIPP/USManager, Privacy Team | Marketo
Page 2 © 2014 Marketo, Inc. #MKTGNATION14
Preparing for CASL
Disclaimer:“The information provided in this presentation can not be considered legal advice, and is not legally binding.”
Page 3 © 2014 Marketo, Inc. #MKTGNATION14
Preparing for CASL
Disclaimer:• Marketo would be pleased to answer questions you
may have about CASL
• To avoid potentially misleading participants, Marketo is not in a position to answer hypothetical or situational questions such as “what if I” as we cannot measure the varying circumstances or procedures you may have in place. These types of questions should be either reviewed by your legal counsel or sent in writing to the CRTC, for their review and interpretation.
Page 4 © 2014 Marketo, Inc. #MKTGNATION14
What is CASL?
• Canada's Anti-Spam Legislation
Anti-SpamAnti-
Malware
Anti-Hacking
Rules for sending Commercial Email Messages (CEMs)
Rules for installation of computer programs
Prohibition against unauthorized alteration of transmission data
Page 5 © 2014 Marketo, Inc. #MKTGNATION14
What is CASL?
• Canada's Anti-Spam Legislation • CEMs – Commercial Electronic Messages• “an electronic message that, … it would be reasonable to
conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity” Transactional or Operational messages with ANY commercial or
marketing purpose
Page 6 © 2014 Marketo, Inc. #MKTGNATION14
Who enforces CASL?
• Canadian Radio-television and Telecommunications Commission (CRTC)• Enforcement Agency
• The Competition Bureau of Canada• Office of the Privacy
Commissioner of Canada
Page 7 © 2014 Marketo, Inc. #MKTGNATION14
Requirements under CASL
• Consent• Express or Implied • Several exemptions
• Clearly identify yourself• Provide a method where the recipient can
readily contact you• Unsubscribe mechanism• Functional for 60 days• No cost• Must process without delay
Page 8 © 2014 Marketo, Inc. #MKTGNATION14
Types of Consent
• Express Consent
• Implied Consent
• Inquiry Consent
Page 9 © 2014 Marketo, Inc. #MKTGNATION14
Types of Consent
• Express Consent• Did the recipient say “yes” to receiving your CEM?• An individual must take action to “opt-in” to a stated
purpose
Page 10 © 2014 Marketo, Inc. #MKTGNATION14
Types of Consent
• Implied Consent• Can you show that you have an existing business or non-
business relationship?• Did the recipient disclose their address to you?• Is the address published? Is there a statement saying they
don’t wish to be contacted?• Expires within 2 years
Page 11 © 2014 Marketo, Inc. #MKTGNATION14
Types of Consent
• Inquiry Consent• Expires within 6 months
Page 12 © 2014 Marketo, Inc. #MKTGNATION14
Types of Consent
• Express Consent
• Implied Consent
• Inquiry Consent
Page 14 © 2014 Marketo, Inc. #MKTGNATION14
Can you prove Consent?
• You are required to maintain an auditable record of consent No Pre-Checked Boxes for Express Consent• Request for consent must be separate from general terms
and conditions • Record the date, time, purpose, and manner of consent in a
database• Filling out a consent form at a point of purchase
Page 15 © 2014 Marketo, Inc. #MKTGNATION14
Can you prove Consent?
FAQs: What about verbal consent?• where oral consent can be verified by an independent third
party; or • where a complete and unedited audio recording of the
consent is retained by the person seeking consent or a client of the person seeking consent.
Page 16 © 2014 Marketo, Inc. #MKTGNATION14
Timing
• Came Into Force July 1, 2014 • You will need consent from any new customer or lead and
each CEM must include identification and unsubscribe mechanisms
• Transitional Provisions • Previous express consent remains valid under CASL • Implied consent to continue sending for 3 years
Page 17 © 2014 Marketo, Inc. #MKTGNATION14
Special Cases
• A person can get consent on behalf of yet to be determined third parties • All parties relying on consent obtained by others are
accountable for managing that consent. • Identification and unsubscribe requirements still apply e.g. A Frequent Flyer program gets consent from members
to send them messages on behalf of third parties that will be identified in the future (i.e. a car rental company). Must be a separate Opt-In from the main company’s Opt-In
process.
Page 18 © 2014 Marketo, Inc. #MKTGNATION14
Special Cases
• Third Party Referrals • You may refer a prospective customer to another person if
you have an existing relationship with the prospective customer
• If you receive a referral, you may send one CEM to the prospect
CEM must include the full name of the individual who made the referral
Page 19 © 2014 Marketo, Inc. #MKTGNATION14
When is consent NOT required?• Personal emails between family and friends• Communications within an organization• In response to a request; quotes or estimates • Messages that facilitate or confirm transactions • Provides warranty, recall, safety or security information • Provides information about
• ongoing use or ongoing purchases • ongoing subscription, membership, accounts, loans or similar • employment relationships or benefit plans
• Registered charities and political candidates (Canadian only)• When the recipient is protected by equitable data protection laws in
their own county
NOTE: Identification and Unsubscribe mechanisms are still required for these types of messages
Page 20 © 2014 Marketo, Inc. #MKTGNATION14
• To catch blatant offenders• Responsible senders who are making efforts
to comply are not the target of the law.
What is the goal of CASL?
Page 23 © 2014 Marketo, Inc. #MKTGNATION14
Pop Quiz!
• As long as your email is not commercial, CASL will not apply.
a) Trueb) False
Page 24 © 2014 Marketo, Inc. #MKTGNATION14
Pop Quiz!
• Which of these could violate CASL? a) An investment advisor gets a list of fellow attendees at a
financial seminar and emails them all a sales pitch b) A business consultant emails someone she has never met in
response to an inquiry about her professional services c) A computer salesperson emails someone about a laptop
sale a year after selling her a computer d) A registered charity emails you asking for a donation
Page 25 © 2014 Marketo, Inc. #MKTGNATION14
Pop Quiz!
• Which of the following is not an exemption category? a) Personal relationshipb) Family relationshipc) Existing business relationship d) Existing privacy consente) Existing non-business relationship
Page 26 © 2014 Marketo, Inc. #MKTGNATION14
Pop Quiz!
• Once CASL is fully in force, violations may result in: a) Penalties of up to $1 million for individuals b) Penalties of up to $10 million for organizations c) Civil liability for compensatory damages d) Civil statutory liability of up to $1 million per day e) All of the above
Page 27 © 2014 Marketo, Inc. #MKTGNATION14
Checklist - Top 10 Steps
Determine which of your messages are CEMs Identify any exemptions that may apply to your CEMs Record all consents, inquiries, applications, complaints and requests
and when they were received Establish a process to help you refresh your consents Ensure that parties that have unsubscribed or otherwise not to receive
CEMs will not be sent any requested Use an opt-in mechanism to gather consent Ensure there is a compliant unsubscribe function Ensure there is a compliant identification included Approach external service providers to ensure they can support
marketing activities taken on your behalf in compliance of CASL Review legal developments relating to CASL to clarify some of the
ambiguities surrounding the legislation
Page 28 © 2014 Marketo, Inc. #MKTGNATION14
Key Resources • Marketo’s webinar on CASL
http://www.marketo.com/webinars/getting-ready-for-the-canadian-anti-spam-legislation/
• Information Session on Canada's Anti-Spam Legislation http://www.crtc.gc.ca/eng/com500/info.htm
• Shaun Brown, Legal Counsel – http://www.nnovation.com
• CASL Statute: http://laws-lois.justice.gc.ca/eng/acts/E-1.6/index.html
• CRTC Regulations: http://laws-lois.justice.gc.ca/eng/regulations/SOR-2012-36/index.html
• IC Regulations: http://fightspam.gc.ca/eic/site/030.nsf/eng/00273.html
• Industry Canada’s Regulatory Impact Analysis Statement: http://fightspam.gc.ca/eic/site/030.nsf/eng/00271.html
• CRTC’s Information Bulletin (2012-548) on formality requirements: http://www.crtc.gc.ca/eng/archive/2012/2012-548.htm
• CRTC’s Information Bulletin (2012-549) on express consent: http://www.ic.gc.ca/eic/site/064.nsf/eng/07401.html