marketing

marketingmarketing

marketing

WHAT YOUR BUSINESS NEEDS TO KNOW ABOUT CANADA’S ANTI-SPAM LAW (CASL)

CANADA’S

AN

TI-

SPA

M L

AW

2

OVERVIEW Canada’s Anti-Spam Law (CASL) comes into effect on July 1, 2014. The Canadian government has defined spam as “any Commercial Electronic Message (CEM) sent without the express consent of the recipient(s).”

The Canadian government hopes to reduce unsolicited commercial messages in addition to threats such as spyware, phishing and malware.

THE CANADIAN GOVERNMENT WILL BE INSPECTING:

Unsolicited CEMs designed to “encourage participation in a commercial activity.” The following types of communications are considered CEMs that the government will be targeting:

¬ Emails ¬ Text Messages ¬ Instant Messages (IM) ¬ Messages sent through

social networks

The government has announced an independent non-government agency will act as a Spam Reporting Centre which will receive reports of spam and related threats and work alongside the Canadian-Radio-Television and Telecommunications Communications Commission, the Competition Bureau and the Office of the Privacy Commissioner to investigate and prosecute offences.

Effective July 1, 2014 - CASL will require consumers to opt-in to a company’s promotional campaigns by giving “consent” if they want to receive CEMs. Moving forward from that date, businesses will need to obtain express or implied consent from contacts to whom they wish to send electronic promotional material.

Figure 1. CEM Figure 2. Non-CEM

Dear John Doe,

Sherpa Marketing would like to keep you updated with our service offerings. Please download our app to see offerings and prices.

Thanks,Jane Doe

Dear John Doe,

It was great playing hockey with you last weekend. Are you available to grab lunch this week?

Regards,Fred Smith

marketing

marketing

Spyware - Spyware describes software that performs certain behaviors, generally without appropriately obtaining your consent first, such as:

¬ Advertising ¬ Collecting personal information ¬ Changing the configuration of

your computer

Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information.

Phishing - A term used to describe email messages, websites, and phone calls that are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer. Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something from of a website.

Malware - Malware is short for “malicious software.” Malware is any kind of unwanted software that is installed without your consent. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware.

WHAT IS CONSENT?Your business can secure two types of consent:

Express consent means that an individual has explicitly agreed (verbally, electronically or in writing) to receive CEMs from the sender. This is the ideal form of consent as it never expires (unless the recipient requests the sender to stop sending CEMs (E.g. by clicking the unsubscribe button in an email)), and it covers the sender legally. Examples:

¬ Verbal Agreements – The specific verbal agreement may not be possible to document. In this case, ensure that you document other faxes, emails and written correspondence you may have had with the other party where they indicate a willingness to receive CEMs from you.

¬ Electronic Agreements – Have a subscribe button with support wording like “by clicking the subscribe button, you are agreeing to receive future electronic communications from us”.

Figure 3. Subscribe email

CANADA’S

AN

TI-

SPA

M L

AW

4

¬ Written Agreements – Create a physical document to be filled out and signed by your customers and prospective clients. One of Sherpa’s clients keeps a logbook at point of sale that they ask clients to sign with their name and email address if they would like to receive promotional CEMs. The email addresses are then manually entered into their CRM system.

All requests for consent must include the following information:

i. The business name of the person seeking consent or such person’s actual name (if a business name is not used); Example: Sherpa Marketing (business name) or John Doe (personal name) if business name is not used.

ii. If the consent is sought on behalf of another person, the name of the person on whose behalf consent is

sought (the person’s business name or, if a business name is not used, the actual name); Example: John Doe wants to secure consent form Person A. Jane Doe will be the one contacting Person A for consent on behalf John Doe. Jane Doe must state John Doe’s name and information in the inquiry as he is the one asking for consent.

iii. If consent is sought on behalf of another person, a statement clarifying who is seeking consent and on whose behalf consent is sought; Example: This is Jane Doe seeking consent on behalf of John Doe.

iv. With respect to the person seeking consent (or the person on whose behalf consent is sought), the mailing address, and either a telephone number (providing access to an agent or a voice messaging system), an e-mail address or a web address;

WHAT IS CONSENT? Continued

marketing

marketing

v. The purpose or purposes for which consent is sought; Example: “Sherpa Marketing would like to send you the latest product and sales information.”

vi. A statement indicating that the person whose consent is sought can withdraw their consent. Example: An unsubscribe button at the end of an email.

Implied Consent occurs when an individual has not yet provided express consent, however, based on the nature of your relationship with them, you are able to send the individual CEMs. Implied consent can be secured in the following scenarios:

¬ You have an existing business relationship with the recipient. ¬ An existing business

relationship exists when the business and recipient have completed a business transaction within the past two years of receiving a specific email. A business transaction must be proven with an invoice, bid or quote on a specific project.

InvoiceDate: 14/04/2014

Invoice #: 6812

University of ManitobaSupplier Services - Mario LebarRoom 412 Administration Bldg.Winnipeg, MB R3T 2N2

P.O. Number: C40506

Terms: Net 30

Due Date: 14/05/2014Ship Via:

F.O.B.

Project Number: UM003sc - scope creep website redevelop

Balance Due:

Subtotal:

We appreciate your business.

GST Registration #: 867708935RT0001

Interest Charged at 2.5% Per Month On Overdue Accounts.

Description AmountTax

Learner type landing page link fixing 75.00GST

Redo art work for registration boxes 102.50GST

Redirect setup 50.00GST

Add back code removed by UMEE staff (Feb 28) and setup page to avoid errorin the future

300.00GST

Permalink setup 375.00GST

Legal Name: Martron Inc. O/A Sherpa Marketing

GST@5.0% 45.13

Total Tax 45.13

$947.63

$902.50

Figure 4. Unsubscribe button

Figure 5. Sample invoice

CANADA’S

AN

TI-

SPA

M L

AW

6

¬ You have non-business relationship with the recipient. ¬ Personal Relationship –

A personal friendship or association derived from participation in an organization or cause.

¬ Family Relationship

¬ The electronic messages are relevant to the recipient’s business, role, function or duties, and the electronic address has been conspicuously published or disclosed, without a statement that the person does not wish to receive CEMs.

¬ This essentially means that if an individual’s email address is published on their website without stating that they do not wish to receive CEMs, you can contact them. With that being said, it is certainly not our recommendation to scrape email addresses off of websites to build your business’s database, as that is not in the spirit of the law.

¬ If your business operates through a third-party yet your company still sends electronic messages to the end user, you have implied consent. ¬ Example – Company A is a

distributor who sells goods to a retailor (Company B). Company A has obtained the emails of end-users buying its goods through Company B. Company A has implied consent to send CEM’s to the end user.

WHAT IS CONSENT? Continued

Figure 6. Publically displayed email

marketing

marketing

YOUR BUSINESS HAS:

Immediate and unlimited ability to send CEMs if:

¬ You obtain express consent.

Implied consent until July 2016 if:

¬ You complete a business transaction (that can be proved with an invoice, bid or quote)

¬ You have a personal or family relationship.

Unlimited implied consent if:

¬ You have ongoing business dealings with a client. (i.e. you have an active business relationship that can be proved with invoices, bids or quotes)

¬ You have an ongoing personal or family relationship.

¬ Your business hasn’t received notification from a third-party you conduct business with that the end user of your products does not wish to receive CEMs.

Implied consent allowing you to send a single CEM if:

¬ You have received a referral or introduction to an individual from someone who has already secured express or implied consent with that individual. In that case, you must state the name and information of the person who referred you, as noted in the above.

¬ You have obtained an individual’s information published publically online without notification that they do not wish to receive CEMs.

¬ If an individual requests information or has a question regarding your business.

TIMELINES SUMMARIZED

CANADA’S

AN

TI-

SPA

M L

AW

8

INFORMATION REQUESTS

IMPORTANT - If an individual requests information or has a question regarding your business, this does not grant implied consent. If this situation arises after July 1st, 2014, you will be allowed one opportunity (message) to obtain consent. Sending additional CEMs will be considered spam under the CASL law.

REFERRALS

The above rules also apply to referrals. You are only allowed to send a prospective client a one-time email in an attempt to achieve consent. Additionally, this message must include the full name of the individual who gave you the referral, and the identification and unsubscribe requirements noted in the above.

Example: Sherpa Marketing does business with Company A. Company B asks Sherpa Marketing for the contact information for Company A. Company B must include both its contact information as well as Sherpa Marketing’s contact information in the request for consent.

INDIRECT RELATIONSHIPS

If your business operates through a third-party yet your company still sends electronic messages to the end user, the same laws apply. That being said, if the recipient notifies the third-party they wish to be removed from the mailing list, the third-party has ten days to notify your business.

Example – Company A is a distributor who sells goods to a retailor (Company B). Company A has obtained the emails of end-users buying its goods through Company B. Provided Company A has secured express or implied consent, it can send CEMs to the end user. If the end user notifies Company B they do not wish to receive CEMs from Company A anymore, Company B has ten-days to notify Company A to take the end user off its mailing list.

BURDEN OF PROOF

The burden of proof is on your company in matters of express and implied consent. You must be able to provide the appropriate documentation if inspected. Please see our blog post here on the industry’s best practices of managing and providing proof of consent: blog.sherpamarketing.ca

IMPORTANT NOTES

marketing

marketing

¬ Ensure a data system is implemented to track when implied consent expires.

¬ Your database should separate those who have and have not given consent.

¬ Create a system that efficiently documents electronic and written materials that prove express and implied consent.

¬ Develop and launch email campaign to secure express consent as soon as possible.

¬ Your business should create CEMs that conform to the new law. Anti-Spam friendly CEMs must include:

¬ Information that identifies the sender, such as mailing address, phone and email contact information and/or website.

¬ An unsubscribe option that allows the recipient to resign from your mailing list. After notification that the recipient wishes to be removed from your mailing list, you will have ten days to remove them.

PREPARING YOUR BUSINESS FOR ANTI-SPAM LEGISLATION

CANADA’S

AN

TI-

SPA

M L

AW

10

Here at Sherpa Marketing we are proficient in the design and execution of email blasts to achieve consent from your mailing list recipients. In addition to designing emails that adhere to CASL, we are capable of creating website landing pages aimed to generate consent and keep customers engaged with your business.

Sherpas are versed on CanSpam. If your business needs guidance of any kind related to Canada’s Anti-Spam Law (CASL) please do not hesitate to contact us. www.sherpamarketing.ca/contact.aspx

HOW CAN WE HELP?

Sherpa Marketing accepts no liability for the content of this paper, or for the consequences of

any actions taken on the basis of the information provided. The views herein present Sherpa

Marketing’s current understanding of Canada’s Anti-Spam Legislation and should by no means be

taken as a definitive legal analysis of Bill C-28: Canada’s Anti-Spam Legislation.

SHERPAMARKETING.CA

WINNIPEG OFFICE 530 Kenaston Blvd., Suite 205 Winnipeg, Manitoba R3N 1Z4

KITCHENER OFFICE 500 Fairway Road S., Suite 201

Kitchener, Ontario N2C 1X3