To check spam or phishing activities in the digital world, the Canadian government launched Canada's anti-spam law (CASL) in 2014. The CASL calls for mandatory consent of the subscriber for sending any communication from businesses operating or having customers in Canada.
This guide aims to help you understand the regulations covered under CASL and how you can comply with them to avoid huge penalties that will damage the reputation of your business.
Table of contents
What is Canada's anti-spam law (CASL)?
CASL is a federal law that aims to protect customers and businesses from misusing digital communication channels such as emails or SMS. It was created in 2014 to reinforce best practices in email marketing and combat spam and any other Commercial Electronic Message (CEM).
The CASL deals with any issue related to theft, phishing, and the spread of malicious software, such as viruses and trojans (malware).
The primary requirements for CASL includes:
• Identification – Must identify the sender and include prescribed contact information.
• Unsubscribe – The email must include a working unsubscribe button/link.
• Unsubscribe Processing – Must deal with all unsubscribe requests in 10 business days.
• Consent – Must receive expressed or implied consent from all recipients residing in Canada.
• Opt-in – Proof of expressed opt-in.
Related guide: A Complete Guide to Understand CAN-SPAM ACT of 2003
What's covered under CASL?
CASL applies to any Commercial Electronic Message (CEM) sent from or to Canadian computers or devices in Canada.
A CEM is any message that:
is in an electronic format, including emails, SMS, and any social media communications;
is sent to an electronic address such as email addresses, instant message accounts, phone numbers, or social media accounts;
Include a message encouraging recipients to take part in some commercial activity, such as offers to purchase, sell, barter, or lease a product, a service, land, or an interest or right in land, the promotion of products, services, people/personas, companies, or organizations or offers to provide a business, investment or gaming opportunity.
Fax messages and fax numbers aren't deemed electronic formats or addresses under CASL.
Type of consent under CASL
Under CASL, individuals and businesses must obtain consent from users before sending them CEMs, such as emails or texts. If asked, senders should provide proof of this consent.
There are 2 kinds of consent businesses should ask for:
The consumer has consented to receive a commercial electronic message from you either in writing or orally.
Express consent doesn't expire means there is no time limit unless the recipient withdraws their consent.
What's required in an email when seeking express consent?
When seeking expressed consent from an existing database, there are 4 elements the message must contain to be compliant:
Clear purpose or request for consent
Contact information of sender or group asking for consent
Name of person or group seeking consent
Clear unsubscribe option
It is only recognized in certain circumstances of CASL, which are as follows:
- Existing business relationship
The recipient has made or enquired about a purchase, services, a written contract, or the acceptance of a business, investment, or gaming opportunity from you.
- Existing non-business relationship
You are a registered charity, a political party, or a candidate, and the recipient has provided you with a gift, a donation, or volunteer work. You are a club, association, or voluntary organization, and the recipient is one of your members.
- The recipient's email address was conspicuously published or sent to you.
The address was available publicly, and your message relates to the recipient's functions or activities in a business or official capacity.
Implied consent is generally time-limited - typically remains till 2 years of the relationship initiation (e.g., purchase of a product). For subscriptions or memberships, the period starts when the relationship ends.
How are transactional emails handled under CASL?
Although you can send transactional emails CASL, ensure you don't add any reference to personal or product promotion.
And while such emails don't require the recipient's consent, you must still link to the unsubscribe page. One recommendation would be to allow users to opt down or manage their preferences by leading them to the preference center.
Penalties for non-compliance with CASL
Non-compliance with CASL comes with hefty fines:
$10 million per violation for a corporation
$1 million per violation for individuals
To ensure the quality of your database, you must take inventory and put a plan in place to enforce compliance.
How to be compliant with CASL?
Here are a few things you should do to remain in compliance with Canada's anti-spam law:
1. Review your email collection methods
Under CASL, you need to have implied or expressed consent for any Canadian resident. So, get consent before sending any email or other CEMs.
2. Conduct an audit
You should conduct a monthly or yearly audit to check each subscriber has given you their express consent. And if you find any anomaly, you can send them an email straight away asking for their consent or opt-in confirmation.
Related guide: How to Effectively Conduct Email Marketing Audit
3. Ensure all the ongoing communications follow CASL regulations
To be CASL compliance, follow all the following:
Email should clarify the identity of the person, business, or organization sending the message. Email should identify the Email Service Provider.
Email must have a clear and working mechanism for unsubscription.
Email must contain a valid mailing address and telephone number, email address, or web address.
CASL exempts certain communications, which are as follows:
- B2B communications
The exemption to B2B communications only applies if certain criteria are met, including but not limited to:
An email sent within a business or sent between businesses.
An email sent in response to a business request, complaint, or offered in a professional capacity by a recipient that has conspicuously published their electronic address.
Messages to those with whom you have an existing non-business relationship/donations, gifts, etc.
Communications to those you have an existing business relationship with within two years
Messages are sent to consumers in response to requests for information
Messages are sent to enforce a legal right
Third-party referrals/Forward to a friend
Communications are sent between those with personal relationships within organizations.
Communications sent to satisfy legal obligations.
Messages were sent to foreign states with anti-spam legislation.
CASL allows exemptions regarding express consent on a certain types of messages:
Communication providing any quote or estimate
Messages that facilitate transactions previously agreed to
Warranty/recall/safety or security-related emails
Communications relating to purchase or ongoing maintenance of memberships, loans, etc.
Messages that deliver goods or service/product upgrades or updates
Canada’s anti-spam law ensures businesses send messages only after users’ consent. As the world is moving towards digitization, it’s the responsibility of businesses to protect users’ privacy.
A similar law is California's Consumer Privacy Act (CCPA) which aims to strengthen Californians' privacy rights regarding their personal information. If you are a Californian business or have customers based in California, you must read it.
What you should do next
Hey there, thanks for reading till the end. Here are 3 ways we can help you grow your business:
Talk to an email expert. Need someone to take your email marketing to the next level? Mailmodo’s experts are here for you. Schedule a 30-minute email consultation. Don’t worry, it’s on the house. Book a meet here.
Send emails that bring higher conversions. Mailmodo is an ESP that helps you to create and send app-like interactive emails with forms, carts, calendars, games, and other widgets for higher conversions. Get started for free.
Get smarter with our email resources. Explore all our knowledge base here and learn about email marketing, marketing strategies, best practices, growth hacks, case studies, templates, and more. Access guides here.