Your SlideShare is downloading. ×
0
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
CASL: Are you prepared?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CASL: Are you prepared?

1,645

Published on

Stage one of Canada’s new Anti-Spam Law came into effect on July 1, 2014, creating a new regulatory framework for any organization sending Commercial Electronic Messages (CEMs) to or from …

Stage one of Canada’s new Anti-Spam Law came into effect on July 1, 2014, creating a new regulatory framework for any organization sending Commercial Electronic Messages (CEMs) to or from Canada.

Designed to reduce spam, spyware/malware, email address harvesting and network rerouting, CASL contains some of the toughest measures of its kind in the world, with severe penalties for non-compliance including fines, criminal charges, civil charges and personal liability.
It’s a complex framework with strict requirements for all CEMs, myriad rules on consent as well as numerous full and partial exemptions. Are you confident your organization is ready for CASL? Is your technology? What about proving compliance?

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,645
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. CASL Are you prepared? An overview of Canada’s Anti-Spam Law
  • 2. 90% of global email traffic is spam Spam statistics
  • 3. Spam statistics over one trillion spam emails sent globally per day
  • 4. Spam statistics 1 in 24 emails contains malware
  • 5. Spam statistics 1 in 445 emails are phishing emails
  • 6. Spam statistics One Canadian FSI reported that it deletes around SPAM emails per hour during peak email times 150,000
  • 7. Spam statistics The same Canadian FSI deletes approximately spam messages in a typical day 2 million
  • 8. Canada’s Anti-Spam Law (CASL) is a new regulation designed to reduce spam, spyware/ malware, email address harvesting and network rerouting. So, what is CASL?
  • 9. CASL applies to all commercial electronic messages (CEMs) in Canada. These include: • Commercial emails • Text messages • Social media messages Which communications does CASL cover?
  • 10. What constitutes a CEM? Simply put, for a piece of communication to be considered a CEM, it has to have two components: It must be sent to or from an electronic address Its content, hyperlinks or contact information must be designed to sell, promote or advertise a product or service CASL also applies to global organizations that send CEMs to Canada. 1 2
  • 11. CASL applies to any organization that sends commercial emails, text messages and social media messages from or to an electronic device in Canada. These include: • Businesses • Non-profits • Trade associations • Schools, universities Which organizations does CASL impact?
  • 12. What are the timelines for CASL? CASL will be rolled out in three stages: • July 1, 2014 – All CEMs must meet CASL’s anti-spam requirements • January 15, 2015 – Consent is required to install spyware or software on another person’s computer • July 1, 2017 – Organizations that violate CASL can be sued for actual or statutory damages under a private right of action
  • 13. Do penalties exist for non-compliance? Penalties for non-compliance are severe and include: • Hefty fines • Criminal charges • Civil charges • Personal liability
  • 14. CASL rules, simplified Consent. The sender must have implied or express consent to send a CEM. Identification. CEMs must identify the sender and include contact information. Unsubscribe. Every CEM must include an option to unsubscribe or opt-out. Unless exempt, all CEMs accessed on a computer system or electronic device must include all of the above. 1 CASL demands that all CEMs meet three basic requirements. These are: 2 3
  • 15. Are there exemptions? The list of exemptions is long – and it’s always best to read the fine print. There are both full and partial exemptions that exist under CASL. The following pages detail summaries of both the full and partial exemptions that exist under CASL.
  • 16. Full exemptions Full exemptions fall into five categories: • Family or business relationships • Business inquiries • Legal • Closed loop or secure messaging • Designated groups
  • 17. Family or business relationship exemptions Full exemptions for: • CEMs exchanged between family and friends • CEMs exchanged within or between organizations, provided they have an existing relationship and the CEM concerns the activities of an organization
  • 18. Business inquiry exemption Full exemptions for: CEMs providing a response to a request, inquiry or complaint (provided there is no upselling)
  • 19. Legal exemptions Full exemptions for: • CEMs sent to satisfy or enforce a legal obligation • CEMs sent to listed foreign countries, where it is reasonable to believe that the message will be opened in a listed foreign state
  • 20. Closed loop or secure messaging exemptions Full exemptions for: • CEMs sent from messaging platforms (e.g. BBM messenger, LinkedIn) where the required identification and unsubscribe mechanisms are clearly published on the user interface • CEMs sent and received within limited-access secure accounts (e.g. banking portals)
  • 21. Designated group exemptions Full exemptions for: • CEMs sent by or on behalf of a registered charity for the primary purpose of fundraising • CEMs sent by or on behalf of political parties seeking contributions
  • 22. Partial exemptions Partial exemptions can be classified in three parts including: • Customer-initiated interactions • Information about an existing business relationship • Third-party referrals
  • 23. Customer-initiated interactions Partial exemptions: You do not need consent for a CEM that is sent to fulfil the request of a recipient, such as: • Providing a quote • Facilitating a commercial transaction • Delivering a product or service For more information on the electronic commerce protection regulations and its exemptions, read our FAQ
  • 24. Partial exemptions: CEMs can be sent if they provide information about an ongoing business relationship, such as: • Warranty, product recall or safety alerts • Factual information about the ongoing use of a product/service • Information about an existing employment relationship For more information on the electronic commerce protection regulations and its exemptions, read our FAQ Information about an existing business relationship
  • 25. Third-party referrals Partial exemptions: A single CEM can be sent to a prospective customer without prior consent on the basis of a third-party referral (e.g. “refer a friend” or “suggest us” emails), so long as: • The referral is by a person who has an existing personal, business or family relationship with the sender and recipient • The message discloses the full name of the person who made the referral • The message clearly identifies the sender and person making the referral, and includes both contact information and an unsubscribe option
  • 26. What is implied consent? In certain situations, organizations don’t require express consent to send a CEM – implied consent is enough. Consent is implied if: • There is an existing business or non-business relationship • The recipient is part of a published directory • The recipient has voluntarily disclosed their email address, such as by handing out a business card In all situations, the CEM must be relevant to the recipient’s business or role. If the recipient indicates, that they do not want to receive electronic communication, consent is no longer implied.
  • 27. Obtaining express consent For all non-exempt CEMs, recipients must offer express consent by actively and positively indicating that they want to receive your CEMs. Recipients can express consent in a number of ways, including: • Checking a box to indicate consent in the form of “opting in” • Typing an email address into a field • Providing “unbundled” consent that is separate from the general terms and conditions of use or sale Please note: while pre-checked consent boxes are no longer permitted as a form of consent, those that existed on email communications before July 1, 2014 will be grandfathered in.
  • 28. Requesting consent Just as CASL includes rules for sending CEMs, all outgoing requests for consent must include a few basic elements. These are: • The name of the sender and the third party seeking consent (if different) • A physical mailing address • A telephone, email or web address • A statement indicating that consent may be withdrawn
  • 29. Preparing for CASL: Immediate steps Designate a CASL working group to review your current CEM processes and identify compliance gaps. Develop an implementation plan. Reach out to contacts in your database in an effort to turn implied consent into express consent. 1 2 3
  • 30. CASL compliance: Questions to note • How will you manage your unsubscribes if you share content lists? • How will you prospect if you rely on the B2B exemption? • Will you rely on a centralized unsubscribe model or federated model to build a CASL-compliant database? • Will you rely on the transitional period to convert all implied consent to express consent?
  • 31. The technology perspective Ensuring compliance with CASL – both immediately and over time – requires designing and implementing technology platforms that perform a variety of functions, including: • Managing and tracking opt-outs and consents • Recording subscribe and unsubscribe histories • Producing reports All of the above information is needed for you to illustrate your due diligence.
  • 32. Customizing technology Your company’s platform will need to take your specific situation into account. For example, simply building an unsubscribe mechanism requires consideration of factors such as: • Should the process be manual? • Will you keep a federated unsubscribe database or a web page that allows unsubscribes from certain services?
  • 33. After July 1 While CASL’s Anti-Spam provisions take effect on July 1, here are a few helpful tips to keep in mind after the deadline: There is a grace period Businesses that have existing relationships benefit from a three-year grace period to verify and confirm implied consents. You can no longer send an email to ask for consent After July 1, senders can only offer check boxes to acquire a recipient’s express consent.
  • 34. Proving compliance You must keep strong records of all consents and unsubscribes so that they are: • Documented • Amalgamated • Stored Remember, if you’re sending CEMs, the proof of consent burden is on you.
  • 35. Learn more at www.deloitte.ca/CASL Deloitte, one of Canada’s leading professional services firms, provides audit, tax, consulting, and financial advisory services. Deloitte LLP, an Ontario limited liability partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. © Deloitte LLP and affiliated entities. Designed and produced by the Deloitte Design Studio, Canada. 14-2191H

×