Fall Into Compliance - CASL


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • If you do have ???? You may ask them via through Chat or Q/A – while in full screen mode you may move you cursor up to the top of the screen and select the Orange Arrow to expand the menu, click on plus sign to expand | Q & A – and Chat Sections and ask away. We’ll do our best to cover your questions during the Presentation or at the end of the session. Again this is being recorded and a link will be made available approximately 24 hours after the session.{{ let’s get started }}
  • Fall Into Compliance - CASL

    1. 1. Fall into Compliance Canada’s Anti Spam Law (CASL) Presented by:David Fowler | Act-On Chief Privacy & Deliverability Officer david.fowler@act-on.net
    2. 2. Chat or Q/A #AOWEB
    3. 3. Todays Agenda• Legal Disclaimer• CAN-SPAM Review• The Canadian Anti-Spam Law (CASL) – Tenants of the Law – Disclosure and Consent – Key Differences• Next Steps – For CASL and You• Notable Quotes• Wrap Up – Q&A
    4. 4. DisclaimerAct-On Software does not provide legal advice or counsel pertaining to this subject or any related legislation orcompliance issue. We always recommend that should you require a legal opinion you should seek counsel form a qualified legal resource.
    5. 5. CAN-SPAM Review
    6. 6. CAN-SPAM Review • The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act). CAN-SPAM REQUIREMENTS The CAN-SPAM Act covers commercial email messages, theTypes of Messages primary purpose of which is the advertisement or promotion of a commercial product or service. Under CAN-SPAM, direct marketing email messages can be sent toPermission | Opt-In anyone, without permission, until the recipient explicitly requestsRequirements that they cease ("opt-out"). Every message must include opt-out instructions. The sender must honor the opt-out requests of recipients within 10 days. 2008 Rule Provision:Unsubscribe | Opt-Out An email recipient cannot be required to pay a fee, provideRequirements information other than his or her email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet Web page to opt out of receiving future email from a sender
    7. 7. CAN-SPAM Review CAN-SPAM REQUIREMENTS The CAN-SPAM Act bans false or misleading header information. The emails "From", "To" and routing information – including the originating domain name and email address – must be accurate and identify the person who initiated the email.
The Act prohibits open relay abuses, falsifying header information, generating multiple email addresses to send from, deceptive subject headers, address harvesting and dictionary attacks, andSender Identity other fraudulent ways of sending spam.
2008 Rule Provision: The definition of "sender" was modified to make it easier to determine which of multiple parties advertising in a single email message is responsible for complying with the Acts opt-out requirements.
A definition of the term "person" was added to clarify that the CAN-SPAM Acts obligations are not limited to natural persons.
    8. 8. CAN-SPAM Review CAN-SPAM REQUIREMENTS Deceptive subject lines are prohibited. The subject line cannot mislead theSubject Lines | recipient about the contents or subject matter of the message. IdentificationLabeling that the message is an advertisement or solicitation is required. Yes, a valid physical postal address is required.
2008 Rule Provision: 
A "sender" of commercial email can include an accurately registered PO box orContact Information private mailbox established under United States Postal Service regulations toPostal Address satisfy the Acts requirement that a commercial email display a "valid physical postal address".
    9. 9. CAN-SPAM Exemptions• As discussed the act applies to 100% commercial email• But what about transactional or hybrid messaging? – Commercial + Transactional | Cross Selling• The “primary purpose” rule comes into effect – The recipient decides on the primary purpose• If the recipient determines the message is commercial in nature then the message has to be compliant – Consider the 80/20 rule – 80% transactional | 20% commercial• Place the offer below the fold as not to dominate the real estate
    10. 10. Canadian Anti Spam Law (CASL)
    11. 11. Canadian Anti-Spam Law (CASL)• Enacted in 2010 and scheduled to go into effect in 2013• Intended to promote ecommerce by deterring spam, identity theft, phishing, spyware, viruses, botnets and misleading representations online• CASL creates new offenses, enforcement mechanisms and penalties• The last of the G8 to introduce a law on Spam• It’s one of the strictest ecommerce laws globally – Higher consent standards for all – Detailed content requirements – High penalties: $10M fines a possibility for non compliance
    12. 12. Tenents of the Law• Permission: – CASL Requires you obtain permission (consent) prior to sending any communication. You also need to have proof of opt-in including source and time• Scope of the law, who does it apply to? – Senders of any form of commercial electronic messaging, for example: email, voice, text messaging and social media• Location: – Where does it apply? CASL is unique in that it regulates any message sent from or received in Canada. – So if a recipient opted-in the USA, CASL would still apply if the commercial message was accessed in Canada. – This provision requires marketers to be cognizant of where their email subscribers are opening their campaigns.• Unsubscribing: – All commercial messages sent must contain an opt-out method, one difference being that you cannot confirm the opt-out request via a follow up method.• Exceptions: – Quotes, estimates, pre-existing transaction material and factual information about loans, memberships and accounts are exempt
    13. 13. Disclosure Requirements• Electronic Messages being sent from or to Canada must: – Clearly identify the sender of the message – Have a clear, applicable, and relevant subject line and From name that reflect the purposes of the email – A notice that the message is for commercial purposes (if applicable) – Contain a physical address as well as a URL, email address, or phone number where the sender can be reached and that is valid for up to 60 days after the message has been sent – Contain a valid and working mechanism that will unsubscribe the recipient within 10 days (just like Can-Spam) and is available for at least 60 days after the messages have been sent
    14. 14. Consent Requirements• Implied and Express consent• Must clearly and simply set out purpose(s) for consent:• Must obtain express consent to send CEMs unless there is – Existing business relationship OR – Existing non-business relationship – An email user must express consent by opting-in to receive communications from the sender.• You can rely on implied consent to send CEMs to recipients with an existing business or non-business relationship – EBR lasts for 2 years from the last transaction
    15. 15. Violations and Enforcement• CRTC: primary enforcement agency, including administrative monetary penalties (AMPs) – Maximum penalty is $10m, for an organization per violation – Relevant factors include purpose of penalty, nature & scope of violation, history, financial benefit ability to pay – May enter into compliance undertaking with the CRTC• Directors and officers liability | Employers liability• Importance of “due diligence” taken to prevent the violation
    16. 16. CASL vs. CAN-SPAM – Key Differences  Addresses spam only  Apples only to email, contains SMS domain opt-out  You can technically email any person at least once  No private right of action, available to ISPs and Government to bring lawsuits  Address a broad range of internet issues  Applies to all form of electronic messaging (email, SMS, IM etc.)  Prior permission based  Private right of action available to anyone (individuals, businesses etc.)
    17. 17. CASL: Summary Prior consent required Prohibits unsolicited commercial electronic messages Prohibits program installations without consent No false information allowed Sender or subject lines No harvesting or dictionary attacks More than email | IM, SMS, Social Media, Voice
    18. 18. CASL Summary Other Requirements: – Unsubscribe no longer than 10 business days – Postal address required – Private right of action included – Officers of organizations can be held accountable for their organizations messages Exemptions – Family or personnel relationship | business or inquiry relationship Enforcement – Cross boarder can’t hide under HQ location – Protection for “honest” mistakes
    19. 19. Next Steps for CASL• CASL expected to become law in 2013• Implementation of a Spam Reporting Center: – Once operational will accept messages, analyze trends in spam and other threats to electronic commerce• New roles & responsibilities for three government agencies: – CRTC | Competition Bureau | Privacy Commissioner – International agency cross boarder cooperation | Including the FTC• Interpretive guidelines – Many definitions and requirements under CASL remain broad and unclear
    20. 20. Next Steps For You• Update your website and privacy policy• Update form and procedures that document consent• Address unsubscribe requirements and timeframes• Update existing customer service processes• Develop and included information and training for employees, management and respective associates• Review and amend any third party contract requirements – Limitation of liability, representations and warranties, including address rental• If operating in North America meet BOTH CASL & CAN- SPAM requirements
    21. 21. Notable Client Quotes
    22. 22. Notable Quotes"Should you be worried about CASL? I dont know if worried is the rightterm, but if you are sending or receiving email to or from Canada youneed to read up on CASL. Unlike CAN-SPAM the new CASL law is opt-in based, not just about giving the client the ability to unsubscribe. Italso deals with social media and SMS so it has a lot wider scope thanCAN-SPAM."Kent M, 1ShoppingCart
    23. 23. Notable QuotesThere is an opt-in law, but dont be alarmed. It does not establishsome arduous new standard for permission. The law states that "it isprohibited to send or cause or permit to be sent to an electronicaddress a commercial electronic message unless the person to whomthe message is sent has consented to receiving it, whether the consentis express or implied." Implied consent seems to basically be definedas "existing business relationship," and there is a defined two yearperiod after which you cannot assume an existing businessrelationship. We recommend that all clients adhere to opt-in permissionto avoid having to cease mail to customers after the two year periodexpires.• Al Iverson, ExactTarget
    24. 24. Notable QuotesC-28 does not change a thing where deliverability is concerned. C-28 isall about permission, but theres nothing in the SMTP protocol thatallows the sender to meaningfully, verifiably assert that they hadpermission to send. The real impact of C-28 is on e-mail marketingitself. And the impact will be enormous.• Andrew Barrett, iContact (Vocus)
    25. 25. More Info & Resources• Government of Canada: – http://fightspam.gc.ca/eic/site/030.nsf/eng/home• Industry Canada: – http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/gv00521.html• FMC Law Group | Margot Patterson: – www.slideshare.net/fmclaw/casl-vs-canspam-canadas-antispam-law• Email Karma | Matt Vernhout: – http://emailkarma.net• Port 25: – www.port25.com
    26. 26. Thank Youdavid.fowler@act-on.net