SlideShare a Scribd company logo
1 of 29
Preparing for Canada’s Anti-Spam Legislation: Conducting a compliance audit
READY, SET, AUDIT!
PREPARING YOUR
ORGANIZATION FOR CASL
Matt Vernhout Shaun Brown
Director, Client Support Partner, nNovation LLP
& ISP Relations, TC Media
@emailkarma
OUTLINE: PREPARING FOR CASL
1. Primary requirements
2. What we don’t know
3. How to prepare
STATUS
• December 15, 2010 – Bill C-28 given Royal Assent
• August 2011 – IC and CRTC regs published for comment
• March 2012 – CRTC Regs finalized
• October 2012 – Final CRTC Guidelines Published
• January 2013 – Draft Industry Canada regs published
(part II)
• Spam Reporting Centre
• Coming in to force 2014 (?)
WHAT IS CASL?
• Standalone legislation (CASL), amendments to PIPEDA
and Competition Act
• Rules for sending commercial electronic message (CEM)
• Rules for installing computer programs
• Prohibits hacking/alteration of transmission data
APPLICATION
• Apply to any message sent to or from computer system in
Canada
• More than email: IM; SMS; social media; etc.
• Voice, fax currently excluded (covered by DNCL)
COMMERCIAL ELECTRONIC
MESSAGE
• Any message where “it would be reasonable to conclude
has as its purpose, or one of its purposes, to encourage
participation in a commercial activity” including
• Product or service
• Business opportunities
• Promotes an individual who does any of the above
• Message to request consent deemed to be CEM
THREE PRIMARY RULES
1. Consent
2. Identification
3. Unsubscribe
EXEMPTIONS
• CEM sent between two individuals with personal or family
relationship
• Sent to inquire about or apply for service (i.e., purchaser
to vendor)
• Exempt from all requirements of CASL
1. CONSENT (IMPLIED)
• Consent can be express or implied
• Four categories of implied consent:
1. Existing business relationship
2. Existing non-business relationship
3. Conspicuous publication of electronic address
4. Recipient has disclosed electronic address to the sender
1. CONSENT (EXPRESS)
• CASL:
• clear notice, describe purposes, prescribed information
• CRTC Regs:
• Name of person seeking consent
• Name of person on whose behalf consent is sought, if different;
identify who is seeking, and on whose behalf
• Contact info for either of the above, including: Mailing address
and any one of telephone # (live or voice mail), email address or
a web address
• Statement that consent can be withdrawn
• CRTC Guidance:
• No pre-checked boxes; separate box not necessary if person
req’d to fill in email address next to request for consent
2. IDENTIFICATION
• Identification requirements apply to all CEMs
• Identify sender as well as person on whose behalf
message is sent
• Name by which person carries on business
• Must indicate who is “sending” and “on whose behalf” the message is
sent
• Contact information for either of above
• Mailing address and any of telephone number/email address/web
address of either person
• Information must be set out “clearly and prominently”
3. UNSUBSCRIBE
• Must be functional for 60 days
• No cost
• Same means unless impracticable
• Include either electronic address or link
• Must be “able to be readily performed”
• Must process without delay
PUBLIC AND PRIVATE
ENFORCEMENT
Enforcement
Agency/Mechanism
Target/Application Penalties
Canadian Radio-television and
Telecommunications
Commission (CRTC) (CASL)
Consent, prescribed identification
requirements and unsubscribe
requirements
Administrative monetary penalties
(AMPs) up to $1 million/violation for
individuals; $10 million/violation for
organizations
Competition Bureau
(Competition Act)
False or misleading
representations in content,
subject line, sender info
Can pursue civil or criminal remedies;
AMPs similar to those available to
CRTC under CASL
Office of the Privacy
Commissioner of Canada
(PIPEDA)
Collecting, using disclosing
electronic address without
consent
Address harvesting and dictionary
attacks
No real powers for enforcement; can
make recommendations or pursue
order in Federal Court
Private right of action Violations of CASL, Competition
Act and PIPEDA
Actual and/or statutory damages
INDUSTRY CANADA REGS
• Definition of personal family relationship
• Number of new exemptions
• Business communications within organizations and between
organizations with ongoing business relationships
• Response to request, inquiry, complaint or is otherwise solicited by
the recipient
• Messages targeted to non-Canadians, advertising products not
available in Canada; sender could not “reasonably be expected to
know” recipient is in Canada”
• Enforcing legal rights (e.g., court order, copyright, debt collection,
etc.)
• Third party referrals where referring party has personal, family or
existing business relationship with sender and recipient (exemption
from consent only)
• Use of consent on behalf of unknown third party
WHAT WE DON’T KNOW: WHAT
IS A CEM?
• Where is the commercial “threshold”?
• What elements are commercial (hyperlinks, logos,
taglines, request to “like” on Facebook)
• What about “transactional” or “relational” messages?
• Section 6(6) refers to certain types of CEMs as exempt
from the need for consent if they solely (e.g., warranty,
subscription information, delivering a product, etc.)
WHAT WE DON’T KNOW: HOW
TO TREAT LEGACY DATA?
• How does CASL apply to pre-existing lists
• Increased flexibility where:
• Consent not technically compliant (e.g., missing certain identification
requirements)
• Lack of evidence
WHAT WE DON’T KNOW:
SENDING ON BEHALF OF OTHERS
• CASL states that messages must identify person sending
message, and person on whose behalf message is sent,
if different?
• What does it mean to send on behalf of another person?
• Does this refer to ESPs?
• List rentals?
• Both?
• CRTC Guidelines: a person who may "facilitate the
distribution of a CEM", but who has "no role in its content
or choice of the recipients” need not be identified
BUILDING A CHECKLIST
• Who’s involved
• Where to start
• Data collection
• Before Broadcasting
• After Broadcasting
WHO’S INVOLVED?
• Privacy/Compliance team
• Legal Team
• VP Marketing
• Database Analytics Team
• Deployment teams
• Account Teams
• Brand Managers
DATA COLLECTION
• Audit Data Collection Sources
• Internal Sources
• External Sources
• Point of Sale
• Call Center
• Identification requirements
• Proper consent notices/options/scripts
• Contact notices
BEFORE BROADCASTING
• Review CASL exemptions for this message
• Is it a CEM?
• Review the content
• Postal address, unsubscribe, contact requirements
• Review the list
• Remove addresses that have exceed 2 yr consent period as needed
• Review targeting of content to recipients
• Test functionality of all links and seek appropriate
approvals
CHECKLIST REVIEWED
Functional Check (Level 1) Yes/No Yes/No Client/TD Deficiencies Noted/Comments
Images render properly
Alt tags in place and correct
Check for image maps
Links go to correct page or not broken
Links are tracked
Mailto functions properly and has NOTRACK
Display name and From Address are correct
Subject line is correct and does not truncate
Subject line does not contain illegal characters
View as web page included
Personalization is present and populating correctly
Personalization is pulling from the correct DB
HTML TEXT OVERRIDE
Compliance & EMS System Check (Level 3) Yes/No Yes/No Client/TD Deficiencies Noted/Comments
Postal Address included
Unsubscribe link present and working
Correct Database has been selected
Has the Seed List been added
Segmentation is correct
Recipient Count is Approved
Mailing List send to Duplicates option on
Reply Management is correct
Recipient Cap field checked
Is this
a
CEM?
DO ANY EXCEPTIONS APPLY?
Email Message
CASL Does not
apply
Exempt
from
s 6.5?
Exempt
from
s 6.6?
Consent is not
required
Explicit
Consen
t
Implied
Consen
t
Proper
ID and
Unsub
?
Likely NOT
compliant
Ready to Send
 No
 Yes
AFTER BROADCASTING
• Unsubscribe requirements being met
• 60 days of live access
• Unsubscribes are being processes
• Review metrics and begin next broadcast planning
MANAGING UNSUBSCRIBES
K.I.S:
• Limit number of data locations for sync purposes and
timing
• Review current practices
• Identify responsible individuals
• Offer preference choices
• opt-down vs. opt-out
• Vendor options
• Most email marketing providers can manage this for you and supply
delta files
RELATIONSHIP MARKETING
• Identified risks:
• Rolling window of consent
• Unknown data
• Mitigating risk:
• Reduce number of active databases
• Backfill dates when possible
• Re-confirm consent for the unknown address prior to enforcement
• Build automated solutions for sun setting users
CASL COMPLIANCE TO DO LIST
 Watch legislative developments carefully: final IC regs, in-force date,
further guidelines/interpretations
 Review/modify practices for obtaining eMarketing lists, choose
vendors/partners carefully, bind to unsubscribe requirements
 Review/modify formats for eMarketing
 Ensure effective and timely unsubscribe
 Review/modify program installations, associated disclosures and
consent
 Ensure consent records are retained and retrievable
 Engagement of marketing, brand, technical resources to detect
issues, ensure compliance
 Start reviewing your digital marketing programs now
THANK YOU
Questions?

More Related Content

Viewers also liked

muCon2015 - Conduct your microservices with Mesos and Marathon
muCon2015 - Conduct your microservices with Mesos and MarathonmuCon2015 - Conduct your microservices with Mesos and Marathon
muCon2015 - Conduct your microservices with Mesos and MarathonSylvain Hellegouarch
 
Resume english 12-12
Resume english 12-12Resume english 12-12
Resume english 12-12hao wang
 
ComputerFutures_JobMarketReport (002)
ComputerFutures_JobMarketReport (002)ComputerFutures_JobMarketReport (002)
ComputerFutures_JobMarketReport (002)sarahcassidy123
 
Why we choose Symfony2
Why we choose Symfony2Why we choose Symfony2
Why we choose Symfony2Merixstudio
 
Chapter 12: Business Continuity Management
Chapter 12: Business Continuity ManagementChapter 12: Business Continuity Management
Chapter 12: Business Continuity ManagementNada G.Youssef
 
Samza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedInSamza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedInC4Media
 
Etude tendance propriétaires chambres et maisons d'hôtes par guest & strategy
Etude tendance propriétaires chambres et maisons d'hôtes par guest & strategyEtude tendance propriétaires chambres et maisons d'hôtes par guest & strategy
Etude tendance propriétaires chambres et maisons d'hôtes par guest & strategyGuest & Strategy
 
Docker Workshop - Orchestrating Docker Containers
Docker Workshop - Orchestrating Docker ContainersDocker Workshop - Orchestrating Docker Containers
Docker Workshop - Orchestrating Docker ContainersHugo Henley
 
Résultats enquête portrait chambres d'hôtes et gites 2015 - Copyright "Guest ...
Résultats enquête portrait chambres d'hôtes et gites 2015 - Copyright "Guest ...Résultats enquête portrait chambres d'hôtes et gites 2015 - Copyright "Guest ...
Résultats enquête portrait chambres d'hôtes et gites 2015 - Copyright "Guest ...Guest & Strategy
 

Viewers also liked (12)

muCon2015 - Conduct your microservices with Mesos and Marathon
muCon2015 - Conduct your microservices with Mesos and MarathonmuCon2015 - Conduct your microservices with Mesos and Marathon
muCon2015 - Conduct your microservices with Mesos and Marathon
 
Resume english 12-12
Resume english 12-12Resume english 12-12
Resume english 12-12
 
REDES INFORMÁTICAS
REDES INFORMÁTICAS REDES INFORMÁTICAS
REDES INFORMÁTICAS
 
ComputerFutures_JobMarketReport (002)
ComputerFutures_JobMarketReport (002)ComputerFutures_JobMarketReport (002)
ComputerFutures_JobMarketReport (002)
 
Why we choose Symfony2
Why we choose Symfony2Why we choose Symfony2
Why we choose Symfony2
 
Top tips for negotiating your salary
Top tips for negotiating your salaryTop tips for negotiating your salary
Top tips for negotiating your salary
 
Chapter 12: Business Continuity Management
Chapter 12: Business Continuity ManagementChapter 12: Business Continuity Management
Chapter 12: Business Continuity Management
 
Tzintzuntzan 1
Tzintzuntzan 1Tzintzuntzan 1
Tzintzuntzan 1
 
Samza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedInSamza: Real-time Stream Processing at LinkedIn
Samza: Real-time Stream Processing at LinkedIn
 
Etude tendance propriétaires chambres et maisons d'hôtes par guest & strategy
Etude tendance propriétaires chambres et maisons d'hôtes par guest & strategyEtude tendance propriétaires chambres et maisons d'hôtes par guest & strategy
Etude tendance propriétaires chambres et maisons d'hôtes par guest & strategy
 
Docker Workshop - Orchestrating Docker Containers
Docker Workshop - Orchestrating Docker ContainersDocker Workshop - Orchestrating Docker Containers
Docker Workshop - Orchestrating Docker Containers
 
Résultats enquête portrait chambres d'hôtes et gites 2015 - Copyright "Guest ...
Résultats enquête portrait chambres d'hôtes et gites 2015 - Copyright "Guest ...Résultats enquête portrait chambres d'hôtes et gites 2015 - Copyright "Guest ...
Résultats enquête portrait chambres d'hôtes et gites 2015 - Copyright "Guest ...
 

Similar to Preparing for Canada’s Anti-Spam Legislation: Conducting a compliance audit

Canadian Anti-Spam Legislation (CASL) Overview
Canadian Anti-Spam Legislation (CASL) OverviewCanadian Anti-Spam Legislation (CASL) Overview
Canadian Anti-Spam Legislation (CASL) OverviewKen Knitter
 
e-Marketing Policy-Building Workshop
e-Marketing Policy-Building Workshope-Marketing Policy-Building Workshop
e-Marketing Policy-Building WorkshopMatt Vernhout
 
Anti-Spam Presentation
Anti-Spam Presentation Anti-Spam Presentation
Anti-Spam Presentation Miles Williams
 
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLPCanada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLPMiles Williams
 
Canada Anti-Spam Legislation: Obligations and Opportunity
Canada Anti-Spam Legislation: Obligations and OpportunityCanada Anti-Spam Legislation: Obligations and Opportunity
Canada Anti-Spam Legislation: Obligations and OpportunitySHKLaw
 
Wishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam PresentationWishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam PresentationMiles Williams
 
CASL - What you need to know for your organization
CASL - What you need to know for your organizationCASL - What you need to know for your organization
CASL - What you need to know for your organizationEric Hollebone
 
Protecting your castle from CASL
Protecting your castle from CASLProtecting your castle from CASL
Protecting your castle from CASLBrian Banks
 
SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)
SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)
SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)Social Media Breakfast Calgary
 
Fighting Internet and Wireless Spam Act
Fighting Internet and Wireless Spam ActFighting Internet and Wireless Spam Act
Fighting Internet and Wireless Spam ActMatt Vernhout
 
CAN SPAM Legislation: Is your organization ready?
CAN SPAM Legislation: Is your organization ready?CAN SPAM Legislation: Is your organization ready?
CAN SPAM Legislation: Is your organization ready?Violeta Cohen
 
Canada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfo
Canada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfoCanada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfo
Canada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfoZoomInfo
 
Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...
Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...
Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...ZoomInfo
 
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam SeminarWishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam SeminarMiles Williams
 
Fall Into Compliance - CASL
Fall Into Compliance - CASLFall Into Compliance - CASL
Fall Into Compliance - CASLAct-On Software
 
5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...Code Computerlove
 

Similar to Preparing for Canada’s Anti-Spam Legislation: Conducting a compliance audit (20)

Canadian Anti-Spam Legislation (CASL) Overview
Canadian Anti-Spam Legislation (CASL) OverviewCanadian Anti-Spam Legislation (CASL) Overview
Canadian Anti-Spam Legislation (CASL) Overview
 
Marketing Automation's Role In Ensuring You Stay CASL Compliant - David Fowle...
Marketing Automation's Role In Ensuring You Stay CASL Compliant - David Fowle...Marketing Automation's Role In Ensuring You Stay CASL Compliant - David Fowle...
Marketing Automation's Role In Ensuring You Stay CASL Compliant - David Fowle...
 
CASL: Are you prepared?
CASL: Are you prepared?CASL: Are you prepared?
CASL: Are you prepared?
 
e-Marketing Policy-Building Workshop
e-Marketing Policy-Building Workshope-Marketing Policy-Building Workshop
e-Marketing Policy-Building Workshop
 
Anti-Spam Presentation
Anti-Spam Presentation Anti-Spam Presentation
Anti-Spam Presentation
 
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLPCanada CASL Anti-Spam Presentation - Wishart Law Firm LLP
Canada CASL Anti-Spam Presentation - Wishart Law Firm LLP
 
Canada Anti-Spam Legislation: Obligations and Opportunity
Canada Anti-Spam Legislation: Obligations and OpportunityCanada Anti-Spam Legislation: Obligations and Opportunity
Canada Anti-Spam Legislation: Obligations and Opportunity
 
Wishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam PresentationWishart Law Firm Anti-Spam Presentation
Wishart Law Firm Anti-Spam Presentation
 
CASL - What you need to know for your organization
CASL - What you need to know for your organizationCASL - What you need to know for your organization
CASL - What you need to know for your organization
 
Protecting your castle from CASL
Protecting your castle from CASLProtecting your castle from CASL
Protecting your castle from CASL
 
SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)
SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)
SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)
 
Fighting Internet and Wireless Spam Act
Fighting Internet and Wireless Spam ActFighting Internet and Wireless Spam Act
Fighting Internet and Wireless Spam Act
 
Casl 2012 Final
Casl 2012 FinalCasl 2012 Final
Casl 2012 Final
 
CAN SPAM Legislation: Is your organization ready?
CAN SPAM Legislation: Is your organization ready?CAN SPAM Legislation: Is your organization ready?
CAN SPAM Legislation: Is your organization ready?
 
Canada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfo
Canada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfoCanada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfo
Canada's Anti-Spam Legislation (CASL): Everything You Need to Know | ZoomInfo
 
Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...
Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...
Canada's New Anti-Spam Legislation (CASL): What You Need to Know Webinar | Zo...
 
CASL compliance.pptx
CASL compliance.pptxCASL compliance.pptx
CASL compliance.pptx
 
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam SeminarWishart Law Firm LLP - CASL/Anti-Spam Seminar
Wishart Law Firm LLP - CASL/Anti-Spam Seminar
 
Fall Into Compliance - CASL
Fall Into Compliance - CASLFall Into Compliance - CASL
Fall Into Compliance - CASL
 
5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...
 

Recently uploaded

A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.mcshagufta46
 
Developing Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursDeveloping Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursKaiNexus
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Onlinelng ths
 
Amazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyAmazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyfashionfound007
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Lviv Startup Club
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toumarfarooquejamali32
 
Personal Brand Exploration Presentation Eric Bonilla
Personal Brand Exploration Presentation Eric BonillaPersonal Brand Exploration Presentation Eric Bonilla
Personal Brand Exploration Presentation Eric BonillaEricBonilla13
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023Steve Rader
 
Trauma Training Service for First Responders
Trauma Training Service for First RespondersTrauma Training Service for First Responders
Trauma Training Service for First RespondersBPOQe
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.ukaroemirsr
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfHajeJanKamps
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfAnhNguyen97152
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Reportamberjiles31
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfHajeJanKamps
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 

Recently uploaded (20)

A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.
 
Developing Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursDeveloping Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, Ours
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Online
 
Amazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyAmazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the company
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb to
 
Personal Brand Exploration Presentation Eric Bonilla
Personal Brand Exploration Presentation Eric BonillaPersonal Brand Exploration Presentation Eric Bonilla
Personal Brand Exploration Presentation Eric Bonilla
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023
 
Trauma Training Service for First Responders
Trauma Training Service for First RespondersTrauma Training Service for First Responders
Trauma Training Service for First Responders
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.uk
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdf
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Report
 
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdfPDT 89 - $1.4M - Seed - Plantee Innovations.pdf
PDT 89 - $1.4M - Seed - Plantee Innovations.pdf
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 

Preparing for Canada’s Anti-Spam Legislation: Conducting a compliance audit

  • 2. READY, SET, AUDIT! PREPARING YOUR ORGANIZATION FOR CASL Matt Vernhout Shaun Brown Director, Client Support Partner, nNovation LLP & ISP Relations, TC Media @emailkarma
  • 3. OUTLINE: PREPARING FOR CASL 1. Primary requirements 2. What we don’t know 3. How to prepare
  • 4. STATUS • December 15, 2010 – Bill C-28 given Royal Assent • August 2011 – IC and CRTC regs published for comment • March 2012 – CRTC Regs finalized • October 2012 – Final CRTC Guidelines Published • January 2013 – Draft Industry Canada regs published (part II) • Spam Reporting Centre • Coming in to force 2014 (?)
  • 5. WHAT IS CASL? • Standalone legislation (CASL), amendments to PIPEDA and Competition Act • Rules for sending commercial electronic message (CEM) • Rules for installing computer programs • Prohibits hacking/alteration of transmission data
  • 6. APPLICATION • Apply to any message sent to or from computer system in Canada • More than email: IM; SMS; social media; etc. • Voice, fax currently excluded (covered by DNCL)
  • 7. COMMERCIAL ELECTRONIC MESSAGE • Any message where “it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity” including • Product or service • Business opportunities • Promotes an individual who does any of the above • Message to request consent deemed to be CEM
  • 8. THREE PRIMARY RULES 1. Consent 2. Identification 3. Unsubscribe
  • 9. EXEMPTIONS • CEM sent between two individuals with personal or family relationship • Sent to inquire about or apply for service (i.e., purchaser to vendor) • Exempt from all requirements of CASL
  • 10. 1. CONSENT (IMPLIED) • Consent can be express or implied • Four categories of implied consent: 1. Existing business relationship 2. Existing non-business relationship 3. Conspicuous publication of electronic address 4. Recipient has disclosed electronic address to the sender
  • 11. 1. CONSENT (EXPRESS) • CASL: • clear notice, describe purposes, prescribed information • CRTC Regs: • Name of person seeking consent • Name of person on whose behalf consent is sought, if different; identify who is seeking, and on whose behalf • Contact info for either of the above, including: Mailing address and any one of telephone # (live or voice mail), email address or a web address • Statement that consent can be withdrawn • CRTC Guidance: • No pre-checked boxes; separate box not necessary if person req’d to fill in email address next to request for consent
  • 12. 2. IDENTIFICATION • Identification requirements apply to all CEMs • Identify sender as well as person on whose behalf message is sent • Name by which person carries on business • Must indicate who is “sending” and “on whose behalf” the message is sent • Contact information for either of above • Mailing address and any of telephone number/email address/web address of either person • Information must be set out “clearly and prominently”
  • 13. 3. UNSUBSCRIBE • Must be functional for 60 days • No cost • Same means unless impracticable • Include either electronic address or link • Must be “able to be readily performed” • Must process without delay
  • 14. PUBLIC AND PRIVATE ENFORCEMENT Enforcement Agency/Mechanism Target/Application Penalties Canadian Radio-television and Telecommunications Commission (CRTC) (CASL) Consent, prescribed identification requirements and unsubscribe requirements Administrative monetary penalties (AMPs) up to $1 million/violation for individuals; $10 million/violation for organizations Competition Bureau (Competition Act) False or misleading representations in content, subject line, sender info Can pursue civil or criminal remedies; AMPs similar to those available to CRTC under CASL Office of the Privacy Commissioner of Canada (PIPEDA) Collecting, using disclosing electronic address without consent Address harvesting and dictionary attacks No real powers for enforcement; can make recommendations or pursue order in Federal Court Private right of action Violations of CASL, Competition Act and PIPEDA Actual and/or statutory damages
  • 15. INDUSTRY CANADA REGS • Definition of personal family relationship • Number of new exemptions • Business communications within organizations and between organizations with ongoing business relationships • Response to request, inquiry, complaint or is otherwise solicited by the recipient • Messages targeted to non-Canadians, advertising products not available in Canada; sender could not “reasonably be expected to know” recipient is in Canada” • Enforcing legal rights (e.g., court order, copyright, debt collection, etc.) • Third party referrals where referring party has personal, family or existing business relationship with sender and recipient (exemption from consent only) • Use of consent on behalf of unknown third party
  • 16. WHAT WE DON’T KNOW: WHAT IS A CEM? • Where is the commercial “threshold”? • What elements are commercial (hyperlinks, logos, taglines, request to “like” on Facebook) • What about “transactional” or “relational” messages? • Section 6(6) refers to certain types of CEMs as exempt from the need for consent if they solely (e.g., warranty, subscription information, delivering a product, etc.)
  • 17. WHAT WE DON’T KNOW: HOW TO TREAT LEGACY DATA? • How does CASL apply to pre-existing lists • Increased flexibility where: • Consent not technically compliant (e.g., missing certain identification requirements) • Lack of evidence
  • 18. WHAT WE DON’T KNOW: SENDING ON BEHALF OF OTHERS • CASL states that messages must identify person sending message, and person on whose behalf message is sent, if different? • What does it mean to send on behalf of another person? • Does this refer to ESPs? • List rentals? • Both? • CRTC Guidelines: a person who may "facilitate the distribution of a CEM", but who has "no role in its content or choice of the recipients” need not be identified
  • 19. BUILDING A CHECKLIST • Who’s involved • Where to start • Data collection • Before Broadcasting • After Broadcasting
  • 20. WHO’S INVOLVED? • Privacy/Compliance team • Legal Team • VP Marketing • Database Analytics Team • Deployment teams • Account Teams • Brand Managers
  • 21. DATA COLLECTION • Audit Data Collection Sources • Internal Sources • External Sources • Point of Sale • Call Center • Identification requirements • Proper consent notices/options/scripts • Contact notices
  • 22. BEFORE BROADCASTING • Review CASL exemptions for this message • Is it a CEM? • Review the content • Postal address, unsubscribe, contact requirements • Review the list • Remove addresses that have exceed 2 yr consent period as needed • Review targeting of content to recipients • Test functionality of all links and seek appropriate approvals
  • 23. CHECKLIST REVIEWED Functional Check (Level 1) Yes/No Yes/No Client/TD Deficiencies Noted/Comments Images render properly Alt tags in place and correct Check for image maps Links go to correct page or not broken Links are tracked Mailto functions properly and has NOTRACK Display name and From Address are correct Subject line is correct and does not truncate Subject line does not contain illegal characters View as web page included Personalization is present and populating correctly Personalization is pulling from the correct DB HTML TEXT OVERRIDE Compliance & EMS System Check (Level 3) Yes/No Yes/No Client/TD Deficiencies Noted/Comments Postal Address included Unsubscribe link present and working Correct Database has been selected Has the Seed List been added Segmentation is correct Recipient Count is Approved Mailing List send to Duplicates option on Reply Management is correct Recipient Cap field checked
  • 24. Is this a CEM? DO ANY EXCEPTIONS APPLY? Email Message CASL Does not apply Exempt from s 6.5? Exempt from s 6.6? Consent is not required Explicit Consen t Implied Consen t Proper ID and Unsub ? Likely NOT compliant Ready to Send  No  Yes
  • 25. AFTER BROADCASTING • Unsubscribe requirements being met • 60 days of live access • Unsubscribes are being processes • Review metrics and begin next broadcast planning
  • 26. MANAGING UNSUBSCRIBES K.I.S: • Limit number of data locations for sync purposes and timing • Review current practices • Identify responsible individuals • Offer preference choices • opt-down vs. opt-out • Vendor options • Most email marketing providers can manage this for you and supply delta files
  • 27. RELATIONSHIP MARKETING • Identified risks: • Rolling window of consent • Unknown data • Mitigating risk: • Reduce number of active databases • Backfill dates when possible • Re-confirm consent for the unknown address prior to enforcement • Build automated solutions for sun setting users
  • 28. CASL COMPLIANCE TO DO LIST  Watch legislative developments carefully: final IC regs, in-force date, further guidelines/interpretations  Review/modify practices for obtaining eMarketing lists, choose vendors/partners carefully, bind to unsubscribe requirements  Review/modify formats for eMarketing  Ensure effective and timely unsubscribe  Review/modify program installations, associated disclosures and consent  Ensure consent records are retained and retrievable  Engagement of marketing, brand, technical resources to detect issues, ensure compliance  Start reviewing your digital marketing programs now