Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Preparing for Compliance: Canada's Anti-Spam Law (CASL)


Published on

Get to know the ins & outs of Canada's latest anti-spam legislation in this exciting webinar led by David Fowler, Act-On's Chief Deliverability Officer!

  • Be the first to comment

Preparing for Compliance: Canada's Anti-Spam Law (CASL)

  1. 1. | @ActOnSoftware | #ActOnSW PREPARING FOR COMPLIANCE Canada’s Anti Spam Law (CASL)
  2. 2. | @ActOnSoftware | #ActOnSW #ActOnSW Social
  3. 3. | @ActOnSoftware | #ActOnSW Chat
  4. 4. | @ActOnSoftware | #ActOnSW Today’s Presenters David Fowler Chief Privacy & Deliverability Officer @oregonlimey Sophia Jacobson Deliverability Services Manager @SophiaJacobson1
  5. 5. | @ActOnSoftware | #ActOnSW Today’s Agenda 1. Legal Disclaimer 2. CAN-SPAM Review 3. The Canadian Anti-Spam Law (CASL) Tenants of the Law Disclosure and Consent Key Differences 4. Next Steps For CASL and You 5. Wrap Up – Q&A
  6. 6. | @ActOnSoftware | #ActOnSW Disclaimer Act-On Software does not provide legal advice or counsel pertaining to this subject or any related legislation or compliance issue. We always recommend that should you require a legal opinion you should seek counsel form a qualified legal resource.
  7. 7. | @ActOnSoftware | #ActOnSW CAN-SPAM Review
  8. 8. | @ActOnSoftware | #ActOnSW CAN-SPAM Review The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act). CAN-SPAM Requirements Types of Messages The CAN-SPAM Act covers commercial email messages, the primary purpose of which is the advertisement or promotion of a commercial product or service. Permission | Opt-In Requirements Under CAN-SPAM, direct marketing email messages can be sent to anyone, without permission, until the recipient explicitly requests that they cease ("opt-out"). Unsubscribe | Opt-Out Requirements Every message must include opt-out instructions. The sender must honor the opt-out requests of recipients within 10 business days. 2008 Rule Provision: An email recipient cannot be required to pay a fee, provide information other than their email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet Web page to opt out of receiving future email from a sender
  9. 9. | @ActOnSoftware | #ActOnSW CAN-SPAM Review CAN-SPAM Requirements Sender Identity The CAN-SPAM Act bans false or misleading header information. The email's "From", "To" and routing information – including the originating domain name and email address – must be accurate and identify the person who initiated the email. The Act prohibits open relay abuses, falsifying header information, generating multiple email addresses to send from, deceptive subject headers, address harvesting and dictionary attacks, and other fraudulent ways of sending spam. 2008 Rule Provision: The definition of "sender" was modified to make it easier to determine which of multiple parties advertising in a single email message is responsible for complying with the Act's opt-out requirements. A definition of the term "person" was added to clarify that the CAN-SPAM Act's obligations are not limited to natural persons.
  10. 10. | @ActOnSoftware | #ActOnSW CAN-SPAM Review CAN-SPAM Requirements Subject Lines | Labeling Deceptive subject lines are prohibited. The subject line cannot mislead the recipient about the contents or subject matter of the message. Identification that the message is an advertisement or solicitation is required. Contact Information Postal Address Yes, a valid physical postal address is required. 2008 Rule Provision: A "sender" of commercial email can include an accurately registered PO Box or private mailbox established under United States Postal Service regulations to satisfy the Act's requirement that a commercial email display a "valid physical postal address".
  11. 11. | @ActOnSoftware | #ActOnSW CAN-SPAM Exemptions • As discussed the act applies to 100% commercial email • But what about transactional or hybrid messaging? • Transactional messaging (no commercial content) are exempt • Commercial + Transactional | Cross Selling • The “primary purpose” rule comes into effect • The recipient decides on the primary purpose • If the recipient determines the message is commercial in nature then the message has to be compliant • Consider the 80/20 rule • 80% transactional | 20% commercial • Place the offer below the fold as not to dominate the real estate
  12. 12. | @ActOnSoftware | #ActOnSW Canadian Anti-Spam Law
  13. 13. | @ActOnSoftware | #ActOnSW Canadian Anti-Spam Law (CASL) • Enacted in 2010 and scheduled to go into effect: 7/1/14 • Intended to promote ecommerce by deterring: • Spam, identity theft, phishing, spyware, viruses, botnets and misleading representations online • Covers sending commercial messages AND installing software on other peoples devices • CASL creates new offenses, enforcement mechanisms and penalties • It’s one of the strictest ecommerce laws globally • Higher consent standards for all • Detailed content requirements • High penalties: $10M fines a possibility for non compliance
  14. 14. | @ActOnSoftware | #ActOnSW Tenants of the Law Tenant Requirements Permission: CASL Requires you obtain permission (consent) prior to sending any communication. You also need to have proof of opt-in including source / time. Scope: Senders of any form of commercial electronic messaging, for example: email, voice, text messaging and social media. Location: CASL is unique it regulates any message sent from or received in Canada. It does not apply to countries that have existing email laws. You are only required to follow the law of where the recipient is. Unsubscribe: All commercial messages sent must contain an opt-out method, one difference being that you cannot confirm the opt-out request via a follow up method. Exceptions: Quotes, estimates, pre-existing transaction material and factual information about loans, memberships and accounts are exempt from CASL.
  15. 15. | @ActOnSoftware | #ActOnSW Disclosure Requirements • Electronic Messages being sent from or to Canada must: • Clearly identify the sender of the message • Have a clear, applicable, and relevant subject line and 'From' name that reflect the purposes of the email • A notice that the message is for commercial purposes (if applicable) • Contain a physical address as well as a URL, email address, or phone number where the sender can be reached and that is valid for up to 60 days after the message has been sent • Contain a valid and working mechanism that will unsubscribe the recipient within 10 days and is available for at least 60 days after the messages have been sent
  16. 16. | @ActOnSoftware | #ActOnSW Consent Requirements • Express Consent: • Did the recipient say “YES” to receiving your commercial message? • The individual MUST take positive action to “opt-in” • Implied Consent: • Do you have and demonstrate an existing business relationship or non-business? • Did the recipient disclosure their address to you? • Must clearly and simply set out purpose(s) for consent • Must obtain express consent to send CEMs unless there is • Existing business relationship OR • Existing non-business relationship • An email user must express consent by opting-in to receive communications from the sender. • You can rely on implied consent to send CEMs to recipients with an existing business or non-business relationship • EBR lasts for 2 years from the last transaction
  17. 17. | @ActOnSoftware | #ActOnSW Consent Requirements • Consent is NOT required for: • Quotes or estimates • Messages that confirm or facilitate transactions • Providing warranty, recall, safety or security information • Provide information about: • Ongoing use or ongoing purchases • Ongoing subscription, membership, accounts loans of similar • Employment relationships or benefit plans • Deliver a product good or service, including updates and upgrades Important: ID and Unsubscribe mechanisms are required for these messages
  18. 18. | @ActOnSoftware | #ActOnSW Violations and Enforcement • CRTC: primary enforcement agency, including administrative monetary penalties (AMPs) • Maximum penalty is $10m, for an organization per violation • Relevant factors include purpose of penalty, nature & scope of violation, history, financial benefit ability to pay • May enter into compliance undertaking with the CRTC • Directors and officers liability | Employers liability • Importance of “due diligence” taken to prevent the violation
  19. 19. | @ActOnSoftware | #ActOnSW CASL vs. CAN-SPAM – Key Differences  Address a broad range of internet issues – digital channel  Applies to all form of electronic messaging  Prior permission based – Documented Consent Required  Private right of action available to anyone  Individuals, businesses etc. - effective 2017  Addresses spam only  Apples only to email, contains SMS domain opt-out  No prior permission required – Consent Not Required  No private right of action, available to ISPs and Government to bring lawsuits
  20. 20. | @ActOnSoftware | #ActOnSW CASL Summary  Prior consent required (Implied or Express)  Prohibits unsolicited commercial electronic messages  Prohibits program installations without consent  Express consent required, becomes effective 1/15/15  No false information allowed  Sender or subject lines  No harvesting or dictionary attacks  More than email | IM, SMS, Social Media, Voice
  21. 21. | @ActOnSoftware | #ActOnSW CASL Summary  Other Requirements: • Unsubscribe no longer than 10 business days • Postal address required • Private right of action included – Effective 2017 • Officers of organizations can be held accountable for their organizations messages  Exemptions • Family or personal relationship | business or inquiry relationship  Enforcement • Cross boarder can’t hide under HQ location • Protection for “honest” mistakes
  22. 22. | @ActOnSoftware | #ActOnSW Next Steps for CASL • CASL to become law in July 2014 • Implementation of a Spam Reporting Center: • Once operational will accept messages, analyze trends in spam and other threats to electronic commerce • New roles & responsibilities for three government agencies: • CRTC | Competition Bureau | Privacy Commissioner • International agency cross boarder cooperation | Including the FTC • Interpretive guidelines • Many definitions and requirements under CASL remain broad and unclear
  23. 23. | @ActOnSoftware | #ActOnSW Next Steps For You • Begin internal awareness for your organization, identify the key stakeholders • Conduct an internal assessment for CASL impact • Update your website and privacy policy • Update forms and procedures that document consent • Address unsubscribe requirements and timeframes • Update existing customer service processes • Develop and included information and training: • For employees, management and respective associates • Review and amend any third party contract requirements: • Limitation of liability, representations and warranties, including address rental • If operating in North America meet BOTH CASL & CAN-SPAM requirements
  24. 24. | @ActOnSoftware | #ActOnSW More Info & Resources • Government of Canada: • • Industry Canada: • • FMC Law Group | Margot Patterson: • • Email Karma | Matt Vernhout: •
  25. 25. | @ActOnSoftware | #ActOnSW Learn More About Act-On Software Ready to Learn More? Call +1 (877) 530-1555 Email Web THE FORRESTER WAVE™ LEADERS QUADRANT
  26. 26. | @ActOnSoftware | #ActOnSW Q&A David Fowler Chief Privacy & Deliverability Officer @oregonlimey Sophia Jacobson Deliverability Services Manager @SophiaJacobson1