CASL Compliance: Obtaining Express (Not Just Implied) Consent
As you walk down the street you see a beautiful house and decide to see who lives there. You admire the landscaping as you walk towards the door, and as you approach, you hesitate. Do you knock on the door and ask to enter, or do you just open the front door and walk in? You would knock and ask for permission, right? Just as we cannot simply walk in to a strange home, we cannot just email anyone we would like without permission. At its core, this is the intention of CASL; for marketers to gain permission before contacting subscribers.
CASL — the Canadian Anti-Spam Law — went into effect on July 1, 2014, so by now I would venture to guess that most, if not all of us, are familiar with the basics of what CASL is and how it affects us. The date we may be less familiar with is July 1, 2017. This is when the Private Rights of Action and Express Consent grace periods expire.
What does this mean? In short, companies have until this date to obtain express consent from names that were obtained as implied consent prior to July 1, 2014. In addition, individual subscribers will be able to bring legal action against an organization as a result of CASL violations, rather than only the Canadian government as it is currently. So what do we as marketers need to do to ensure we are CASL compliant and avoid penalties?
- First and foremost, analyze your subscriber base and determine what levels of consent you currently have. If you identify anyone that you cannot prove that you have received consent from, add them to a suppression list to ensure you do not email them again. In addition, identify if you have implied consent, and if so when consent was received and when it expires. Have a plan in place for how to handle those who have implied consent expiring soon, just as you would with members that need to renew soon.
- Identify your data gaps. Understand what data is used by each department and how they utilize it. Does the sales department have data fields that the marketing department should be using? Does IT capture valuable data when a member calls that can be used by another department? Working through what data is captured in all areas of your organization, how they are capturing it, and understanding how they are utilizing it will allow you to prevent unintended CASL violations.
- Identify all electronic message types and create a definition guide. Having a clear, easy to reference document that lists the areas your company reaches out to members, as well as what types of messages are exempt from CASL statutes will be an invaluable resource as you move forward.
- Review the process in which you gather consent from subscribers and implement measures to gain express consent. Express consent is the brass ring because it is not subject to the two year clock that implied consent is. Once you have express consent, you can email those subscribers for as long as you wish until they unsubscribe. Work through where your subscribers sign up and add checkboxes for express consent. Make it part of your membership application and renewal processes. One thing that is often confusing is that membership only gives you implied consent by default, so adding a way to gain express consent for all members could eliminate a majority of your consent concerns.
- Offline consent can be a major challenge as well. The classic example that I use is that of a sales representative talking to a prospect. If the call goes well and the prospect verbally indicates that they would like you to add them to your mailing list, this is express consent, but how do you prove it? In these scenarios we recommend gaining electronic consent via certified opt-in. After the call, follow up with an email reviewing what was discussed and ask them to confirm they would like to continue receiving emails about your organization and products. When they take that affirmative action to click, you now have electronic data that you can tie to their record to prove express consent.
- Lastly, make sure that any employee that interacts with members or prospects is fully trained regarding CASL policies and what steps your organization takes to ensure you are compliant. Ensuring everyone is on the same page and educated on your policies will go a long way in preventing issues in the future.
The clock is ticking. Time is growing short to ensure that our organizations have taken all steps necessary to be CASL compliant. Working through these issues now will give you the confidence to know that as you approach that door, it is unlocked and you are welcome to go right in.