canada’s anti-spam legislation
DESCRIPTION
What Charities and Non-Profits Need to Know Before July 1, 2014 Balancing Canadian Anti-Spam Legislation and Constituent Communication, Legal and Technical. A two hour workshop on what you need to know before the new Canadian Anti-Spam Act goes into effect July 1, 2014. Learn how mass emails could, should or are supposed to work under the Canadian Anti-Spam Legislation. This presentation will be delivered in partnership with Methodworks Consulting and include both Lawyers and Implementation Specialists. Speakers: Maanit Zemel, Miller Thomson LLP and Jim Freer, Method Works Consulting http://www.meetup.com/net2van/events/180043062/TRANSCRIPT
April 11, 2023Maanit ZemelMTZ Law P.C. &
Canada’s Anti-Spam Legislation
Canada’s Anti-Spam Legislation
What Charities and Non-ProfitsNeed to Know BeforeJuly 1, 2014
April 11, 2023Canada’s Anti-Spam Legislation
Maanit ZemelMTZ Law P.C.&Agenda
1.Introduction to CASL (Canada’s Anti-Spam Legislation)
2.CEMs (Commercial Electronic Messages)
3.CASL Compliance
4.Exemptions to CEM Requirements
5.Preparing for CASL
Maanit ZemelMTZ Law P.C. &
Introduction to CASL
Maanit ZemelMTZ Law P.C. &
The Problem…
Maanit ZemelMTZ Law P.C.&The Solution…
Regulate Everyone!»CASL regulates all Commercial Electronic Messages sent or accessed by a computer in Canada
»CASL also regulates a broad range of electronic and online activities, including:»The installation of computer program»Misleading advertising and marketing practices»Privacy invasion via computers»Collecting email addresses without consent
(i.e., email harvesting)Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Underlying Principles
»All regulated activities may only be carried out with:1. Informed consent by the recipient; and2. Clear identification of the sender
»All activities are based on an Opt-In regime, not an Opt-Out
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Non-Compliance
»CASL provides a complaint mechanism
»Anyone can complain to the regulators at
www.fightspam.gc.ca
»There will be significant consequences for non-compliance
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Consequences Include
»Administrative penalties»Fines up to $1 million for individuals per violation»Fines up to $10 million for organizations per
violation
»Private rights of action
»Class action suits
»Vicarious liability of organizations for employee actions
»Liability of officers and directors for organization actions
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Regulating Bodies
»Regulators have sweeping investigative powers (search an seizure orders)
»Division of responsibility among 3 government bodies
»CRTC – Commercial Electronic Messages and installation of computer programs
»Privacy Commissioner – Collection of personal information and address ‘harvesting’
»Competition Bureau – misleading advertising and marketing
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Dates to Know
»July 1, 2014: Requirements respecting Commercial Electronic Messages
»January 15, 2015: Requirements respecting computer programs
»July 1, 2017»End of transition period for implied consent»Private rights of action become available to
complainants
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C. &
CEMsCommercial Electronic Messages
Maanit ZemelMTZ Law P.C.&CEMs
A Commercial Electronic Message (CEM) is
a message sent by any electronic means (i.e.,
email, SMS text, instant message, social media)
that has,
as its purpose, or one of its purposes, to encourage
participation in a “commercial activity”
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Commercial Activities
Commercial activity is “any particular
transaction, act or conduct that is of a
commercial character whether or not
the person who carries it out does
so in the expectation of profit.”
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Examples of CEMs for Charities and Non-Profits
»Email appeals for donations»Emailed invitations to events»Promotional emails (i.e., event or lottery promotions)
»Emails promoting a charitable event or activity, if those activities are of a “commercial character”
»Electronic newsletters»Emails promoting the organization, if the organization’s activities are of a “commercial character”
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C. &
CASL Compliance
Maanit ZemelMTZ Law P.C.&Requirements
»You are prohibited from sending a CEM to an electronic address unless:
»The recipient has already consented to receive the CEM; and
»The CEM contains specific prescribed information
»Consent can be “express” or “implied”
»The onus is on the sender to provide documentation proving consent
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Establishing Implied Consent
»Implied consent exists when the recipient has
»Conspicuously published his or her electronic address (e.g., on a website); and
»Has not indicated a desire not to receive unsolicited CEMs; and
»The message is relevant to the recipient’s business role, duties, or functions
Or»Disclosed his or her electronic address to the
sender without indicating a wish not to receive unsolicited CEMs; and
»The message is relevant to the recipient’s business role, duties, or functions
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Establishing Implied Consent (non business relationships)
»Consent is implied when the sender is a registered charity (as defined in ITA) and:
»The recipient has made a donation to the charity within the preceding two years; or
»The recipient has volunteered in the preceding two years;
or
»The sender is a Non-Profit Organization (as defined in ITA) and:
»The recipient was a member of the organization at some point in the preceding two years
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Establishing Implied Consent (existing business relationships)
»Consent is implied when the recipient had:
»Purchased / leased / bartered a product / good / service / or land in the preceding two years;
»Accepted a business / investment / gaming opportunity offered by the sender in the preceding two years; or
»A written contract is created or had existed between the recipient and sender in the preceding two years
Or»The sender had received an inquiry or
application about one of the above items in the preceding six months
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.. &Proving Implied Consent
Proving implied consent relies on your ability to
track and report on your constituents’
relationships
and activities with your organization.
We strongly recommend using a centralized
Customer Relationship Management (CRM)
system.
Maanit ZemelMTZ Law P.C.&Express Consent
»Express consent may be obtained orally or in writing
»The request for express consent must include:
»The purpose for which consent is being sought, stated “clearly and simply”
»The sender’s identification and contact information and/or on whose behalf consent is being sought
»Statement that the receiver can withdraw their consent
»No pre-checked boxes
»Cannot be in the form of a CEM – post July 1, 2014 cannot send an email requesting consent Maanit Zemel
MTZ Law P.C. &
Maanit ZemelMTZ Law P.C.. &Proving Express Consent
Express consent can be tracked within a CRM
as well,
by marking how and when your constituents
consented
to each message type (like “event invitations”)
you easily
send messages to the people who have asked
for them.
Maanit ZemelMTZ Law P.C.&Transitional Period
»Parties who are in an existing business relationship or non-business relationship and have been sending CEMs to the recipients prior to July 1, 2014, will have their implied consent period extended until July 1, 2017
»Therefore charities and non-profits have implied consent from their existing donors, volunteers, and members until July 1, 2017
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Information Requirements on CEMs
»All CEMs must include the following:1. The sender’s (and/or on whose behalf the CEM
is sent) identifying information and contact details (name and mailing address and email or phone) – this information must be valid for 60 days following the deployment of the message
2. A means by which to contact the sender3. An unsubscribe mechanism
»If it isn’t practical to include all the requirements directly within the CEM, the information must be posted on a website and a link to that website be included, prominently and clearly, in the CEM
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Unsubscribing
»The unsubscribe mechanism must be effective for at least 60 days
»The provided unsubscribe mechanism must be in the same means as the message or other electronic means
»The mechanism must be at no cost to the unsubscriber
»All requests must be given effect within 10 days
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.. &Unsubscribing
Many email deployment programs track
unsubscribes by removing email addresses
from their deployment list.
We recommend not doing this, rather we
suggest
tracking ‘unsubscribes’ much like explicit
consent
(to what, when, and how did a person
unsubscribe).
Maanit ZemelMTZ Law P.C. &
Exemptions to CEM Requirements
Maanit ZemelMTZ Law P.C.&Registered Charities Exemption
Maanit ZemelMTZ Law P.C. &
CEM sent by or on behalf of a registered
charity which has “as its primary purpose
raising funds for the charity”
Maanit ZemelMTZ Law P.C.&Other Exemptions
»“Personal” or “family” relationships»A CEM consisting solely of an inquiry or application relating to the commercial activity of the recipient
»Solicited CEMs – i.e., responses to requests, inquires, or complaints, or otherwise solicited by the person to whom the message is sent
»Internal CEMs to the business, if concerns the activities of the business – emails sent between employees that are unrelated to the business are not exempted (e.g., soliciting volunteers for an external charity event)
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Other Exemptions
»CEMs between organizations/business if they ‘have a relationship’ and concerns the activities of the receiver’s business/organization
»CEMs sent to enforce a legal right»CEMs sent to foreign jurisdictions listed in the CASL schedule – but, must comply with any foreign anti-spam laws in force in that jurisdiction or face prosecution under CASL
»CEMs sent by political parties for the primary purpose of soliciting contributions
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Other Exemptions
»CEMs sent within electronic platforms where ‘unsubscribe’ and identifying information is readily available (e.g., most social networks)
»CEMs sent within a limited-access secure account by the person who provides that account (e.g., banking portals)
»Two way voice communications
»Faxes and voicemail messages
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Exemptions that Require Information and Unsubscribes
»Third party referrals – the first CEM sent to a person based on a referral by a third party, consent is required thereafter
»Quotes or estimates in response to a request
»Warranty, recall, or product safety information
»CEMs that deliver products or services, including updates and upgrades
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&More Exemptions that Require Information and Unsubscribes
»CEMs that facilitate or confirm transactions; and
»CEMs that provide factual information about:
»Ongoing subscriptions, memberships, accounts, loans
»Ongoing use or purchases»Employment relations or benefit plans for
employees
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C. &
Preparing for CASL
Maanit ZemelMTZ Law P.C.&CASL Flowchart
Maanit ZemelMTZ Law P.C. &
Do you send CEMs?
You may be exempt from compliance only If:The primary purpose of CEM is to raise
funds for the charity*
Are you a Registered Charity?
No further action required
Is the CEM:•A third party referral?•Providing a quote or estimate in
response to an request•Providing warranty, recall or product
safety information• delivering a product or service, including
updates and upgrades• facilitating or confirming transactions • Providing factual information about:1. Ongoing subscription, membership, accounts, loans;2. Ongoing use or ongoing purchases; 3. Employment relations or benefit plans for employees
No further action required
Yes Yes
Implied consent only good for 2 yearsNeed to: 1. Include prescribed info 2. Keep track of 2 years 3. Obtain express consent before 2 years expires
Yes
• Before July 1, 2014:1. Obtain express consent2. Include prescribed ID info and unsubscribe
mechanism in all CEMs• After July 1, 2014:1. Obtain consent in prescribed form2. Include prescribed ID info and unsubscribe
mechanism in all CEMs
No / unsure
No
Yes
Yes (most likely)
No (unlikely)
NoUnsure – consider next step
No consent required but CEM must include:• Identifying information• Unsubscribe mechanism
Do Other Exemptions Apply? • Organization to organization• Personal / family relationship• Internal CEM• An inquiry / application • A response to an inquiry / request / complaint• To enforce a legal right• Sent within a secured access platform• Within a platform containing unsubscribe and ID info• To a foreign jurisdiction (must comply with foreign laws)
Is Consent Implied?1. You are a registered charity / Not-for-profit org.; and 2. Recipient has been a donor, volunteer or member in the preceding 2 years
Maanit ZemelMTZ Law P.C.&CASL Systems
»Contains constituent information
»Stores relationship (transaction, volunteer, membership) details
»Express consent
»Processes self-serve unsubscribe requests
»Filters email deployments against opt-out lists
»Sends email contact information to the CRM
Maanit ZemelMTZ Law P.C. &
Database(CRM) Email System
Maanit ZemelMTZ Law P.C.&The CRM and Email System Supports Your Planning
Maanit ZemelMTZ Law P.C. &
Do you send CEMs?
You may be exempt from compliance only If:The primary purpose of CEM is to raise
funds for the charity*
Are you a Registered Charity?
No further action required
No further action required
Yes Yes
Implied consent only good for 2 yearsNeed to: 1. Include prescribed info 2. Keep track of 2 years 3. Obtain express consent before 2 years expires
Yes
Obtain / Send with Express Consent
Filter Track Unsubscriptions
No / unsure
No
Yes
Yes (most likely)
No (unlikely)
NoUnsure – consider next step
No consent required but CEM must include:
• Identifying information
• Unsubscribe mechanism
Do Other Exemptions Apply? • Track applicable relationships through the CRM, for example family relationships can be coded in most systems.
Is Consent Implied?
Is the CEM itself exempted?
Planning
CRM Email System
Maanit ZemelMTZ Law P.C.. &Developing and Email Process
There are a lot of steps to remember. Building
a solid and systematic process will help make
it easier, encourages compliance, and allows
for effective
process monitoring.
Maanit ZemelMTZ Law P.C.&Recommended Process
Plan deployment
Create email list
Filter list
Send email
Process opt-outs
Report on success
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&
Database(CRM)
Email System
Some Functions Fit Best With Specific Systems
Plan deployment
Create email list
Filter list
Send email
Process opt-outs
Report on success
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.. &Integrated Systems?
There are a number of integrated systems that
handle both Constituent management and
Email deployments. If you have such a system
we still strongly encourage maintaining
distinct processes for each activity – or even
separate staff members be responsible for
different phases.
Maanit ZemelMTZ Law P.C.&Plan Your Message
»Planning out your emails is the first step in sending compliant and effective messages:• Identify a clear goal for the message – are you
trying to acquire new donors, engage current constituents, inform them about your organizations activities? Based on your goals who should receive your message?
• When is the message being sent, are there critical groups that you need to establish consent for and do you have time to do that before you send?
• Can you take what you’ve learned from previous messages and improve this message?
Maanit ZemelMTZ Law P.C. &
Plan deployment
Create email list
Filter list
Send email
Process opt-outs
Report on success
Maanit ZemelMTZ Law P.C.&Building a List
»Build your email list through your database (CRM) based on groups of constituents that are meaningful to your organization, but ensure:• You track, on each constituent or individual
person, what they have opted in to and when• You develop a standard set of queries or criteria
that comply with CASL’s implied consent criteria
Maanit ZemelMTZ Law P.C. &
Plan deployment
Create email list
Filter list
Send email
Process opt-outs
Report on success
Maanit ZemelMTZ Law P.C.&Filtering the List
»Building your email list creates a baseline of people who have opted in, and by extension filter most of the people who have opted out. Now just before sending we filter again, directly within the email system, to ensure self-service opt-outs are captured.• To be effective the master opt-out list should be
maintained in the system that sends the emails• All unsubscribes should be added to this list
Plan deployment
Create email list
Filter list
Send email
Process opt-outs
Report on success
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Send Your Message
»All of your planning is done, now write the email message and send it. Ensure that you have all the crucial information:• You’ve identified your organization and whom the
message is sent on behalf of Current mailing address
• Phone, email address, or web address (that’s valid for at least 60 days after sending)
• An unsubscribe mechanism – preferably automatic, but must process opt-outs in at least 10 days.
Plan deployment
Create email list
Filter list
Send email
Process opt-outs
Report on success
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Process Any Unsubscribes
»After the message is sent you can generally expect to see a few unsubscribes, remember that they must be processed within 10 days of sending. Generally we suggest• Updating your opt-out information on the email
system first• Make sure you are flagging peoples’ accounts
that they have opted out, do not delete them! This is a valuable and important record
Plan deployment
Create email list
Filter list
Send email
Process opt-outs
Report on success
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Synchronize Your Information and Report
»Your plan identified some goals, it’s important to review them as well as the general performance of your message. As well this is a good opportunity to update your constituents in your CRM• Build an import/synchronization schedule for regular
updates• Track usable metrics in your database, and evaluate
your message and identify any lessons learned for future deployments
• Use your opt out list to update your CRM• Note, the opt-out data in the CRM should be used for
analysis and review, not for filtering your lists as it will always be slightly out-of-date.
Plan deployment
Create email list
Filter list
Send email
Process opt-outs
Report on success
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C. &
CASL Tips
Maanit ZemelMTZ Law P.C.&Get Your Board on Board!
Decisions respecting CASL should form part of the organization’s overall risk management strategies
»Decisions must be made at board and executive levels
»If you are not getting the board or senior leadership to pay attention – remind them of the directors’ and officers’ liability
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Conduct an Audit
Create an inventory of all messages that your organization sends, and identify the audiences that you reach out to
»Try to think through an entire business cycle – you may be surprised how much is actually sent
»Audit each message and audience for CASL compliance
»Have they opted in?»Implied consent?»Have they opted out?»Do the messages contain requisite
information?Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Obtain Consent
While express consent isn’t required for all emails, it is the safest way to send messages and a great way to qualify contacts
»Consent is required in most cases for businesses and non-profits, charities have additional exemptions
»An opt in – or express consent – is not just a requirement it is a person telling you that they want to hear from you
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Develop a CASL Compliance Policy
A Due Diligence defence only works if you have a reasonable compliance policy
»The procedures must include:»Requesting, maintaining, and utilizing
consents»Tracking implied consents»Acting on ‘unsubscribe’ requests
»Include CASL compliance and indemnification clauses in third-party contracts
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Train Staff, Volunteers, and if Necessary Contractors
It is critical that anyone sending messages on behalf of your organization is educated and trained on your process
»Develop and deploy a training program
»Ensure Management, Employees, and Volunteers have gone through the program
»Include CASL training in new hire onboarding
»Ensure third-parties who send messages on your behalf are familiar with and adhere to your process – this may require some training for them Maanit Zemel
MTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&Get Help!
CASL compliance can be challenging to achieve and maintain. Don’t be afraid to seek help achieving compliance, avoiding complacency, and mitigating risk
»Consider CASL insurance
»IT professionals or departments may have systems based support
»Ensure you have any compliance language and policies reviewed by legal counsel
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C. &
Final Notes
Maanit ZemelMTZ Law P.C.&Not Just SPAM – Other CASL Activities
CEMs are only one part of CASL, the following other areas are controlled by CASL regulators
»Installation of computer programs without consent
»Unauthorized collection of personal information online
»Email address harvesting
»Misleading marketing and advertising in any electronic format
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C.&How Can We Help?
»Comprehensive compliance and systems audits – current and planned
»Advice on developing and implementing CASL compliance
»Drafting and review of compliance policies, processes, and documentation
»Computer systems and process design
»Drafting and review of third party contracts
»Compliance training
»Representation before regulators and courts
Maanit ZemelMTZ Law P.C. &
Maanit ZemelMTZ Law P.C. &
Questions?Disclaimer: This presentation is provided as an information
service and is a summary of current legal issues. The
information is not meant as legal opinion or advice and viewers
are cautioned not to act on information provided in this
publication without seeking specific legal advice with respect
to their unique circumstances.
All rights reserved. This presentation may not be reproduced
and redistributed without the prior written consent of the
author.Maanit [email protected] / @maanitzemel