On July 1, 2014, a sweeping piece of legislation called Canada’s Anti-Spam Legislation (CASL) went into effect. After a three-year grace period, it’s now time to comply.
Canadian businesses — or any business that sends electronic messages to Canadian residents — need to understand this law and how it works.
Fines for running afoul of the CASL can range from $1 million to 10 million per instance.
Note: If you’re simply using Apptoto to remind your clients of their appointments you are perfectly compliant and safe!
We still encourage you to read these guidelines, especially if you do any type of marketing, sales or other commercial messaging. We’ll go over how to do it safely in this article.
The scope and impact of CASL are far-reaching, restricting businesses from sending commercial messages without specific forms of consent.
And although there’s been a recent suspension on the provision that would have allowed private citizens a right to action against offending businesses, the impacts of the law are no less serious.
We dug into the available information online and called the Canadian governing bodies in order to learn as much as possible about the law and how it will affect business owners.
In the interest of full transparency, we are not lawyers. Nor did we hire a legal professional to write this guide. We simply want to share our research on this subject so you stay informed.
If you have specific questions or concerns about your business and their compliance with CASL, it’s best for you to contact the agencies responsible for the law and its enforcement.
CASL: The Basics
The meat of the legislation is aimed at ending business practices that involve sending unsolicited electronic messages to individuals. The law covers all commercial electronic messages (CEMs), which are defined as messages that promote commercial activity with a specific product, services, or person.
In other words, any message that would be perceived as promotional or sales focused would likely be covered under this law.
CASL regulations apply to any commercial electronic message sent from or to Canadian computers/devices in Canada.
The law establishes four main requirements regarding CEMs:
- Consent – Businesses sending CEMs must obtain express or implied consent in all cases.
- Identification – The person or business sending a CEM must be clearly identified. CEMs must include a valid mailing address and a phone number, email address, or web address.
- Unsubscribe mechanism – All CEMs must include a mechanism that allows the receiver to opt out of receiving future messages. This mechanism must work for at least 60 days following the receipt of the message.
- Truth in advertising – All messages must be demonstrably true and not have misleading information or promotional messages.
Although each of these may seem fairly straightforward, there is actually a bit to unpack for each facet of the law.
What Is a CEM?
To ensure adherence to the rules about sending CEMs, you need to understand how the law defines a CEM.
As the name implies, commercial messages are messages that have commercial intent. That is, they encourage the recipient to take some kind of commercial action with respect to a specific product, service, person, or company.
An example of CEM might be a text message promotion:
Limited-time offer! Book your appointment today and receive 20% off!
In this case, the commercial intent is clear.
There is some gray area for less-obvious messages, but in general, it’s best to assume that any message that encourages the recipient to take some kind of commercial action (e.g. make a purchase) would likely be considered a CEM.
In addition, there is a broad exemption for communications that occur within the scope of a personal relationship. Although there are many criteria that determine whether a relationship is “personal” in nature, this exemption can generally be applied to any sort of casual business communications and non-automated, personal messages sent by individuals.
Express Consent vs. Implied Consent
Another foundational piece of this law is the definition of consent.
Businesses are allowed to send CEMs to individuals for whom they have received consent, so it’s important to understand how that is defined.
Per the specific guidelines laid out in the legislation, there are two ways your business can receive consent or permission to send messages.
- Express consent – Someone specifically and knowingly agrees to sign up to receive CEMs from you or your company, in written or oral form.
- Implied consent – Consent is given on the basis of an existing or previous business relationship under certain conditions, as set out in section 10(9) of CASL. Tread lightly with implied consent.
Express consent does not expire. If individuals have a way to withdraw consent (e.g. unsubscribe or opt out), express consent remains valid indefinitely.
On the other hand, implied consent only lasts for a maximum of two years following a business relationship. This means that businesses are responsible for keeping track of when and how they received implied consent and when that consent expires.
Keep in mind that in both cases, the responsibility is on the businesses to keep valid records for how and when consent was established. In the cases of an investigation or lawsuit, the business is expected to be able to prove when and how they received consent for the particular messages sent.
If you have received express consent prior to CASL being enacted, then that consent is still valid. As long as you adhere to the additional guidelines of the law, you may continue to send CEMs to your existing audience or list.
What CASL Means for Business Owners
There are many ramifications of CASL that will affect business owners, both large and small.
The most obvious thing to know is that any commercial message sent by your business will be subject to the regulations included in CASL. This means that for most businesses, there should be steps taken to ensure that there are clear records of customer interactions and consent.
CASL went into effect on June 30, 2014. Originally, there was an additional provision that would have allowed individual citizens to bring lawsuits against companies that were in violation of the law. As of the publish date of this article, this provision has been suspended.
Even so, there are still repercussions for violating CASL.
Several Canadian government agencies are still charged with investigating complaints regarding CASL violations. And they can bring — and have brought — lawsuits against the companies that violate the legislation.
Furthermore, a revised version of this provision could be enacted in the future to allow private citizens to bring lawsuits directly, following a review by the Canadian parliament.
Appointment Reminders and CASL
Under the current version of CASL, an appointment reminder in and of itself would not qualify as a CEM.
Because of the nature of the existing business relationship, you can continue to send appointment reminders, as long as they contain only information related to the appointment and do not include any additional promotional messages. Note that setting an appointment does not qualify as implied consent to send additional CEMs.
If you’d like to send CEMs, there is no problem granted you follow the rules.
You can choose to ask customers outright if they’d like to receive CEMs, in which they can express consent at the time they make an appointment. This can be in either written or verbal form. Making it a standard part of your intake process is often a very efficient way to do this.
Given the nature of the law, it’s advisable to have this consent recorded and on file.
If you’d like to use Apptoto to ask for consent, here’s how to do it:
- Create a message that sends after the initial appointment, asking if they would like to opt into CEMs. Example: “Would you be interested in receiving promotional messages from [insert business name]? “If yes, reply “2.” This would qualify as written consent.
- Note that using this method, you have to clearly identify who you are and give them a clear way to unsubscribe. To do the latter, use the “stop” message function which can be manually chosen when you set up the message.
All told, if your company has ascribed to best practices regarding privacy and marketing communications, there should be no significant hurdles with CASL.
And rest assured, if you’re simply using Apptoto to remind your clients of their appointments you are perfectly compliant and safe.
If you have any questions about CASL and using Apptoto, reach out to us!