As we will soon be celebrating the 3rd ^anniversary  of the adoption of Bill C-28, I would like to take this opportunity to remind those who are not yet aware of this announcement that it is not too late to comply! As a guide (or reminder), here are some details on the new Canadian anti- spam law .  

The law c-what?

Canada's Anti-Spam Legislation refers to "  An Act to promote the efficiency and responsiveness of the Canadian economy by regulating certain practices that discourage the conduct of business by electronic means and to amend the Act on the Canadian Radio-television and Telecommunications Commission, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act  ”… phew!

Its objective: To encourage the growth of e-commerce by ensuring business confidence and consumer confidence in the online market.

In other words, it is a law aimed at  regulating online commercial exchanges in  order to reduce harmful “spam” in Canada. However, all commercial electronic messages (CEMs) will be governed by this law, ie emails and text messages.

In addition to CEMs, the law also seeks to control other electronic exchanges between a business and a consumer: the installation of computer programs on another person's computer and the modification of transmission data without express consent. .

When does it come into effect?

The law has been adopted… but is not yet in force! Here's how the law has gone so far:  

Adapted from: http://web01.inboxmarketer.com/casl_timeline.asp

At this time, Industry Canada would be reviewing the many comments on the latest draft regulations in order to draft the final version of the regulations, and set an official effective date.  

Update (December 6): The Act will come into force on July 1, 2014 ! 

How to submit to the law?

REGISTRATION

The law mentions that electronic communications can only be carried out with the prior consent of the persons concerned. Here are the different types of consent that give you permission to communicate with your potential customers.

EXPRESS CONSENT

Written consent can be given, either electronically or on paper, and is considered valid as long as the information can be verified.  

For a consent obtained orally , it is valid if: 

• It is verifiable by an independent third party; Where
• A full and complete sound recording of the granted consent exists.

In all these cases, there is no expiration date on the consent.

OPT-IN VS OPT-OUT

To obtain explicit consent by verifiable information online, the law prohibits the opt-out  (eg: box already checked), which does not represent in its sense a positive or explicit manifestation of the consumer's will.  

Example of opt-out – to be avoided

You must then proceed with  an active consent mechanism ( opt-in ) , and this can be done by checking a box or entering your email address. The text that accompanies the action must indicate that it is possible to withdraw consent.

However, care must be taken, the request must be  requested separately  from other elements (e.g. general conditions of use or sale):

IMPLIED (OR TACIT) CONSENT

It is possible to solicit a person with whom a  business or private relationship already exists  before the first MEC:

• After a purchase, rental or barter of a good, product, service, land or right;
• When there has been acceptance of a business, investment or gambling opportunity;
• When there is a contract concluded in writing (still in force or expired during this period);
• After an inquiry.

In these particular cases, the duration of the consent has a definite duration of 2 years from the date of purchase/receipt of the service/end of an agreement. In the case of a request for information, the duration is shortened to 6 months.

It is therefore important to think about asking these people to give you explicit consent, to skip the time limit.

Note: If there is no obvious indication that the person does not wish to receive unsolicited CEMs, it is possible to send them to an email address if it is in plain view.

UNASSIGNED MESSAGE TYPES

Several types of messages will not comply with these rules. It will therefore be possible for a communicator to provide without consent:

• A response to a price request (or quote for services);
• Confirmation of an operation or transaction;
• Warranty information;
• Messages containing factual information regarding an acquired product or service;
• Messages to employees or contributors to a pension plan; Where
• Messages regarding product updates.

INFORMATION TO INCLUDE IN THE MESSAGE:

Any information to be included in the CEM that helps identify the sender or understand how to unsubscribe must be clear and easily readable . Certain information is now mandatory and must be included in the message: 

• The sender of the message or the person(s) on whose behalf the message is sent must be identified.
  • The relayer of a message between the sender and the person in whose name the message is sent does not necessarily have to be identified if he has no influence on the content or the choice of recipients.

• The postal address of the person sending the message must be included in the message. If it is different, it is rather the address of the person in whose name the message is sent which must appear there.
  • This must be valid for at least 60 days following the sending of the CEM.
• The message must contain a hyperlink to the exclusion mechanism.

UNSUBSCRIBE

When the law comes into force, it should be easy for a user to withdraw consent with a  simple, quick, easy-to-use  opt-out mechanism that can be accessed without difficulty or delay.

For example, a link in a received CEM leading to a page allowing the user to indicate whether they no longer wish to receive a type of message, or no longer wish to receive CEMs at all from the sender , is considered acceptable.

The unsubscribe request must be processed within a maximum of 10 days.

How to prepare?

Here is a short list of elements to be revised between now and the entry into force of the law:

• Create a complete list of your various commercial electronic messages
  You need to be able to determine which messages require consent.
• Determine if e-mail addresses can be used when the Act comes into force and clean up the BDs or obtain the necessary consents
  Which were tacitly obtained? Has the period of validity of the consent expired?
• Update processes for requesting consent
  Be sure to use an opt-in option separate from other requests.  
• Ensure that the appropriate systems are in place so that each consent obtained is detailed in a document
  . Do you need to adapt your emailing tool to collect this information?
• Create fields in DBs to record date of consent to consider implied
  Can you manually add implied consent dates for new entries?
• Update templates for sending e-mail messages
  Include the sender's contact information, mailing address, and a hyperlink to the opt-out mechanism.
• Update the unsubscribe mechanism and processes to ensure that these requests are handled easily
  Are you giving your customers the chance to choose the types of communication they prefer to receive? Is the opt-out process simple?

What if the law never came into force…?

Update (December 6): The Act will gradually come into force from July 1, 2014 ! 

Is it worth preparing to avoid a hefty fine when it comes into effect? Possibly.

Is it worth reviewing its practices to better respect users? So there: yes! If you are planning your strategies for 2014, allow yourself time to make these changes. You will only be able to come out better (unless you are a real spammer, and in this case I say to you: boo .) 

Thanks to Gabrielle Provost for her participation in the research.

For more information: Government of Canada – Canada's Anti-Spam Legislation