On July 1 2017 the private right of action comes into force for the Canadian Anti-Spam Legislation – or CASL. Prior to this date, only the Canadian Government could pursue legal action against alleged spam communications. After this date, private citizens can also take action. This means there will be a far greater potential to have any unsolicited email reported and/or prosecuted. The potential fines for breach of CASL: $1 million for individuals and $10 million for companies and organizations.

Scary right? Not if are well prepared. The following checklist will give you an idea if you are truly prepared:

To do right now:

1. Talk to your legal department and confirm your company’s position on CASL.
2. At the same time, confirm with legal what is commercial communication (marketing or selling) and what is transactional communication (expiry messages or outage information) to be sure you are not sending commercial communications to non-compliant contacts.
3. Check the country details in your database. If you have country values that are blank, create a data capture process to ensure country is always gathered. Suppress commercial emails to any contact who has not given their express consent if their country is unknown. Do not assume a contact is ‘safe’ if you don’t know where they are from as they may be from a country with strict privacy or anti-spam laws.

To do in the next 1 to 2 months

1. Set up a campaign to get express consent from any Canadian contacts that currently have implied consent. Implied consent is, to some extent, open to interpretation, so gathering express consent will remove ambiguity and eliminate the risk of having to prove your innocence in court.
2. Clean your database. Do you really need that Canadian contact who has not clicked on any of your emails or submitted any forms for the last 3 years? If people are not interacting with your communication and you continue to send to them – these are high risk contacts. Do you need them? Is it worth the risk?

To be done prior to July 1 2017

1. Implement an air-tight compliance processes for all Canadian contacts in your database.
2. Be sure you know all communication avenues and be sure they are all compliant. You may well have 100% compliance in your marketing automation tools, but another department might use another system for sending emails – are they compliant too?
3. Have a process of proving consent:
   • Can you prove the date and source of consent being captured for all Canadian contacts?
   • If you cannot, how will you prove you are in accordance with the law?
4. Run full test scenarios for all data capture points. Find the weaknesses and correct them.

If you have any gaps with the above checklist we strongly advise you to address them. Here is an example of a company being fined for breaching CASL. The Canadian government is committed to this law and will prosecute offenders.

4Thought Marketing has successfully implemented system solutions for many companies to ensure they stay on the legal side of CASL. Contact us if you have any concerns your company could be at risk of breaching the law and risking heavy fines.