We have been asked whether Canada’s new anti-spam requirements will affect U.S. credit unions that send marketing messages to members who reside in Canada. The answer appears to be yes! Thanks to the Georgia Credit Union Affiliates and its member credit union for bringing this Canadian statute to our attention! Here are 5 things you need to know about the Canadian Anti-Spam Law or CASL that goes into effect on July 1, 2014 [Click here for an update]:
1. Coverage: CASL will generally apply to any “commercial electronic message” (CEM) sent to an “electronic address” located in Canada – including electronic messages sent from the United States to Canadian recipients.
Generally speaking, a commercial electronic message or CEM includes any electronic message that has as its purpose, or as one of its purposes, the encouragement of participation in commercial activity, e.g. e-mails with marketing content.
An electronic address is “an email account, a telephone account, an instant messaging account, and any other similar account.” Therefore, covered CEMs include e-mail, text messages, and some social media messaging.
2. General requirements: There are three general requirements for sending a CEM to an electronic address in Canada: the recipient’s consent (opt-in) to receive commercial electronic messages; the sender’s identification and contact information; and an unsubscribe mechanism that can be "readily performed" (i.e., quick and easy for the end-user to unsubscribe from any e-mail list).
3. Obtaining consent:There are two types of consent - express and implied. Express consent can be obtained either in writing or orally. In either case, the onus is on the person who is sending the message to prove they have obtained consent to send the message.
Express consent must be obtained through an opt-in mechanism, as opposed to opt-out (like the U.S. CAN-SPAM statute). The end-user must take a positive action to indicate their consent. For example, this can be done by providing a blank box which a user can check off to indicate consent. Express consent does not expire until a recipient withdraws his consent. For more information on obtaining consent, see: Compliance and Enforcement Information Bulletin CRTC 2012-548 and Compliance and Enforcement Information Bulletin CRTC 2012-549.
CASL includes a transitional provision that applies to implied consent. Consent to send commercial electronic messages is implied for a period of 36 months beginning July 1, 2014, where there is an “existing business relationship” that includes the communication of CEMs. Businesses and individuals may take advantage of this transitional period to seek express consent for the continued sending of CEMs.
4. General prohibitions:CASL and its implementing regulations generally prohibit the:
- Sending of commercial electronic messages without the recipient's consent (opt-in);
- Alteration of transmission data in an electronic message which results in the message being delivered to a different destination without express consent;
- Installation of computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee;
- Use of false or misleading representations online in the promotion of products or services;
- Collection of personal information through accessing a computer system in violation of Canadian law; and
- Collection of electronic addresses by the use of computer programs or the use of such addresses, without permission (address harvesting).
5. Effective dates: The bulk of the requirements become effective on July 1, 2014, including the provisions relating to the sending of commercial electronic messages. There is a three-year transitional period after July 1, 2014 to verify and confirm consent to send CEMs to recipients with whom a business has an existing business relationship.
The provisions relating to the unsolicited installation of computer programs or software go into effect on January 15, 2015. And, the private right of action will be enforced beginning on July 1, 2017.
This blog post obviously only hits the highlights of a very complex law and set of regulations. If you believe your credit union will be impacted by CASL, you’ll need to work with your IT and marketing departments, legal counsel and data processors to ensure compliance with these new requirements. For more information on CASL, visit the links below: