After nearly ten years in planning, Canada’s long awaited email privacy law will finally come into effect next year. DMA member and digital privacy expert Dennis Dayman, CIPP-US, CIPP-IT, and Chief Privacy Officer at Oracle/Eloqua gives DMA members the scoop. Dennis is also Chair of the DMA Email Experience Council Advocacy Subcommittee and a member of the DMA Ethics Committee.
On Thursday November 28th 2013, the Treasury Board of Canada President (and champion of CASL) Tony Clement approved Industry Canada regulations in their final form. Today, December 4, 2013, the Minister of Industry the Right Honourable James Moore announced CASL will come into force on July 1, 2014. That’s right folks, six (6) month from now.
After almost ten (10) years of work, Canada has finally put into place an anti-spam law which continues their long-standing Canadian tradition of having opt-in consent. Most online marketers doing business in Canada today are already familiar with their “Personal Information Protection and Electronic Documents Act” (PIPEDA) which is their privacy regulations that require opt-in for processing of PII, but now is enforceable specific to the use of digital channels like email and SMS.
The law imposes onerous opt-in and other responsibilities on marketers doing business online in Canada. It covers items such as the sending of Commercial Electronic Messages (CEM), prohibition of installing computer programs without consent, and sending messages with false or misleading information in the content or header. You can read more about their specifics here at the Oracle | Eloqua site Topliners.
Please note though that CASL is not restricted to residents or companies in Canada, it applies to all marketers sending email To: and From: Canada. The CRTC will work with the Federal Trade Commission (FTC) in the US, and other regulatory commissions to enforce this new law.
Under the new law, a definitive set of requirements and enforcement actions are laid out and penalties for violation of the law can be severe. Unlike CAN SPAM, which covers only email, CASL covers CEM, which is defined as any commercial “message sent by any means of telecommunication, including a text, sound, voice or image message.” Effectively, this includes:
Businesses will need to scrub their lists and remove any covered address for which there is no affirmative opt-in to receive email and other CEM. It is expected that many email lists will be significantly reduced in size as a result. Privacy Policies and form collection on websites should be updated to ensure proper consent. In the case of forms, this includes moving from an opt-out (pre-checked) to an opt-in (not pre-checked) methodology.