Brushing up on CASL Compliance

GetResponse Pro

CASL is a law that applies to all electronic messages (i.e. email, texts) organizations send in connection with a “commercial activity.” Its key feature requires Canadian and global organizations that send commercial electronic messages (CEMs) within, from or to Canada to receive consent from recipients before sending messages. CASL was introduced in three stages beginning in July of 2014 and fully enacted in July 2017.

There are several exemptions surrounding types of organizations, communication to friends/family, etc.  We always advise that you check with your company’s legal department for specific guidance on how you should deploy and manage your CASL compliance.

What we wanted to provide in this excerpt is a review of general CASL best practices for marketers and examples of what we’ve done for other clients.

Here is the high level of what you need to track on your Eloqua contact fields related to email address:

  • Explicit vs Implied Consent
  • Date of consent
  • Consent source

Explicit vs Implied Consent

Explicit consent happens only when someone actively confirms, verbally or written, that they want to receive future communications from your organization, and they opt in (example upon a Preference Center submission if that box is checked).  That is good forever until/unless they later unsubscribe.

Implicit consent happens:

  1. If a customer has made a purchase in the past 2 years, the consent is good 2 years from purchase date before expiring (using ‘last invoice date’ from linked account)
  2. If a contact has made an ‘inquiry’ in the past 6 months, the consent is good for 6 months, then expires.  (Example would be a form submit where they provide their email but there is no verbiage present on the form regarding expressed consent or receiving future emails of a box they need to check)

It is not compliant to pre-check any opt in boxes on forms or landing pages (these would only show as checked if they previously opted in).  It is also not compliant to solicit contacts to opt in at this point.  You cannot email contacts to ask for compliance.

Date of Consent

Ideally, this data should be collected and applied at every data entry point and maintained over time according to compliance rules.  Note that much of the compliance is date related and expires.  You can set up automated programs in your marketing automation platform that will help keep your process in check.  A typical Implied Consent program may look something like this:

Consent Program Example

Relationship One can assist with many facets of CASL processing once you’ve been provided solid guidance from your legal department including:

  • Review of existing CASL processes and data
  • Implementation of a new CASL process
  • Assessing your marketing channels and ensuring they are all part of an overall compliance plan

For all the specific details on CASL refer to this document from the Privacy Commissioner of Canada.

Thank you for subscribing!

Brushing up on CASL ComplianceSubscribe to our Thought Leadership Today

Brushing up on CASL Compliance

Source link