Tomorrow marks the second anniversary of Canada’s Anti-Spam Legislation (CASL) coming into force and we’ve seen a number of actions from the enforcing agencies with their new legal powers.
To quickly recap:
- 5 March 2015 – 3510395 Canada Inc. (dba Compu.Finder) – Fined $1.1M for alleged violations of CASL
- March 11, 2015 – Avis Budget Group – Fined $30M in AMPS from the Competition Bureau over alleged violations of the sending false or misleading promotions and under CASL for sending the false of misleading advertisement via CEMs
- March 25, 2015 – Plenty of fish Media Inc. – Fined $48K for alleged violations of an unsubscribe requirements
- June 29, 2015 – Porter Airlines Inc. – Fined $150,000 for alleged violations of unsubscribe requirements
- November 20, 2015 – Rogers Media Inc. – Fined $200K for multiple alleged violations of unsubscribe program management.
- April 21, 2016 – 3510395 Canada Inc. (dba Compu.Finder) – OPC findings of alleged violations of PIPEDA and CASL
- The CRTC also participated in the take down of the Dorkbot virus C&C, Completed 30 other violations and issued over 50 Notices to produce under CASL
The CRTC also provided some additional statistics about the data being provided to the Spam Reporting Center; 81% of complaints deal with email, 13% deal with mobile SMS spam, .5% deal with Instant Messages and the rest are unclassified. I would expect this breakdown is largely due to the ease of reporting email complaints vs the other channels (which require screen shots to be submitted). Of the email complaints the largest individual complaints deal with, not surprisingly, Consent – either I didn’t give consent for email, or I asked for it to stop and it continued to be sent.
Still here and asking what is the next milestone?
July 2, 2016 marks the first day that email addresses collected under CASL meet their 2 year implied consent expiration. Meaning that a consumer that has subscribed to your email via an implied consent (Business relationship/non-business relationship) will start to expire. Any consents that have not upgraded to an express consent or if they have not engaged in another transaction with an organization to reset the expiry date on their implied consent.
In light of this some companies are again sending opt-in upgrade campaigns to their subscriber bases asking for express consent. I would recommend building this as a drip campaign so you are not sending large numbers of these all at once and they are tailored to be timed with the actual expiry dates of the consumer’s consent. I’ve copied one such email here received recently in my household (Company name removed) as example.