Avoid fines with these CASL compliance best practices

If you’ve dabbled in privacy regulations you’re likely familiar with acronyms like PIPEDA, GDPR, and CASL. These are a few of the most noteworthy laws introduced to protect the rights of consumers in an increasingly digital marketplace. Undeniably, as digital marketers, these policies have impacted the way we communicate with consumers and while most marketers have adjusted their approach, others seem to have carried on as usual.

If you’re one of those rebels, consider this: Earlier in 2021, the Canadian Radio-television and Telecommunications Commission dished out a $75,000 fine to a man who had launched three high-volume spam campaigns without user consent. That’s a lot of cheddar and probably not the kind of accomplishment that you or your business want to be known for.

With that in mind, marketers shouldn’t just continue on hoping they don’t get caught. They should buckle down and learn the rules of the game so they can adhere to Canada’s Anti-Spam Legislation.

Do’s and don’ts for CASL compliance

Of course, Stryve can’t hold you to task, but we can point you in the right direction. When it comes to CASL compliance, here are the things we’re mindful of:

The Do’s

No ‘cold calling’

Only reach out to contacts that have agreed to hear from you. While email submission forms and opt-ins make most cases clear, there’s also the matter of implied consent. For example, when someone reaches out about a product that is currently out of stock, they’ve implied a consumer relationship and by doing so, passively agreed to a follow-up message. If the product becomes available again a month later, you’re in the clear to send an email. If the product becomes available a year later, that ship has sailed and any follow-up email would be considered spam.

Keep proof-of-consent records

Make it easy to identify who electronic communications are being sent to and from. Do this by ensuring contact information like sender name, mailing address, phone number, email, and website, are clearly identifiable in your messages—most likely, in your email signature.

Be clear with your language and set expectations

Be sure to clearly present and articulate opt-in agreement terms so there is no confusion as to what the contact is consenting to. Not only will this help keep you covered legally, but it’s also just good UX practice. In addition to agreement terms, address what type of communications users can expect to receive from you. What topics or circumstances are included? Is there a cadence to the communication that you can specify? Whatever the terms, make sure they are clear in your opt-ins and ensure that you’re sticking by them. For instance, if someone only consents to a monthly newsletter then it’s inappropriate to additionally use their contact information to send out separate promotional emails.

Include a way out

People should be able to stop receiving communications from you. Don’t be one of those companies that keep subscribers trapped by making it almost impossible to unsubscribe. If the opt-out process is easy on the user, you can at least make that last touchpoint a positive one.

Document processes

People make mistakes. When it comes to CASL compliance, companies should have a way of proving any mistakes weren’t intentional in the event of an infraction. Update contact lists on a regular basis and keep them properly labelled. Be sure your site policies are up to date. Test forms. While these administrative tasks may not move the needle in regards to your marketing, they could help you get out of a sticky situation if and when a mistake is made.

The Don’ts

While sneaking around the rules of CASL compliance may give vanity metrics a boost, spam is spam and it isn’t worth the risk. Here are some shady tactics to avoid in order to remain compliant:

• Don’t install software on people’s devices without permission.
• Don’t pre-check or select toggles at the point of opt-in for consent.
• Never send messages without consent.
• Never ignore unsubscribe requests and don’t make unsubscribing harder than it should be.
• Don’t harvest emails or buy email lists where consent was not given.
• Don’t misconstrue someone’s silence as providing consent for contact.

Why should you care about CASL compliance?

While CASL may not seem like the latest news, it’s not something you can afford to forget. Furthermore, with the Government of Ontario recently publishing their whitepaper, Modernizing Privacy in Ontario – Empowering Ontarians and Enabling the Digital Economy, it seems changes may be on the horizon.

Organizations may soon be subject to a new set of provincially mandated privacy laws. While nothing has been made official, it’s anticipated that privacy gaps will be addressed and filled by CASL updates. So, if you’ve fallen behind on CASL compliance, it’s important to catch up now before things get even further away from you. Following our list of do’s and don’ts is a great place to start.