Of course we all want to make the best use of social media to promote our business or online presence. I recently came across a site offering to ‘pull in email addresses’ to help provide insight to the users’ social media presence. The site purported to provide deep metrics, sites on which the user was registered to, etc. That site has since been acquired and morphed into providing altogether different services. I have no doubt that a simple Google search will identify many other sites offering email lists for sale and e-commerce marketing strategies. This got me thinking that I should share some information about Canada’s new anti-spam legislation also known as CASL. CASL applies to anyone sending e-commerce messaging to or from Canada. So be sure to build a CASL compliant strategy into your e-marketing plans.
This new piece of legislation covers far more than electronic commerce messaging. It deals with the dissemination of malware, botnets, phishing, spyware, etc. But for the purpose of this article, I want to focus on providing accurate information around e-commerce messaging. There is a wealth of sites out there providing material and information on CASL. Some of it is very helpful, but there is still a lot of misinformation out there. Many authors are still grappling with the interpretation of the law. So when doing your research, I strongly suggest that you include among your resources, the authoritative sites on the subject matter. In this case, it would be Canadian government and regulator sites. The main government site that provides guidance to consumers and small-medium enterprises is Industry Canada’s Fight Spam site. There are three regulators that are mandated under CASL. The Canadian Radio-television and Telecommunications Commission, the Office of the Privacy Commissioner and the Competition Bureau. Be sure to check these out.
In this article, I want to focus on providing specific information on how to stay onside with the legislation in Canada when acquiring and sending an e-commerce message to your list of potential customers either via emails, SMS or social media sites. CASL is an ‘opt-in’ regime, which in essence means you must have consent before contacting someone with your e-commerce message. This area falls mainly to the CRTC and there is plenty of information to round out what I will provide here.
Lets look at what falls under ‘what to do‘ to contact an individual. You must either have consent, be it express or implied, or you must acquire it before contacting someone at their electronic address. The CRTC has taken the policy position that if you already had ‘express’ consent prior to CASL coming into force on July 1 2014, it will be continue to be valid allowing you to contact your list of recipients. Keep in mind though that you will be required to prove that you have their express consent should the recipient complain about receiving spam. So if you don’t already have express consent, how do you acquire it? Well, the law says that you can’t acquire it by sending them a commercial electronic message, eg email or an SMS. You must acquire it via your website, your social media campaigns, at trade shows, etc. Any other way, but by sending them an e-message. Again, lots of information available at the CRTC site.
Now if you’ve already done business or have a relationship with someone, you have ‘implied’ consent and can continue to contact your customer for two years following the last transaction or from the end of the contract, such as gym membership. The law is not meant to stifle business but to reduce the amount of spam people receive. Again, the onus is on the sender to prove they have such consent. In either case, you must allow the recipient the opportunity to unsubscribe from receiving any further e-commerce messaging from you.
Let’s look at ‘what NOT to do‘. So you now know that you need prior consent. So the concept of ‘pulling in emails’ is one that needs to be carefully considered. If you want to buy a list of CASL compliant email adddresses, you need to ensure that the express consent acquired was done properly. Scrapping sites for email addresses in an automated fashion, also knows as address harvesting, is not permitted under CASL. So be wary of sites that sell you on that concept. A quick search shows you just how to that. This YouTube site is the perfect example of what not to do.
Sites like this one should not be considered as part your overall strategy. It stated quite openly that “In this tutorial, I am going to teach you how to harvest email addresses using msfconsole in BackTrack 5. Email harvesting is the process of collecting and storing large quantities of email addresses. The email lists that are generated are typically used in mass mailer attacks and phishing attacks.” For more information on address harvesting rules under CASL, check out the OPC site.
Beware and forewarned….the penalties for running afoul of the law are significant!! If you are found in violation, the administrative monetary penalties can be as high as $1 million dollars per violation for an individual and up to $10 million dollars per violation for a business.