Building a CASL in the air

spam (1)

Building a “castle in the air” is an idiom used to describe daydreaming or making plans that won’t come true. In many ways Canada’s Anti-Spam Law (CASL), the heterographic acronym, is equally a flight of imagination and an anachronistic one to boot.

Don’t get me wrong, I hate getting unwanted spam as much as all my Facebook pals, but if the solution becomes more difficult to manage than the problem, there’s something wrong.

The genesis of CASL was the creation of the federal government’s Task Force on Spam. About 10 years ago, spurred on by public complaints, the feds began looking around to see how Canada and other countries were managing this growing public irritant. Four years later CASL was first introduced in 2009 and re-introduce in 2010. The bill addresses the legislative recommendations which were designed to address concerns identified by consumers, academics and industry.

Bill C-28 received unanimous support in the House of Commons in 2010 and in December the government announced the law would come into force July 1st 2014, a decade after its inception.

Think back 10 years ago, Blackberry had only a million subscribers world-wide, an Android was still only a character from science fiction, folks were still using Windows 98, XP if they were lucky and Vista if they were on the cutting-edge. In 2005 there was no such thing as a MacBook, at least not one you could buy in a store and Nortel was still smouldering.

Suffice to say, thing have changed in the past decade. Unfortunately, our legislative process runs at glacial speeds. The public demand for anti-spam legislation has also waned considerably since, because technology has largely addressed the problem and if spam isn’t already squeezed out by highly effective spam filters, most people have been able to manage with some rudimentary knowledge of how to cope with it. Select, delete, repeat.

So here we are in 2014 with a law that is little more than an outdated and dangerous intervention on freedom of commerce and freedom of speech. CASL targets any electronic communication known as a Commercial Electronic Message, or CEM that could be considered to “encourage participation in a commercial activity” in any way.

Think about this for a moment. With a definition this vague, the law could potentially target any email, text message or SMS sent by a business. Period.

So, here’s where the rubber meets the road. Either someone has given you the specific authorization to send them a CEM, express consent, or you have implied consent, which is based on an existing business or non-business relationship, or personal relationship.

Express consents do not expire, unless of course the recipient has withdrawn it. Implied consent lasts two years. Consent must be “opt-in”. That means you must actively subscribe to receive a communication.

There is also a B2B (Business-to-business) exemption for existing business relationships. This is essentially any situation where a transaction occurred between two companies in the past two years. CASL also allows CEMs to be sent to relevant “conspicuously published email addresses”, such as email addresses on business websites or on other public sites, without a statement that they do not want unsolicited emails. Huh?

Does that mean bots can still harvest emails from staff directories on company websites? The CRTC says, go talk to your lawyer. There is also a 3-year transition period for businesses to get consents for companies that have an existing business relationship with their clients, essentially to go from implied consent to express consent. Another trip to the lawyer.

All CEMs will need to contain “prescribed information” on the identity of the sender of the email and marketing firm if applicable. CEMs will also have to include an easily-accessible and cost-free unsubscribe mechanism. That’s why you are getting all these emails lately asking if you want to continue to subscribe to the newsletter or communication you probably had to subscribe to in the first place. All the rest can be found in your spam bin, social media filter or if you use Gmail, your update list. (Thank you, my Google).

Here’s where it gets ugly, record keeping and penalties. The onus is on the sender to prove they have consent to send a CEM. That means businesses will need to keep records of express and implied consents, with date and time, type and expiry date of the consent. Interestingly, and apparently something the authors of the bill were oblivious to, this is going to be a significant cost to business.

Smaller businesses without dedicated CRM staff and in-house lawyers, will be writing many more cheques to make this happen. I have noticed there are some new software solutions being developed for the business to track CASL compliance, presumably these are not free.

Although the government insists it will only go after the “worst offenders”. There are fines of $1 million up to $10 million dollars for extreme cases, with a “Private right of action” clause in effect in July 2017. While CFIB doesn’t realistically think the fines will be levied on any significant segment of small business, the question remains…what’s with that!? Why not 10 billion dollars?

These Administrative Monetary Penalties (AMPs) which can be levied without resorting to criminal charges, combined with the bill’s extremely vague and confusing language, have pushed many very small businesses to seek out new customers by phone and letter-mail rather than electronic messaging. So there are folks who are happy, namely telcos and our friends at Canada Post.

For those worried about carrying on normal business activities, some exemptions exist for specific situations, such as: quotes, estimates or enquiries; warranty and safety recall information and other information about ongoing use of a product or service; employment and benefit information, etc.

Oh and political parties and government are also exempt. Go figure.

For its part CFIB has been busy on this file. We’ve made two separate submissions to Industry Canada (IC) and CRTC on the bill and another when it was C-27 in 2009. We had a significant role in business coalition submissions to IC and CRTC, and was part of in-person consultation meetings with CRTC officials.

We’ve specifically raised problems with CASL in meetings with PMO, successive Ministers of Industry and Treasury Board and met personally with CRTC’s CASL regulatory team and Industry Canada officials tasked with putting the legislation and regulations together.

In the first version of the bill and regulations, referrals to new clients were essentially impossible. Continued CFIB lobbying managed to change the regulations so that one message from a referral to a prospective client is allowable.

We received frequent calls from Industry Canada as they were revising the regulations to say that they had taken our letters’ overall message into account. Those led to some smaller changes, such as more flexibility in listing the prescribed information in each CEM and the above changes to referrals.

So here’s the advice CFIB is giving to members. Get your explicit “consents” now, change your emails to include necessary information and set up some form of record keeping. Yes it’s easier said than done but the cost of the alternative is a heavy one. Not to speak of potential reputation costs and issues of public trust and loyalty. Who wants to be known as a “spammer”?

Some tips from CFIB

Perhaps most irritating is the speed of the legislative process has produced a law that governs problems which have largely already been dealt with through better technology. The law has left large companies spending millions and small business struggling to make sense of how to comply and asking why it is even needed.

While business in Canada struggles to comply with this new batch of red tape, there is a danger offshore companies, especially software developers, may simply take Canada out of the loop rather than making the effort to comply.

There is still so much uncertainty and vagueness around CASL compliance may end up being determined on a case-by-case basis. You can guess who will be paying the bill for that while the true spammers will simply continue to try to hide from the regulators.

This government has said it is doing everything it can to help small business. Here’s another instance of the most frightening words an entrepreneur can hear are, “Hi! We’re from the government and we’re here to help you.”

If you managed to get through this lengthy post and find yourself completely irritated by all of this, here is a brief respite from your angst…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s