Shop MagsBC
Close this search box.

MagNet 2017 Session: CASL Compliance

PROVISO: these are notes from Derek’s talk, and as such may not be entirely accurate and in any case will not cover everything you need to know about CASL, just get you started.

We recommend you visit the Direct Marketing Association of Canada and Blazon Online websites for more complete information, guidance and a checklist before making any CASL compliance efforts.

For those of you unfamiliar with CASL, Canada’s Anti-Spam Legislation applies to any commercial electronic message (CEM). CEMs are identified as those emails that promote or encourage a commercial activity, no matter how small, e.g. subscribing, including an ad, promoting goods or services, or linking to a commercial site. One exception is a transactional message, e.g. sending a bill to a client.

Derek Lackey, president of the Direct Marketing Association of Canada and CEO of -30- Strategic Communications, started the 2-part workshop by listing the eight components of a CASL corporate compliance program:

  1. Senior management involvement
  2. Risk assessment
  3. Written corporate compliance policy
  4. Record keeping (the hardest to implement and keep up, and should be easily accessed)
  5. Training program
  6. Auditing & monitoring
  7. Complaint handling system
  8. Corrective (disciplinary) action

All of these components should be detailed in a written manual available to all staff and updated at least quarterly as changes to and judgments on the CASL legislation occur (add those too if you can). It doesn’t have to be fancy, but it does have to exist and be easily accessible to all staff.

If you have collated a manual with written policies and procedures you’re trying to implement, you’ll likely get a warning after an audit if you’re not completely compliant. If you don’t, you’ll likely get a fine.

In order to comply with CASL, there are five stages each organization needs to go through:

  1. Email audit (should include questions on consent, proof, corporate management, engagement, unsubscribe option, message content, list management, etc.)
  2. Design (e.g. systems)
  3. Document (e.g. opt-ins, systems)
  4. Technology (e.g. how will track compliance)
  5. Staff training (e.g. how to be compliant, corporate policies, etc.)

All organizations need the following in their message asking people to subscribe:

  1. Your company or organization’s name & mailing address
  2. A contact name with two ways to contact them
  3. What you will be sending the subscriber
  4. Easy way(s) for the recipients to unsubscribe at any time

There are five types of consent that are allowed: express, implied consent (business relationship, non-business, and conspicuously published), and personal relationship (friends and family). More information on consent types is at Companies must document and track how the person gave consent for all of the types above and the date the person opted in.

Best practice is encouraging all your email subscribers both current and future to do a double opt-in. This involves setting it up so a potential subscriber submits their email address and other information to sign up to a newsletter, then the system automatically sends an opt-in message to the subscriber with an “agree” button that they must press in order to be added to the list.

For current subscribers, sending an email asking them to confirm they still wish to receive your emails is a good way to keep your lists clean and compliant.

This may also be a great opportunity to ask your email subscribers for their preferences, i.e. have check boxes for events, literary contests, newsletters, announcements etc. in order to have more targeted emails. Derek also recommends having an “update preferences” in addition to your unsubscribe button in your emails for when people become more (or less) engaged.

Another option to consider is unsubscribing or suppressing those recipients who haven’t engaged in any way. Your distribution may be smaller, but your engagement will be higher.

If you find your unsubscribe button does not work, you have to unsubscribe your clients within 10 days. If you add people to your list through draws or contests, online or in-person, you also need to post a statement saying so prominently, so they can opt out or choose not to enter the draw if they want.

Derek recommends building lists to buying them, as the latter can get you in trouble, and the former targets only those customers and readers that are actually interested in your product or service.

U.S. companies are also required to be CASL compliant when emailing to Canada. Any email from anywhere, but especially from the U.S. and Canada, that doesn’t have an unsubscribe option can be sent to for them to track and deal with if enough complaints come in.

Bottom line is to be clear and transparent when encouraging opt-ins, track when and how people signed up, have policies in place and work on implementing them, and always give a link on how to unsubscribe.

— Sylvia Skene, Executive Director, Magazine Association of BC