June 24, 2016 Ivars Leitis
New guidance for email marketers was released on May 27, 2016 by the Office of the Privacy Commissioner of Canada (OPC). Specifically, the OPC released a Report of Findings, Compliance Agreement and Blog Post regarding the “address-harvesting” provisions under the Personal Information Protection and Electronic Documents Act (PIPEDA).
When a company claims express consent for the collection and use of e-mail addresses, it must make sure that individuals approached are fully informed as to the purposes for which their e-mail address will be collected and used.
Publicly available information
Compu-Finder said it thought email addresses posted on websites were potentially open to collection without consent due to PIPEDA’s “publically available” exception. This, however, was not the case, as Compu-Finder’s collection and use of e-mail addresses for the purposes of sending e-mails selling its services were not, at least in some cases, directly related to the purposes for which organizations had posted individuals’ e-mail addresses on their websites.
In addition, the publicly available exception cannot be claimed if an address was collected by the use of address-harvesting software.
Keep robust records
Even if Compu-Finder’s assertion that it obtained consent from individuals to collect and use their email addresses were to be believed, it lacked adequate records to back up its claims.
Any company doing e-mail marketing should keep records indicating when and how consent from individuals was obtained to collect and use their e-mail address. They should also provide some indication as to the individual’s employment, business or profession and the e-mails sent to them to prove relevance where required.
Such records and their sources should also be revisited at intervals if your organization is relying on implied consent to check that such consent remains valid. For example, has a non-solicitation statement been added to a website?
Robust records not only prove good practice in the event of an investigation, they also enable a business to readily remove an individual’s e-mail address should consent later be withdrawn, as required under PIPEDA.
Don’t get hit with a fine that could cost you your business. Ensure compliancy now.
RAVEN5 has flown ahead, navigating through the toughest anti-spam laws in the world, CASL, which came into effect on July 1, 2014 and here is what they found:
Under the new rules, some popular email and text marketing channels will be harder to use because:
Learn the key differences between implied and express consent
Start by ensuring that you and your staff are crystal clear on the definition of CEMs under CASL. They also need to fully understand the two types of consent recognized by CASL:
Convert your existing lists to express consent
If you want to enjoy today’s freedom to connect with potential customers, your existing lists need to be converted to express consent. The government is giving businesses a 36-month transitional period. Strategies include changing opt in buttons, CEMs to convert existing contacts before CASL takes effect, and using direct mail – which is not restricted under CASL – to acquire express consent through clever messaging and a clear call to action.
Track and manage recipients’ consent to avoid stiff fines
Recipients’ consent will now need to be tracked and managed, especially time-limited implied consent. To avoid punishing fines, database pros must ensure that messages don’t go out after implied consent expires. Opt out requests must be honoured within 10 days and all CEMs must stop. Data managers and marketers will also be held accountable if they buy lists that don’t follow CASL’s rules.
Make sure your opt in check box is CASL compliant
Passive “toggle” opt ins, one of the most common ways businesses build their CEM lists, are no longer allowed under CASL. It will be the responsibility of each and every business to make sure that opt in toggles comply with the new law. If your current database was created with a passive opt in, you have implied consent and will need to get express consent.
Create a plan to gather express consent – it’s worth the investment
Unless you have express or implied consent, you are probably going to lose the legal use of many of the lists you currently use for marketing once the 36-month transitional period is over on July 1, 2017. No more sending marketing to email accounts, cell phones via text, or social media accounts. It’s worth creating a plan to gather express consent – which never expires.
Does this sound like a lot to you? That’s because it is. It’s a big job to manage and get your databases, forms and processes up to date. Failure to act now could mean up to $1M in fines for individuals and $10M in fines for businesses.
We can review and ensure that your current databases are compliant as well as evaluate and update all current marketing communications to be CASL-ready.
Going forward, all future marketing communications including forms and processes for gathering opt-ins and list building would be CASL compliant.
Our process includes:
Pricing varies by database size:
|Up to 5M||$925|
|Up to 10M||$1,149|
|Up to 25M||$1,829|
|Up to 50M||$2,199|
|Up to 100M||$3,599|
GET COMPLIANT – IT’S THE LAW
Our process will ensure your list is fully compliant and well documented.