Skip to content

10 steps to help you build your CASL compliancy action plan

To the dismay of many marketers, Canada’s Anti-Spam Legislation (CASL) will come into effect July 1, 2014. As one of the most aggressive anti-spam laws in the world, CASL has created quite a buzz, and for many, what appears to be a lot of new work.

As a responsible marketer, it should be your goal to become fully CASL compliant. Although there is a transition period that applies in certain scenarios, it’s likely not worth the risk to rely on these special exceptions. And, while this may seem overwhelming at first, taking the time to create a step-by-step game plan outlining the actions your organization will take to become CASL compliant can help provide the clarity you need to get you moving in the right direction. Below are 10 steps to help you build your CASL compliancy action plan.

Step 1: Educate yourself on CASL

Familiarize yourself with CASL. Having a strong understanding of CASL and its implications will help you determine what actions need to be taken within your organization, as well as provide the necessary knowledge to help you lead your team to CASL compliancy. For a great resource, check out Marketing Director Ruhee Rajan's blog post outlining the key point from CASL.

Step 2: Create internal awareness

Now that you have an abundance of CASL knowledge, you’ll be more prepared to share this information with the rest of your organization. While you don’t need to drill down to the small details, it’s important that everyone from entry level staff to senior management have CASL on their radar so they aren’t caught off guard when you start talking about new process changes and implementation.

Step 3: Identify key players

Determine who’s involved in anything that could in some way be affected by CASL. Depending on the size and type of your organization, this could range from a few key players to the entire staff. If you’re an agency, remember that both you and your clients could be held liable. Make sure these individuals are well informed about CASL legislation and their specific roles and responsibilities in becoming CASL compliant.

Step 4: Assess current situation

It’s now time to take a microscope to your organization to pinpoint the areas where CASL could have an impact. The list of items you identify in this exercise will eventually develop into the tasks on your to-do list. The key things you want to identify are:

  • Online data capture (e.g. mailing list signup forms, landing page forms, lead generation forms, etc.)
  • Offline data capture (e.g. trade shows, phone leads, received business cards, etc.)
  • Offline forms (e.g. registration forms, etc.)
  • Existing mailing lists and CRM (customer) databases
  • Current email campaigns, triggered emails and manually sent emails

Step 5: Examine existing databases

Although CASL has outlined a special transitional period, the general consensus is that marketers should aim to get express consent prior to July 1, 2014. Express consent is far less ambiguous than implied consent because the permission is clearly captured without much concern for legal interpretation. This means you’ll never have to worry about your implied consent expiring. In general, if you aren’t clear on whether you have implied consent, or haven’t tracked this information, avoid the ‘grey’ area and work towards getting express consent prior to July 1, 2014.

Step 6: Get your inbound data process in shape

Take a good look at every sign up form you have online and make sure you don’t have any pre-checked boxes. Also, review messages that trigger after a form is submitted (such as a welcome email) to make sure the content lends itself to full compliance. This is also an opportune time to grab a screenshot of your online forms. This way you can do a final check that you’ve hit every item on the requirements list, plus you’ll have further evidence of the exact form people would have filled out.

Step 7: Request express consent

It’s now time to email your current contacts to request express consent. It’s important to note that just opening your email or clicking on another link does not qualify as express consent. Recipients need to click a link that clearly identifies that they are requesting to receive your emails. In addition, when they click this link, the date, time and IP address must be tracked, as this becomes your hard evidence for express consent. In your email, you must clearly and simply specify:

  • The purpose for which consent is sought.
  • Request to opt-in (consent can be obtained using a box, however, the box cannot be checked by default).
  • For the person requesting consent AND the person on whose behalf the consent is sought you must provide:
    • Your identity
    • Your business name and actual name (if different)
    • Contact information (one of mailing address and phone number, email or web address).
    • A statement that the recipient may withdraw consent.
    • An electronic link or address to unsubscribe (make sure these are active for at least 60 days)

Step 8: Remove non-compliant subscribers before CASL goes live

As a best practice, anyone who has not given you express consent prior to July 1, 2014 should be removed from your database. While this may mean deleting of a large number of your contacts, it’s important to remember that if after attempting to reconfirm these contacts, they still didn’t express interest, they probably weren’t high-value contacts anyways.

Step 9: Track your efforts

Following this step, your databases should only contain people who are CASL-compliant. It’s a good idea to document everything you’ve done to date and track everything you do moving forward. This includes developing a plan for obtaining and tracking express consent from new contacts. If you run into trouble with CASL, but can demonstrate you’ve made strong efforts to comply, it will play a factor in the event that a lawsuit comes up.

Step 10: Develop and review current policies and processes

Take some time to establish and implement a CASL-readiness and compliance policy to fulfill due diligence obligations. You should also assess your organization’s current Privacy Policy and update if necessary. And remember, becoming CASL compliant and staying CASL compliant are two different things. Be sure to stay on top of things. After all, you wouldn’t want all your hard work to go to waste!

Looking for more help to make marketing work in your B2B company?  Get proven tips in PROFITGUIDE’s Special Report on The Radical Sales Shift.

The Radical Sales Shift Special Report