SO YOUR THINK YOUR ORGANIZATION IS CASL COMPLIANT? 

It’s been 4 and a half years since CASL came into force, causing businesses to convert our existing lists into CASL compliant lists. Even today, many Canadian organizations are not even close to CASL compliance. I will explain.

The law came into force on July 1, 2014 and the CRTC granted a 3 year period to use ‘the normal, natural course of business’ to update all opt-ins to be CASL compliant.

A CASL compliant EXPRESS opt-in is:
1. an individual who has taken a positive action to request that you communicate with them.
2. You have clearly stated your full Company name and mailing address of your office including a name and 2 ways to contact them (usually email and direct phone number)
3. You have made a clear statement of what kind of communication one might expect from you.
4. You have stated “You can unsubscribe at any time”

If, with all of these elements present, an individual opts in to your organization, CRTC believes it was intentional and of their conscious will. As we stumble around the internet, we are surprised at how many “express opt-in forms” do not include the prescribed information. Will they be accepted as express opt-ins by CRTC? Why take the risk?

IMPLIED opt-in has it’s own set of criteria and requires a much longer explanation, but you get the gist of it. No more grabbing email addresses and blasting far and wide hoping you hit something. Those days are gone. CASL is ‘upping the standards of professionalism’ required to engage in email marketing and SMS Text Marketing (sure wish they had done this in the telemarketing space years ago).

That’s not to say you have been ignoring CASL. As I understand many organizations have done a great job of ensuring they have a working unsubscribe in EVERY email sent. Kudos. For many enterprise level clients I am certain that was no easy feat. Just locating every source of emails from within your organization can be a challenge for Canada’s largest firms. But fact is CASL has many moving parts to it and CRTC has stated they expect you to prove that you are not breaking the law.

CASL is simply email marketing best practices

Maybe you can score your organization from 0 -10 in each of the following areas — zero being terrible and 10 being perfect:


1. Do you have working unsubscribe mechanisms in EVERY single email you send – both bulk email and one-to-one emails from staff using a company URL as their email address? ______/ 10

2. Can an individual unsubscribe with two clicks or less?  _____/10

3. Is that individual remove or suppressed from your email list within 10 business days (2 weeks) of unsubscribing?  _____/10

4. Can you describe in detail each and every way you collect email opt-ins, including the exact language you use?  _____/10

5. Do you know the relationship of your organization with every individual on your opt-in list? _____/10

6. Can you prove date of sign up, language used, IP address tracked, or the original source of the granting of permission for each opt-in?  ____/10

7. Can you track the data changes, in real time, so you know how the relationship with each individual on your list changes? ___/10

8. Do you only send the kinds of emails you promised when the individual opted-in? ____/10

9. Do you know, in detail, how your entire email marketing process works such that it can clearly be communicated to a new employee? ____/10

10. Have you appointed a CASL Compliance Officer and documented your entire process in detail? ____/10

11. Have you incorporated your documented process into your staff training so everyone in the organization understands these policies? ___/10

12. Do you have a process for making changes to your email marketing program? ___/10

13. Do you have a documented communication policy for communicating those changes? ___/10

Total ____/130

Now I ask again: Is your organization CASL compliant?

Your email service provider can probably speak to the unsubscribe mechanism but has no idea about your internal policies and how you secure opt-ins. ‘That’s your responsibility’.  WHO you send emails to and WHAT emails you send is none of their business. The email service providers are there to handle HOW you send it.

If you have any doubts about your ability to comply, please contact us today and we will at least explore the obvious gaps and help you to take small steps toward compliance.

Derek A. Lackey is the author of CASL Compliance: A Marketer’s Guide To Email Marketing To Canadians. , a book written for marketers by a marketer. He has also developed CASL Keep™ a comprehensive compliance process designed to address all compliance issues from CRTC, the Office of the Privacy Commissioner of Canada and the Competition Bureau.

Leave a Reply