As you may have already heard, the CRTC will begin enforcing a new anti-spam law as of July 1, 2014. This new law cracks down on email spammers by enforcing strict measures that need to be taken before an organization or business is authorized to send a commercial email message. This will no doubt be a cause of concern for those companies who have compiled a list of email addresses in order to regularly stay in touch with clients.

There are three general requirements for sending commercial emails under the new law:

1. Consent: people in your email list must have expressly consented to receive communication from your business, either in writing or verbally.
2. Identification information: you must clearly identify your business within the email.
3. An unsubscribe mechanism: users must be able to unsubscribe from your email list with an unsubscribe link in your email.

The Good News

This new legislation is similar to what is being enforced in the United States with the CAN-SPAM Act. Since many email marketing providers are based out of the United States, chances are you are already following many of the new rules. However, that doesn’t necessarily mean you are out of the woods just yet – you must also be able to prove that these requirements are being met.

Obtaining Consent

Consent can be obtained via a subscribe form or checkbox. The nature of communication that the user is consenting to receive must also be clearly indicated. The only caveat is that a “pre-checked” subscribe checkbox is considered invalid; users must actively “opt-in” to communication rather than being forced to “opt-out”.

“The manner in which you request express consent cannot presume consent on the part of the end-user. Silence or inaction on the part of the end-user also cannot be construed as providing express consent. For example, a pre-checked box cannot be used, as it assumes consent.

Rather, express consent must be obtained through an opt-in mechanism, as opposed to opt-out. The end-user must take a positive action to indicate their consent. For example, this can be done by providing a blank box which a user can check off to indicate consent.”
– CASL FAQ

Just obtaining consent is not quite sufficient to correctly follow the new rules – you must also be able to prove consent after it has been given.

Proving Consent

Data required in order to prove consent:

• whether consent was obtained in writing or orally,
• when it was obtained,
• why it was obtained, and
• the manner in which it was obtained.

It’s a good idea to double-check whether you have proof of consent of the existing subscribers in your current email list. You will need to have the subscriber source recorded somewhere, to verify that your subscribers opted-in by a signup form. You will also need to record the date and time that the subscriber opted-in.

“31. The Commission considers that an example of an acceptable means of obtaining consent pursuant to section 5 of the Regulations would be an icon or an empty toggle box, separate from the licence agreement and other requests for consent, that would need to be actively clicked or checked, as applicable, in order to indicate consent to one, several, or all of the functions listed in subsection 10(5) of the Act, as applicable, provided that the date, time, purpose, and manner of that consent is stored in a database.”
– Compliance and Enforcement Information Bulletin CRTC 2012-548

Verifying Proof of Consent

If you use MailChimp: You can view the Signup Source for your individual subscribers through the Manage Subscribers section. This information is included on the Details tab of each subscriber’s profile page in the Overview section. (Unfortunately, this data is only recorded for people who subscribed after 9/19/2012.) As long as the Signup Source is some kind of signup form, this means that the subscriber opted-in to your subscriber list. If the Signup Source mentions that the subscriber was added manually or through a list import, or is missing altogether, this is an indication that the subscriber didn’t necessarily opt-in to receive your emails.

If you use Campaign Monitor: Unfortunately, the subscriber source is not automatically recorded with your standard Campaign Monitor subscribe form. However, you can begin to record this data by adding a custom field to your subscribe form.

If you use Constant Contact: Similar to Campaign Monitor, Constant Contact does not record the subscriber source or subscription date by default. The best way to track that information is by adding additional fields to your contacts.

What To Do If You Cannot Prove Consent

You have until July 1, 2014 to obtain express consent from the subscribers in your email list. If in doubt, the fastest way to obtain this is by creating a brand new email list, and then sending a mass-email to your existing subscriber list and asking your subscribers to opt-in again to your new list. This will allow you to track the necessary data about your subscribers.