Upload
act-on-software
View
531
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Get to know the ins & outs of Canada's latest anti-spam legislation in this exciting webinar led by David Fowler, Act-On's Chief Deliverability Officer!
Citation preview
www.act-on.com | @ActOnSoftware | #ActOnSW
PREPARING FOR COMPLIANCECanada’s Anti Spam Law (CASL)
www.act-on.com | @ActOnSoftware | #ActOnSW
#ActOnSW
Social
www.act-on.com | @ActOnSoftware | #ActOnSW
Chat
www.act-on.com | @ActOnSoftware | #ActOnSW
Today’s Presenters
David FowlerChief Privacy & Deliverability [email protected]@oregonlimey
Sophia JacobsonDeliverability Services [email protected]@SophiaJacobson1
www.act-on.com | @ActOnSoftware | #ActOnSW
Today’s Agenda
1. Legal Disclaimer
2. CAN-SPAM Review
3. The Canadian Anti-Spam Law (CASL)Tenants of the Law Disclosure and Consent Key Differences
4. Next Steps For CASL and You
5. Wrap Up – Q&A
www.act-on.com | @ActOnSoftware | #ActOnSW
Disclaimer
Act-On Software does not provide legal advice or counsel pertaining to this subject or any related legislation or compliance
issue. We always recommend that should you require a legal opinion you should seek counsel form a qualified legal resource.
www.act-on.com | @ActOnSoftware | #ActOnSW
CAN-SPAM Review
www.act-on.com | @ActOnSoftware | #ActOnSW
CAN-SPAM Review
The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act).
CAN-SPAM Requirements
Types of MessagesThe CAN-SPAM Act covers commercial email messages, the primary purpose of which is the advertisement or promotion of a commercial product or service.
Permission | Opt-In Requirements Under CAN-SPAM, direct marketing email messages can be sent to anyone, without permission, until the recipient explicitly requests that they cease ("opt-out").
Unsubscribe | Opt-Out Requirements
Every message must include opt-out instructions. The sender must honor the opt-out requests of recipients within 10 business days.
2008 Rule Provision:An email recipient cannot be required to pay a fee, provide information other than their email address and opt-out preferences, or take any steps other than sending a reply email message or visiting a single Internet Web page to opt out of receiving future email from a sender
www.act-on.com | @ActOnSoftware | #ActOnSW
CAN-SPAM Review
CAN-SPAM Requirements
Sender Identity
The CAN-SPAM Act bans false or misleading header information. The email's "From", "To" and routing information – including the originating domain name and email address – must be accurate and identify the person who initiated the email.The Act prohibits open relay abuses, falsifying header information, generating multiple email addresses to send from, deceptive subject headers, address harvesting and dictionary attacks, and other fraudulent ways of sending spam.2008 Rule Provision:
The definition of "sender" was modified to make it easier to determine which of multiple parties advertising in a single email message is responsible for complying with the Act's opt-out requirements.A definition of the term "person" was added to clarify that the CAN-SPAM Act's obligations are not limited to natural persons.
www.act-on.com | @ActOnSoftware | #ActOnSW
CAN-SPAM Review
CAN-SPAM Requirements
Subject Lines | LabelingDeceptive subject lines are prohibited. The subject line cannot mislead the recipient about the contents or subject matter of the message. Identification that the message is an advertisement or solicitation is required.
Contact Information Postal Address
Yes, a valid physical postal address is required.2008 Rule Provision: A "sender" of commercial email can include an accurately registered PO Box or private mailbox established under United States Postal Service regulations to satisfy the Act's requirement that a commercial email display a "valid physical postal address".
www.act-on.com | @ActOnSoftware | #ActOnSW
CAN-SPAM Exemptions
• As discussed the act applies to 100% commercial email• But what about transactional or hybrid messaging?
• Transactional messaging (no commercial content) are exempt • Commercial + Transactional | Cross Selling
• The “primary purpose” rule comes into effect• The recipient decides on the primary purpose
• If the recipient determines the message is commercial in nature then the message has to be compliant• Consider the 80/20 rule• 80% transactional | 20% commercial
• Place the offer below the fold as not to dominate the real estate
www.act-on.com | @ActOnSoftware | #ActOnSW
Canadian Anti-Spam Law
www.act-on.com | @ActOnSoftware | #ActOnSW
Canadian Anti-Spam Law (CASL)
• Enacted in 2010 and scheduled to go into effect: 7/1/14 • Intended to promote ecommerce by deterring:
• Spam, identity theft, phishing, spyware, viruses, botnets and misleading representations online
• Covers sending commercial messages AND installing software on other peoples devices
• CASL creates new offenses, enforcement mechanisms and penalties • It’s one of the strictest ecommerce laws globally
• Higher consent standards for all • Detailed content requirements • High penalties: $10M fines a possibility for non compliance
www.act-on.com | @ActOnSoftware | #ActOnSW
Tenants of the Law
Tenant Requirements
Permission: CASL Requires you obtain permission (consent) prior to sending any communication. You also need to have proof of opt-in including source / time.
Scope: Senders of any form of commercial electronic messaging, for example: email, voice, text messaging and social media.
Location: CASL is unique it regulates any message sent from or received in Canada. It does not apply to countries that have existing email laws. You are only required to follow the law of where the recipient is.
Unsubscribe: All commercial messages sent must contain an opt-out method, one difference being that you cannot confirm the opt-out request via a follow up method.
Exceptions: Quotes, estimates, pre-existing transaction material and factual information about loans, memberships and accounts are exempt from CASL.
www.act-on.com | @ActOnSoftware | #ActOnSW
Disclosure Requirements
• Electronic Messages being sent from or to Canada must: • Clearly identify the sender of the message• Have a clear, applicable, and relevant subject line and 'From' name that reflect
the purposes of the email• A notice that the message is for commercial purposes (if applicable)• Contain a physical address as well as a URL, email address, or phone number
where the sender can be reached and that is valid for up to 60 days after the message has been sent
• Contain a valid and working mechanism that will unsubscribe the recipient within 10 days and is available for at least 60 days after the messages have been sent
www.act-on.com | @ActOnSoftware | #ActOnSW
Consent Requirements
• Express Consent: • Did the recipient say “YES” to receiving your commercial message? • The individual MUST take positive action to “opt-in”
• Implied Consent: • Do you have and demonstrate an existing business relationship or non-business? • Did the recipient disclosure their address to you? • Must clearly and simply set out purpose(s) for consent
• Must obtain express consent to send CEMs unless there is • Existing business relationship OR • Existing non-business relationship • An email user must express consent by opting-in to receive
communications from the sender.• You can rely on implied consent to send CEMs to recipients with an existing
business or non-business relationship • EBR lasts for 2 years from the last transaction
www.act-on.com | @ActOnSoftware | #ActOnSW
Consent Requirements
• Consent is NOT required for: • Quotes or estimates • Messages that confirm or facilitate transactions• Providing warranty, recall, safety or security information • Provide information about:
• Ongoing use or ongoing purchases• Ongoing subscription, membership, accounts loans of similar• Employment relationships or benefit plans
• Deliver a product good or service, including updates and upgrades
Important: ID and Unsubscribe mechanisms are required for these messages
www.act-on.com | @ActOnSoftware | #ActOnSW
Violations and Enforcement
• CRTC: primary enforcement agency, including administrative monetary penalties (AMPs) • Maximum penalty is $10m, for an organization per violation • Relevant factors include purpose of penalty, nature & scope of
violation, history, financial benefit ability to pay • May enter into compliance undertaking with the CRTC
• Directors and officers liability | Employers liability • Importance of “due diligence” taken to prevent the violation
www.act-on.com | @ActOnSoftware | #ActOnSW
CASL vs. CAN-SPAM – Key Differences
Address a broad range of internet issues – digital channel Applies to all form of electronic messaging Prior permission based – Documented Consent Required Private right of action available to anyone
Individuals, businesses etc. - effective 2017
Addresses spam only Apples only to email, contains SMS domain opt-out No prior permission required – Consent Not Required No private right of action, available to ISPs and
Government to bring lawsuits
www.act-on.com | @ActOnSoftware | #ActOnSW
CASL Summary
Prior consent required (Implied or Express) Prohibits unsolicited commercial electronic messages Prohibits program installations without consent
Express consent required, becomes effective 1/15/15 No false information allowed
Sender or subject lines No harvesting or dictionary attacks More than email | IM, SMS, Social Media, Voice
www.act-on.com | @ActOnSoftware | #ActOnSW
CASL Summary
Other Requirements: • Unsubscribe no longer than 10 business days• Postal address required • Private right of action included – Effective 2017 • Officers of organizations can be held accountable for their organizations
messages Exemptions
• Family or personal relationship | business or inquiry relationship Enforcement
• Cross boarder can’t hide under HQ location • Protection for “honest” mistakes
www.act-on.com | @ActOnSoftware | #ActOnSW
Next Steps for CASL
• CASL to become law in July 2014• Implementation of a Spam Reporting Center:
• Once operational will accept messages, analyze trends in spam and other threats to electronic commerce
• New roles & responsibilities for three government agencies: • CRTC | Competition Bureau | Privacy Commissioner• International agency cross boarder cooperation | Including the FTC
• Interpretive guidelines• Many definitions and requirements under CASL remain broad and unclear
www.act-on.com | @ActOnSoftware | #ActOnSW
Next Steps For You
• Begin internal awareness for your organization, identify the key stakeholders • Conduct an internal assessment for CASL impact• Update your website and privacy policy• Update forms and procedures that document consent • Address unsubscribe requirements and timeframes• Update existing customer service processes • Develop and included information and training:
• For employees, management and respective associates • Review and amend any third party contract requirements:
• Limitation of liability, representations and warranties, including address rental • If operating in North America meet BOTH CASL & CAN-SPAM requirements
www.act-on.com | @ActOnSoftware | #ActOnSW
More Info & Resources
• Government of Canada: • http://fightspam.gc.ca/eic/site/030.nsf/eng/home
• Industry Canada: • http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/gv00521.html
• FMC Law Group | Margot Patterson:• www.slideshare.net/fmclaw/casl-vs-canspam-canadas-antispam-law
• Email Karma | Matt Vernhout: • http://emailkarma.net
www.act-on.com | @ActOnSoftware | #ActOnSW
Learn More About Act-On Software
Ready to Learn More?Call +1 (877) 530-1555
Email [email protected] www.act-on.com
THE FORRESTER WAVE™ LEADERS
QUADRANT
www.act-on.com | @ActOnSoftware | #ActOnSW
Q&A
David FowlerChief Privacy & Deliverability [email protected]@oregonlimey
Sophia JacobsonDeliverability Services [email protected]@SophiaJacobson1