CASL Compliance: The 5 Types of Consent and How to Achieve Them

Express consent is the gold standard. We walk you through how to achieve it.
Joan Brehl, Vice President and General Manager, AAM Canada
June 6, 2017

(lire en français)

Canadian Anti-Spam Legislation (CASL) is one of the toughest electronic messaging laws in the world. Under CASL the CRTC can fine up to $10 million per violation, a liability that extends into executive offices and the boardroom with directors and officers held responsible.

These are serious consequences for a simple email. And it’s a situation where your good intentions do not matter. What will matter is if you can demonstrate your efforts to be compliant with CASL standards and prove enforcement of a plan with appropriate safeguards and training for your staff. These all equal the need for a compliance program.

Let’s take a look at the requirements for express consent.

Express Consent: The Gold Standard

The first type of consent—and the most coveted—is express consent. This is when an individual intentionally opts-in to your email program. The consumer must both want and intentionally request to be added to your email list. They are familiar with your brand and want the information and offers you intend to send. The language you used to gain consent must be transparent and requires a positive action on the part of the recipient.

If you currently use electronic messaging—primarily email and SMS text messages—to solicit new customers, CASL definitely impacts your program. It is difficult to achieve express consent from consumers who are not familiar with your brand. If you plan to continue using email and text message marketing for new customer acquisition, you’ll need to develop new strategies to request express consent. Under CASL, it is a violation to even send one email asking for consent.

As the main enforcer of CASL, the CRTC offers this description of express consent, “Valid consent given in writing or orally. The recipient gave you a positive or explicit indication of consent to receive commercial electronic messages. Your request for consent set out clearly and simply, the prescribed information. Express consent is not time-limited unless the recipient withdraws his or her consent. Keep records of how you obtained implied or express consent, since in both cases you have the onus to prove consent.”

Let’s review an example of express consent. A consumer signs up for your newsletter by completing a form. The act of providing their email address is the “positive action.”

Another example is agreeing to receive your newsletter by checking an unchecked checkbox. The consumer checking the box is a positive action.

The CRTC mentions prescribed information. This is:

  • A clearly stated company name and mailing address
  • A description of the types of emails the consumer will receive and how often they will receive the messages
  • A contact name and two different ways to contact them (must be valid for 60 days)
  • A statement alerting the consumer that they may unsubscribe at any time

Evidence of express consent must be stored and you must be able to provide it upon request.

Here is a good example from the Direct Marketing Association of Canada:

The contact name and details can be a link but the information must be easily accessible in the link. Do not bury this information in seven pages of your privacy policy.

There are four more types of consent: implied consent existing business relationship, implied consent existing nonbusiness relationship, implied conspicuously published and personal relationship. Learn more about these types of consent and how you can achieve them in our white paper.

Download the white paper now