The days of using email to fish for prospects are over. On July 1, Canada’s anti-spam legislation (CASL) made it illegal to send people commercial electronic messages (CEMs) without consent. The law applies to more than blatant marketing, notes Adrian Liu, a lawyer at Borden Ladner Gervais (BLG) in Toronto. It could also affect soft sells, such as newsletters and invitations to steak lunches.

The legislation says consent is implied with people who have purchased products or services from you in the last two years, or with whom you have a written contract. So you can continue sending clients reminders about RRSP season, for instance.

But those emails must include an option to be taken off your list. “You can set up your unsubscribe mechanism in many different ways,” says the Canadian Radio-television and Telecommunications Commission (CRTC) on its website. “It can be broad or granular. For example, you can offer a choice to recipient[s], allowing them to unsubscribe from all or just some types of CEMs your organization sends. An unsubscribe mechanism…should be simple, quick and easy for the end-user.”

Liu says low-tech is fine. You can simply include in your signature a note saying, “If you no longer wish to receive these emails, please respond to this email with ‘unsubscribe’ in the subject line.”

Liu warns you need to give all clients an unsubscribe option, even those with whom you’ve had decades-long relationships. It “has to be there, no matter how well you think you’re connected to someone.”

If you sent people on your list a more elaborate, check-the-box email to secure consent, be careful how you deal with those who don’t respond. Liu says, “Ask yourself questions like, ‘Did they provide me with their email addresses? Did they make requests for information?’ ” If the answer is yes, you’re likely on solid ground. The CRTC says the onus is on the sender to prove consent, so keep records for each email address, showing:

  • whether you obtained consent in writing or orally;
  • when it was obtained;
  • why it was obtained; and
  • how it was obtained

To prove verbal consent in the event of a dispute, the CRTC requires that an independent third party be able to verify it; or that you have a complete and unedited audio recording of the consent.

There’s really no getting around the prohibition, and the CRTC will likely be in no mood for violators who try to get cute with the rules. For instance, using a CASL consent request as an excuse to make initial contact with a prospect won’t fly, says Liu. “You shouldn’t be making a request for consent in an email because you shouldn’t be emailing them in the first place.”

She also warns against thinking publicly available email addresses are fair game. Say, for instance, you’d like to add more lawyers to your book. Liu’s email address is right next to her photo on the BLG website, but that doesn’t mean you can prospect her via CEM. You can certainly email her, but the message has to be related to her work as a lawyer, not about what you can do for her portfolio.

Exceptions and enforcement

The law has some exceptions. One is for referrals. But, “[it] must be made by [someone] who has an existing business relationship, an existing non-business relationship, a family relationship or a personal relationship with the sender and the recipient of the CEM,” says the CRTC. The CEM must include the full name of the person who made the referral and an explicit statement indicating the CEM is a result of the referral.

There’s also an exception in cases where someone gives you his business card, but it only applies if:

  • the message relates to the recipient’s role, functions or duties in an official or business capacity;
  • and the recipient has not made a statement when handing you the business card that they do not wish to receive promotional or marketing messages at that address.

And if you get an angry email from someone who doesn’t want to be on your list, Liu says to stop sending him commercial emails immediately. She adds people have to be removed from lists within 10 business days of unsubscribing.

The CRTC says its response to violations will depend on “the nature, seriousness and impact of the violation, the history of non-compliance and the measures taken to prevent the violation from taking place.” Three key points about enforcement:

  • when assessing a penalty for non-compliance, the CRTC will consider steps you take to show due diligence (i.e., tracking how you obtain email addresses);
  • The CRTC will focus its investigations on cases where there are a significant number of complaints, or there appears to be a major transgression; and
  • in the case of a violation, an undertaking with the CRTC eliminates the possibility of private lawsuits.
      The regulator can impose monetary penalties. The maximum fine is $10 million.