Neil Schwartzman: CASL Compliance

It started innocently enough. I asked ex-Return Path'er Neil Schwartzman to tell me about his new gig, focusing on Canadian anti-spam law compliance. He offered up his reply in a mock interview format, which I offered to post here and share with the world. So, here it is, as he himself puts it, Neil Schwartzman interviewed by an invisible person who is far more enthusiastic than they should be about the topic at hand:

NS: Hi.

IP: HI!!! So what are you doing now that you are out from under the oppressive Return Path régime? It must have been hell! (ed: joking, obv.)

NS: You've been watching too much CNN, hombré. Return Path was great. Always will be. They have a strict no goatee policy, and I wanted to grow a beard, so we had to part ways. I worked for them for five years on policy issues, and it was time to help apply those policies with the force of law.

IP: Return Path makes law now? Wowee!

NS: Not exactly. Canada's Anti-spam Law, CASL, was passed into law in December. I helped get the law passed in a variety of ways, including encouraging enlightened companies like Return Path support the law, which they did, by writing a letter to the Prime Minister.

Now that the law is about to come into force, I wanted to start a new project helping companies to become complaint with the strict new rules in play in North America.

IP: That sounds amazing! But, Canada isn't all the countries in North America, I think the U.S. is considered part of it too. Surely you can't mean the law applies in the States, too?

NS: Don't call me Surely. And yes, that is what I mean. Here's the skinny:

CASL has strict opt-in standards for all types of electronic messaging: SMS, Social Network stuff, and email. It applies to any message that crosses Canadian wires, or is sent to a Canadian. That covers a lot of ground, and a lot of companies, whether they know it or not. Canada and the U.S. do about $1.5 billion dollars of business …

IP: Per year? Wow!

NS: Don't interrupt! $1.5 billion per day, dummy. That is a lot of Simoleans. My point is, case law is well established to have laws applied in one another's countries. For example, Facebook spammer Adam Guerbuez was sued under CANSPAM in California, and Facebook had the law applied, to get their $1 billion dollar judgment, in a Québec court. It works the other way too.

The new law has specified damages, and can be applied by Canadian law enforcement, Canadian individuals, or Canadians as a class-action lawsuit. Damages can be as high as $10,000,000 per email, per day. It adds up fast.

IP: Um, I bought a list once. Actually, I 'rented' it, if you know what I mean. Can you help me?

NS: Well, maybe. You probably should stop buying email addresses, and get rid of that list. Or reconfirm every address on that list really wants to receive your mail. And by reconfirm, I mean Confirmed Opt-in. Anything less leaves you with your butt hanging out, and an angry Canadian will very politely sue you.

IP: Gulp. So what are you doing to help legitimate senders like me?

NS: Well, I have partnered with a Ottawa-area law firm who specialize in this type of law. Kris Klein is one of my partners, and he helped write and apply PIPEDA, (Canada's privacy legislation) for the Office of the Privacy Commissioner, and the Justice Department.

IP: You guys have a Justice Department too? No way!

NS: Way. You don't get out much, do you? If you are done, I'll continue … Shaun Brown, one of my other partners, contributed to developing CASL when he worked at Industry Canada. I was on the Canadian Federal Task Force on Spam, so we figured among us, we have a solid understanding of law, email sending practices, and company policy.

IP: About that list I bought …

NS: I'm getting there. Our other partner, Adam, is the former CTO of IATA, the airline people. Together we have the knowledgebase to not only tell a company where their shortfalls are, why they will cost them huge sums of money, but also how to fix their business problems, and how to implement solutions, probably the trickiest part of all of this.

We call it an end-to-end practices and legal audit. Think of us as your CPA, but for email and electronic messaging. For example, when someone 'Likes' your company Facebook page, does that really give you the affirmative opt-in you need to send messages to them?

At the end of the day, if you follow our advice, we can even give you a clean bill of health, in the form of a legal opinion, saying you have taken serious steps to fix yourself up to be compliant with the law. That's important, because there are CASL clauses that talk about good faith efforts, which can buy you some time, and get you off the hook if you happen to mess up.

IP: Well that's fine. I'll just get an ESP to start mailing that list I bought, and they'll be on the hook, not me.

NS: Sleazy, but almost right. Anyone who has a hand in sending the email could potentially be liable under the law, even your unwitting ESP. They need to do a few things to avoid the likes of people like you.

IP: Me?

NS: Yes you. For example, headers and tracking technologies probably need to be set up to clearly indicate who the actual sender is (that would be you, my friend). As well, they will want to review all of their contracts to hand off liability to the client, make sure their clients are well-educated about the law, and so on.

IP: Tell me more! Pleeease?

NS: Well, no. Our time has come to an end, and since your enthusiasm has waned, I think it is time we went our separate ways. Remember what I said about rented lists though. See you in court!


No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.