CASL: How to build your startup’s email list without violating privacy

Email marketing is arguably the most powerful piece of any tech startup’s promotional toolkit. As heard at the recent Unbounce CTA conference in Vancouver from both on-stage speakers and audience members, if you can build that email list fast and big enough, you’re on your way to taking over a marketplace. But in Canada, online privacy laws are more strict than in most countries, protecting consumers from getting spammed by over-eager marketing departments. On the anniversary of the Canadian Anti-Spam Legislation’s arrival in July of 2014, we looked at how startups can protect their customers and protect themselves.

“People are definitely asking about this because they see these massive penalties,” says Donya Vahidi, an Associate lawyer with Boughton Law, who focuses on corporate law and intellectual property law. She points to examples like Compu-Finder, which got hit with a $1.1 million fine last year for flouting the anti-spam legislation. Rogers Media also paid a $200,000 fine for sending spam. PlentyofFish got dinged for $48,000. For bootstrapping new ventures, fines like this could be crippling.

For bootstrapping new ventures, million dollar fines could be crippling.

How can companies avoid this kind of punishment? Largely, it comes down to consent. “Organizations that want to send a commercial electronic message, tweet, text, email, or, as of 2015, if they install apps on people’s phones, they must comply with the CASL legislation and get consent,” Vahidi says.

Consent comes in two forms: implied consent and express consent. Implied consent is valid where your company can contact a customer if you’ve had a business relationship with them before. For instance, tweets from someone asking about a software product, for instance, could be classified as implied consent; though even then, it’s not 100 percent ironclad. Implied consent is only valid for two years and if your previous relationship was that they asked your company about one kind of product, that might not imply consent that your customer wants to hear from your other division. “Since implied consent only has a limited time frame of two years, you have to get their express consent, anyway,” Vahidi says.

Express consent comes from directly opting in to a promotional channel, giving permission for a company to get in touch. If a startup wants to reach out to someone in their quarterly email newsletter, for instance, an ideal situation is for that person to have given their express permission before-hand.

As well, when you give people the option to opt out of an email marketing promotion, your company better have the ability to follow up and remove people from the list straight-away. If a customer opts out and you’re still sending them SMS messages or emails because you only update your list manually every couple of weeks or so, you’re setting yourself up for a violation.

Ultimately, companies that protect their companies privacy are protecting themselves as well. Founders, marketers, growth hackers: time to take a long, hard look at your email lists.

Jonathon Narvey

Jonathon Narvey

Jonathon Narvey is a content marketing strategist and BetaKit Senior Editor. Living and working in the heart of downtown Vancouver, he's watched this city's tech hub grow and start to compete on a world-class level. He has learned most of what he knows about tech startups and entrepreneurial spirit by interviewing some of the most innovative thought leaders here and abroad. He's always up for learning something new about the startups, leaders and technologies that are changing our world.