CASL Compliance: How B2B Marketers Can Get and Manage Consent

Mar 11, 2020

CASL Compliance for B2B MarketersWhile CASL became a reality for B2B marketers in September 2017, there’s still plenty of confusion on what constitutes a violation. Everyone wants to avoid the penalties that can range from up to $1 million for individuals and up to $10 million for organizations when sending Commercial Electronic Messages (CEMs). But B2B marketers still have lofty lead generation goals, and email is still a very low-cost method of communication.

So, what can businesses who have missed the window to get express consent do to ensure that their database is compliant, and avoid the risk of losing a substantial number of email subscribers?

We consulted Derek A. Lackey, a private sector expert in CASL and the author of “CASL Compliance: A Marketer’s Guide to Email Marketing to Canadians” on what organizations need to consider as they design and write new compliant practices for their electronic communications strategies.

**Important Disclaimer: Please note that this blog post should not be considered legal advice. Please consult with your in-house counsel for guidance **

A. Risk Consideration

While B2B marketers are rightfully fearful of a complaint to the CRTC, the reality is there would probably need to be at least 20+ complaints filed against your business before you get investigated for violating CASL.

A quick google search reveals that while there have been some penalties levied, they have been for cases that tend to be rather egregious and reflect the spammy behavior that CASL was intended to curb.

Regardless, you may be forced to make a risk/reward decision. If you’re considering a targeted campaign to 500 prospects that are a fit for your company and solution, the risk of being dinged is likely quite minimal. Not zero, but minimal. The real damage may be with your audience. CASL is asking you to do what most consumers would like to see you do. Does “breaking the law” really mean “annoying your prospect – or worse Customer”?

The best way to avoid any CASL penalties is to keep records on how you’ve legally obtained the various degrees of consent. Read further to learn more.

B. The three types of Consents:

1. Express Consent 

Express consent refers to contacts who have given you explicit permission either verbally or in writing to contact them through electronic messages. Unlike implied consent, express consent does not expire, and the contact stays in your database until they hit the “unsubscribe” button on your emails. It’s advisable to keep a log of how the express consent was obtained for a minimum of 5 years.

2. Implied Consent 

Implied consent includes contacts that you have an existing business relationship with such as contacts that purchased from your business within the past 2 years. It also includes: contacts you’ve sent a proposal/quote to, badges you’ve scanned at your event booth and verbally asked for consent, as well as contacts that have emailed you to ask a question. Take a look at the table below for how long implied consent is valid for these contacts before you have to purge them from your database. A light touch is 6 months consent. A significant engagement is 2 years. Remember, you must organize a method of storing and retrieving your proof of consent. This is the tough part for most organizations.

3. Conspicuously Published

This third type of consent includes contacts that have published their contact information on the web or public directories, such as on the company website or in their LinkedIn profiles. You are required to keep proof of consent for these contacts by documenting screen grabs of their job titles and email addresses.

Note: You can gather conspicuously published consent from the web for your existing contacts or net-new contacts, but you can only email these contacts with information that is relevant to their role. You are not allowed to contact them if they indicate they do not want unsolicited messages or have any restrictive language beside their email address.
Timeframes for Gaining Express Consent

C. Opt-in Form Best Practices

It is highly recommended that you include an opt-in form on your website or landing pages to gain express consent. Your form(s) should clearly state the following information:

Opt-in Form with Callouts
Important: Checkboxes on opt-in forms that allow the recipient to receive electronic messages from you as a result of downloading an asset or opting in for a webinar/newsletter, etc. should be left unchecked. A common mistake we see is the checkbox being pre-checked or indicated as mandatory for checking prior to proceeding – This is not permitted under CASL.

D. How to Obtain Express Consent

As you can see from the table above, you have a limited window of up to 2 years in most scenarios to get express consent from contacts that have given implied consent. 

But what are your options if you’ve missed this opportunity window and have no consent from your database to contact them, especially when sending an electronic message that contains a request for express consent is also considered to be a CEM under CASL.

Here are a few suggestions for converting these contacts with implied/expired consent to express consent:

1. Offer an Incentive

If you have implied consent, you can email your contact a free downloadable content asset of interest to them or offer 10% off their purchase. 

2. Send them an InMail via LinkedIn

If the consent is expired, you can send them an InMail via LinkedIn and ask them to download the content asset to get express consent. Unlike email, the use of LinkedIn InMail for CEMs does not violate CASL as all messages sent fall under the umbrella of Express Consent. 

3. Direct Mail

Send them a direct mail piece and include a Personalized URL for them to log onto and provide express consent or permission to email them, which would then permit you to capture their email and follow-up. Note: It’s optional to scrub these Direct Mail contacts against the “Do Not Mail” list in Canada.

4. Outbound Calling 

Pick up the phone and ask for consent to email them. Keep the call recording and phone ID code to locate the proof of consent and tag the lead source as ‘phone call’ in your CRM.

E. Get Conspicuously published consent (Another form of implied consent)

For contacts with expired consent, you also check their website and LinkedIn profiles to see if they’ve publicly displayed their email address and title. Be sure to follow our tips on recording proof for these contacts in the types of consent section included above.

Collecting business cards, adding them to a central business card filing system and then putting these contacts on a list can be a very legitimate way to get consent. You can also collect contact information for those who don’t have a business card and proof of consent in their own handwriting via blank index cards stating, “Give us your first name, last name, and your email address.”

F. Purchased Email lists

Don’t buy email lists.

These do not qualify as CASL compliant unless the third-party vendor explicitly states that these addresses were obtained in CASL-compliant ways and there’s proof to back this up. 

You can go to an industry publication that has a directory and ask the owner to send out an initial email on your behalf with an invite to connect. The contacts that click-through to explore or win something can provide their express consent—and its completely legal to incentivize contacts in this way to get their email address.

G. Conclusion

We hope this article has helped clear up some of the confusion on what constitutes a violation and has given you some practical ways to gather express consent from contacts with implied or expired consent. If you would like to learn how to put together a marketing program that allows you get consent the right way, contact us today!