Bill C-28: A Fine Line
February 09, 2012 | Alicia Androich | Comments
Strict anti-spam rules are getting closer. Here’s what you need to know.
It’s a CRM team’s worst nightmare: having to scrap and rebuild an entire database millions deep that took years to assemble as a way to keep communicating to those consumers. Could this disaster ever hit? It can and it did.
An office of a global technology company learned the hard way a few years ago after legislation around privacy and disclosure was introduced, rendering its existing database unusable, says Sean Perkins, who had worked on that company’s CRM project for Canada.
The legislation required an explicit opt-in or notice letting consumers know, at the time their information was collected, that what they were filling out would result in them receiving future communication from the company. Perkins says that office hadn’t offered that.
“I cite that example to all of my clients now to say ‘You really don’t want to go down that road,’” says Perkins, now digital strategy supervisor at OMD. It’s clearly an extreme case, but it shows how important it is for marketers to keep close tabs on how they build and communicate to their databases.
The issue of compliant database marketing is now under the microscope more than ever since anti-spam legislation has been working its way through the federal government and is expected to be enforced in the next few months. The Government of Canada passed the Fighting Internet and Wireless Spam bill, Bill C-28, in December 2010. Now known as Canada’s Anti-Spam Legislation, it covers many types of electronic commerce.
The legislation addresses commercial electronic messages (CEMs), including e-mail and text messages. Built primarily around an “opt-in” system, C-28 requires that, in most cases, marketers that send a CEM must have consent from the recipient to receive it before it is even sent.
Senders that violate the law face fierce fines: up to $10 million for an organization and up to $1 million for an individual. The penalties will be imposed per violation and sometimes will even be treated separately for each day the law is violated. The Canadian Radio-television and Telecommunications Commission, the Competition Bureau and the Office of the Privacy Commissioner are jointly handling enforcement.
The legislation, as it currently stands, contains a lot of rules around consent and transparency. But it’s hard to know which best practices marketers should adopt to prepare themselves for when the final regulations are, well, finalized and C-28 is enforced. Marketing spoke with agencies and consultants that work in the digital space to see what they’re advising clients and doing themselves. This isn’t legal advice, but it is a solid list of considerations for those concerned with anti-spam compliance (a.k.a. everyone).
Some of these practices may seem daunting, but Jon Cogan, president and lead digital strategist at interactive marketing agency Blend360, is confident. “I was really worried about Bill C-28; I thought we were going to get completely killed here and it was going to change the way we do business,” he says. “But I love the fact that it basically puts into law what you should have been doing all along [when sending marketing communications]. If you are doing anything less than this legislation calls for, you are not conducting proper permission-based marketing anyway.”
Make the value crystal-clear
However you’re reaching consumers, be it online or mobile, make it very clear what benefit they will receive in exchange for any personal information they share with you (i.e. their e-mail address, phone number, Facebook ID). Consumers should easily understand the value exchange. If they don’t, says OMD’s Perkins, “then you start getting into them saying ‘Why was I providing this information in the first place? Did I really provide it or was it scraped somehow?’”
Put your best footer forward
To reassure recipients that they were put on a list legitimately, add a line in e-mail footers that reminds them how they got there. It could read something like “You are receiving this message because you signed up to receive X,” suggests Karen Belton, privacy specialist at Inbox Marketer, a digital direct messaging company in Guelph, Ont.
You can further cover your bases by including information about how consumers can unsubscribe, update their profile and contact the company in the footer. Belton says she also advises clients to make the unsubscribe link conspicuous and clear, and to test functionality with each deployment. Plus, it’s a good practice to remove unsubscribed records within 10 days.
Figure out your opt-outs
Use an e-mail marketing software platform that will manage your opt-outs properly, suggests Cogan. He’s noticed that a lot of smaller marketers that do things “on the cheap” won’t use such a platform and take the DIY path instead.
For example, a small firm sends out its monthly company e-newsletter on its own. The secretary is in charge of maintaining the list and the IT person sends the actual e-mails. The IT person is given instructions to take recipient Stacy Smith off the list, and does. When the secretary compiles the next monthly update and sends the Excel sheet with all the folks that should be added, Stacy Smith is—you guessed it—still on the list. The IT person does a bulk import and Ms. Smith gets the newsletter again even though she’d opted out. That wouldn’t have happened if the company had used e-mail software, says Cogan.
Express vs. implied: grey areas
Bill C-28 requires that marketers get consent from recipients prior to sending them a commercial electronic message. The bill references both express and implied consent. In most cases, “opt-in” (express) consent is required, with a few instances in which implied consent is allowed.
Perkins advises erring on the side of caution. “Implied is kind of a grey area,” he says. To remove any subjectivity around implied opt-in, go the explicit route and use black-and-white wording such as “I give my permission to X company to collect and use my information” or explain how you will be communicating with the consumer. Taking this measure will help if the consent is reviewed and challenged down the road. If you don’t have appropriate records of consent, Perkins says you could “end up with a problem and a very public fight you don’t want to have.”
“Make sure you have a record of the opt-ins and how the recipients opted in so that you can prove you have the legal standing to send the communications,” says Cogan. And if you’re using implied consent by business relationship (which has to be active or recently ended), make sure you have a record of transaction. Or if you have implied consent by non-business relationship—if the recipient made a donation of some kind, for example—have a record of that, too, says Cogan.
Time is of the essence
One element of Bill C-28 that appears inevitable, says Belton, is that there will be time limits associated with implied consent records. Express consent is not time-limited; another reason collecting that form of consent is a good move. That said, it is not yet known whether express consent records collected now will be deemed acceptable once the finalized regulations are enforced.
She advises her clients to manage the time limits around implied consents. Time-limited records should be flagged to stop sending once the allowed sending period has elapsed. In addition, marketers should develop a strategic communication approach to convert the implied consent records to express consent records in the interim, says Belton.
Same rules apply to smaller businesses
Small companies that don’t keep up on all the marketing-related legislation coming may be more likely to suffer when Bill C-28 takes effect. They should be following it just as closely as larger groups. Rebecca Shropshire, VP, director of digital communications at UM Canada, says large companies with in-house legal departments are very careful about their direct-to-consumer communications, ensuring they are transparent and compliant. She says UM has run several campaigns where consumers have had to consent to provide personal information, but UM has followed the best practices laid out in Bill C-28 for the past couple of years.
“I think the impact will be greater for small- to medium-sized businesses who are just simply not in the know about the bill and handle their marketing efforts in-house,” says Shropshire. If smaller groups don’t educate themselves about the bill, Perkins adds, “it becomes a very expensive mistake when down the road they end up having to reach out and re-establish those relationships [with consumers].”