CASL - Canada's new Anti-Spam Legislation

Submitted by karin on Tue, 06/10/2014 - 08:36

Many of you have contacted us with questions and concerns about complying with the new Federal Anti-Spam Legislation that comes into force on July 01 - 2014. Fortunately, CiviCRM can help meet many of these new requirements.

We thought it may be helpful to write a post about it - to share what we've learned so far, the resources we've found helpful, and to give you some specific ideas on how some of the requirements can be handled with CiviCRM. You will need to consider which steps you think apply to your organization and which steps you'd like to implement. Ensuring your organization complies with the new legislation is ultimately the responsibility of your Board of Directors.

What is the New Legislation?

Useful official details of the new legislation can be found here: and here:

Also, La Leche League of Canada sent us this great resource from the Centre for Public Legal Education in Alberta. It's in plain language and most importantly addresses how the new Anti-Spam Legislation will apply to not-for-profit organizations and - with some limited exceptions - registered charities across Canada. Here's the link to their resource:

How Can CiviCRM Help

The good news is that CiviCRM, because it was built in the US where anti-spam legislation has already been in place for some time, already comes with some key tools to comply with the legislation.

Note that some of the steps below may vary with the version of CiviCRM that you are using. I've used 4.4.5 to generate these steps.

24 Month Time Window

"Each time that a recipient makes a donation or gift, or volunteers, the two-year implied consent period begins again. It is the same case for not-for-profits. Each time a member renews, the two-year implied consent period begins again."

Smart Groups are an excellent means to keep track of Contacts who have engaged with your organizations over a rolling time period. For example: Find Contacts -> Advanced Search -> Contributions: Contribution Data Range: choose (scroll down): Last 2 Years -> hit Search.

x Contacts
Contribution Date - greater than or equal to "June 11th, 2012 12:00 AM" AND less than or equal to "June 10th, 2014 11:59 PM" ...AND...
Contribution Status = Completed

All x records -> actions -> New Smart Group -> Go

So as time lapses - and as Contacts make new contributions to your organization - this list of Contacts will dynamically update so that if you wish to send an Email to this Smart Group of Contacts you will only Email those who have engaged with your organization over the Last 2 Years.

CiviMail unsubscribe and optout

For those of you already using CiviMail (the Mass Mailer component of CiviCRM), you may already know you MUST provide a method for any recipient to remove themselves from your list - i.e. forced compliance is already built into CiviCRM.

One source of confusion, though is that there are two different concepts here:

1. Opt Out

The Opt Out option allows your recipient to tell you NEVER to include them in any future mass mailings. This option is stored in a special field and automatically removes the recipient from any mass mailing without any further action from you.

This option is included using this token: {action.optOutUrl}, which converts to a customized url that opts-out a specific Email recipient.

Opt-outs can be tracked in the CiviMail reporting section - and are easily viewable in your Contact screen: Communications Preferences -> Privacy: NO BULK EMAILS (USER OPT OUT) in red.

2. Unsubscribe

All mass mailings recipients are designated by selecting one or more groups. Instead of, or as well as the opt-out option, you can include a token that allows your recipient to just remove themselves from the list that got them included as a message recipient.

This token look like: {action.unsubscribeUrl}

We generally recommend that you provide and encourage the second option where appropriate (e.g. when sending out a monthly newsletter), so that a recipient who chooses not to get one kind of mailing doesn't mistakenly remove themselves from other kinds of mailings.

Explicit consent

Some organizations have started sending out opt-in requests. I've already received them from Air Canada, Costco, and other companies. How could we do this with CiviCRM? Turns out this is quite straightforward using CiviMail and Profiles.

1. Create a new group called "Opt-in".

2. Create a simple 'standalone' profile that includes their email, any other fields that you might want them to verify, and a checkbox to subscribe to the new group.

3. Include a tokenized link to that profile in a mass CiviMail to all your constituents.

You can also consider including this checkbox for all new signup pages - e.g. contribution and event pages.

Note that requesting an opt-in from your constituents can lead to disappointing results. All mass mailings have a tendency to inspire fatigue in the recipients, and run the risk of sowing confusion. If you already have in place opt-in policies for your lists, you may not need to do this, and if you're confident that your Email messages meet the fundraising exemption for registered Charities, you also may not need to do this.

Another option is to use a subscribe link - so that Contacts can put themselves into the Group that is used for a specific mailing by directing them to e.g.: - where gid is the Group id for this Newsletter.

Opt-in in CiviCRM is by default a double opt-in (i.e. with confirmation Email) - you can control this setting (disable/enable double opt-in) in your CiviMail preferences: /civicrm/admin/setting/preferences/mailing?reset=1

In any case, here's an example profile including specific Newsletter/Group subscription options - by Wildsight