How to Make Your Form CASL Compliant
Although CASL (Canadian Anti-Spam Legislation) has been in effect since 2014, many of us are just thinking about becoming compliant now.
Canadian Anti-Spam Legislation is meant to protect you whether you own a business or not. It is a victory for everyone. This means that we have some homework to do by updating some of our forms.
The Distilled Version of CASL
CASL applies to businesses who 1) use " email, SMS, social media or instant messaging to send commercial or promotional information about their organization to customers, prospects and other important audiences" and / or 2) "Install software programs on people's computers or mobile devices" (source).
This means that all forms which subscribe a user to an email list, or open them up to any sort of email notifications henceforth are subject to CASL requirements. As taken directly from the government website, the four requirements are:
- You must receive express consent from the user to be contacted by your business. This can be done with a checkbox field.
- You must clearly identify yourself and your organization. Additionally, you must include a way of contacting your organization which could be done through a privacy statement or terms of agreement.
- Unsubscribe mechanism: Provide an unsubscribe mechanism that is functional for 60 days.
- You must be honest about what you are offering the user They must not have false or misleading sender information, subject matter information, URLs and/or metadata.
Seems fair and simple. Now how does this change your existing forms?
Changes to Existing Forms
1) You will need to make it expressly clear what the user is signing up for.
2) You will need to provide an 'opt-in to receiving email communications' checkbox.
3) You will need to provide a way for the user to contact you IF this information is not already accessible on the page your form is embedded on.
4) You will need to provide a link to your terms of service and your privacy agreement IF this information is not already accessible on the page your form is embedded on.
Here is a sample of a standalone CASL compliant form.
How to do it in Blitzen
1) The first requirement is pretty easy, all you need to do is add a clear and honest description below the form-title of what the user is signing up for.
2) Obtain explicit consent. Add a checkbox field to the bottom of your form and delete all but one of the options. The last option should have some verbiage similar to the sample above (I consent to receiving communications from 'x' company).
Design tip: you can make this single checkbox full width by adding the custom CSS class single-checkbox-full-width under the Design menu for the field.
Design tip: you can remove the name of this checkbox field by following these instructions.
3) Provide the user with a way to contact you. This can be done in several ways. Whether you add it in the form description, or in the footer, or as part of the consent checkbox. This part is up to you.
For any questions feel free to contact us at firstname.lastname@example.org