Stay Compliant with CASL

Mailchimp's signup forms, audiences, and campaigns can help you manage CASL requirements.

This article is provided as a resource, but does not constitute legal advice. If you have more questions, we encourage you to contact a lawyer in your area who is familiar with this issue.

Required email content

CASL requires that you include a few pieces of information that are clearly and prominently in each email campaign you send. If you are sending email, this information is typically in the email footer.

• The sender's name and/or company name
• Physical mailing address
• Contact information like a phone number, email address, or website URL.
• An unsubscribe mechanism, like Mailchimp's Unsubscribe merge tag

There are additional requirements when sending an email on behalf of another person.

Luckily, Mailchimp's Campaign Builder includes a drag-and-drop Footer content block, which pulls that required content into the campaign with merge tags.

To add the Unsubscribe merge tag to your email campaign, follow these steps.

1. Click Audience.
   
2. Click Audience dashboard.
   
3. If you have more than one audience, click the Current audience drop-down and choose the one you want to work with.
4. Click the Manage Audience drop-down and choose Settings.
5. Click Required email footer content.
6. Edit fields as needed and click Save.

Most footer templates already contain the unsubscribe merge tag, *|UNSUB|*. Take a quick look in the Campaign Builder to verify the tag is there. If it isn't, follow these steps.

1. In the Content section of the Campaign Builder, click Edit Design.
   
2. On the Design step, click the footer block.
3. In the editing pane, type in the tag *|UNSUB|* or choose the Unsubscribe Link option from the Merge Tags drop-down menu.
   
4. Click Save & Close.

If you send a lot of campaigns, or have several users on your account, you may want to add the required information to a campaign and reuse it, or create a template. To make sure your merge tags display the right information, learn more in About Email Campaign Footers.

Send a consent campaign

If a lot of the people in your audience have only given you implied consent to receive your messages, you'll need to ask those contacts to explicitly opt-in to receive your Mailchimp campaigns. Under CASL, a request for express consent is considered to be a CEM so you must ensure that you have authority to send the opt-in request.

There are a few steps to sending a consent campaign.

• Create an express consent group in your audience
• Add required content to your Update profile form and Signup form
• Create an Update profile campaign
• Segment your audience for compliant subscribers

Create an express consent group

1. Click Audience.
   
2. Click Audience dashboard.
   
3. If you have more than one audience, click the Current audience drop-down and choose the one you want to work with.
4. Click the Manage Audience drop-down and choose Manage contacts.
5. Click Groups.
6. Click the Create Groups button .
7. On the Groups page, click As checkboxes.
8. Type a clear, concise description into the Group category field. (48 character limit)
9. In the Group names field, enter "I consent" or similar statement.
   
10. Use the minus icons to remove extra group fields.
11. Click Save.

Add required content to forms

Your name, contact information, and a description of the messages that will be sent, must appear on both your Signup form and Update profile form. You must also include a statement that the person can withdraw their consent at any time. If you’ve published a preferences center to replace the Update profile form, you will need to update that too.

1. Click Audience.
   
2. Click Audience dashboard.
   
3. If you have more than one audience, click the Current audience drop-down and choose the one you want to work with.
4. Click the Manage Audience drop-down and choose Signup forms.
5. Select Form builder.
6. Choose Signup form or Update profile form from the drop-down menu. (Be sure to update both forms.)
   

On the Build it tab, add header content block that includes the purpose of your request for consent, a description of the purposes for which consent is sought and the types of messages that will be sent, your contact information, and a statement that recipients can unsubscribe at any time.

Here are examples of some acceptable language samples from CRTC. It is up to you to ensure that your consent complies with CASL.

You may also choose to edit your Update profile email and Update profile email "thank you" page to reflect CASL's changes.

Create an Update Profile campaign

After you've created the consent group and updated your forms, it's time to create an email campaign whose primary focus is a link to the Update profile form.

Build a campaign as you normally would, and use the merge tag *|UPDATE_PROFILE|* as the link for text, an image, or a button somewhere in your campaign. We'll replace the merge tags with a URL of the subscriber's update profile page anywhere the merge tag appears. To add the merge tag, edit a content block and type the merge tag into the Web Address (URL) field for the text, image, or button you want to link.

Preview and test your email campaign as you normally would, and send it to your entire audience. (We'll automatically filter out anyone who isn't a subscribed contact.)

To get the greatest response from your subscribers, you may need to send your Update Profile campaign a couple of times. You could even use an A/B Testing Campaign to test the most effective day or hour, to make the most of each send.

Each time you send the Update Profile campaign, be sure to segment your audience. Remove anyone in the new consent group as well as new subscribers who signed up after the date you updated your signup form, so you don't ask them to consent twice.

Segmenting in the Future

To comply with Mailchimp's Standard Terms of Use, you can only send emails to subscribers who have given express consent. To do this, bulk unsubscribe all subscribers who aren't in the consent group and who signed up before you updated your signup form. To remain in compliance and keep a healthy audience moving forward, you should remove out-of-date subscribers no later than one year after you start the signup or cleaning process.

Export proof of consent

To get proof of consent data, just export your audience. If you only want to see who's in the consent group, view or export segments of your audience. You may want to keep a copy of your signup form also, in case you need to prove that the form included all of CASL's required information.

When you export your audience, you'll get a CSV file with a lot of columns and a ton of information. Look for these columns.

• OPTIN-TIME: If double opt-in is turned on, this column will display the date and time the contact clicked the link in the opt-in confirmation email.
• OPTIN_IP: If double opt-in is turned on, this column will display the IP address when they accessed your hosted signup form.
• CONFIRM_TIME: When the person originally clicked to subscribe to your marketing.
• CONFIRM_IP: The IP address from which they confirmed their subscription.

Mailchimp tracks this information through your signup form, so we can't determine it for subscribers you import. To be safe, you should also have proof of consent for imported subscribers in a separate document or in hidden text fields in your Mailchimp audience.