Email Compliance Policies for Nonprofits: What You Should Know
Email is a major communication channel for most nonprofit organizations. Whether you’re sending regular updates or using email as a channel to raise money, there are specific rules and regulations you must follow. Depending on your country and the location of your email recipients, these laws vary.
Find yourself on the wrong side of those laws, and your organization risks accruing thousands and sometimes millions of dollars in fines.
Don’t worry! This article will ease some of the anxiety around your digital communications by highlighting what you need to know about email compliance policies for nonprofits with donors in Canada and the United States. We’ll discuss:
What are Email Compliance and Spam Regulation Laws?
No one likes getting spam mail. Whether it’s to tell you you’ve won $5,000,000,000 from a royal inheritance line you never knew you belonged to, or about great deals on Ray-Ban sunglasses from as low as $5, those more often than not are annoying, unsolicited, and could be illegal.
But what about the emails your nonprofit sends? You are emailing a dedicated list of supporters about the happenings at your nonprofit and encouraging them to donate and get more involved. That’s okay, right?
The answer is: it depends.
Over the last few years, the privacy landscape has become more and more complex, with different spam regulations that may affect the way your organization communicates with your audience. The two principal Acts you need to be aware of are CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) and CASL (Canada’s Anti-Spam Legislation).
The CAN-SPAM Act is the first of its kind in the United States to lay out commercial email communications guidelines. It was introduced in 2003 by the Federal Trade Commission (FTC). It enforces the need for you to:
- Clearly state your organization’s location
- Avoid misleading header and subject line information
- Offer a way for readers to unsubscribe
CASL, which builds on CAN-SPAM, was first introduced in 2014 to safeguard the inboxes of Canadians. Considered the toughest of its kind globally, Bill C-28 was enacted in response to a rise in identity theft, malware, and phishing attacks. CASL covers all commercial electronic messages (CEMs) sent into or out of Canada, including:
- Instant Message
- Text Message
- Any other electronic correspondence
And while both CAN-SPAM and CASL allow you to send fundraising messages from registered charities without fear of retribution, it’s always best to err on the side of caution and ensure everything you send, regardless of whether it’s exempt, meets the Act’s requirements.
For a more in-depth look at CASL requirements around your organization’s fundraising, read this article from Imagine Canada.
What are the Similarities between CAN-SPAM and CASL?
CAN-SPAM and CASL are both different routes to approach marketing and communications in the digital age. For all their differences, the basic tenets are actually quite similar.
1. They Protect Subscribers’ Choices
Whether it’s knowing how data is being used or choosing to unsubscribe entirely from all communications, the main goal of anti-spam laws is to create a consensual relationship between the sender (you) and the receiver about what is being offered to them.
To ensure you’re meeting these standards, it’s important to always allow your readers the choice to stop receiving communications, as well as respect their wishes within a specific timeframe. For example, under both CASL and CAN-SPAM, you must give your readers the option to unsubscribe at any time with one click. If they do, you must remove them from your mailing lists within ten working days.
Most email marketing service providers, like Keela, do this for you. When a reader unsubscribes from your mailing list, they are automatically removed from your lists and tagged as unsubscribed, ensuring your communications comply with both CAN-SPAM and CASL and you do not send any unwanted messages to the donor.
2. They hold you accountable for spam rules
You are responsible for your organization’s messages. It doesn’t matter if you’ve outsourced to a digital agency, has a new intern, or are doing it yourself on the side of your desk. Make sure you’re following the rules! Otherwise, you may find yourself in a sticky situation.
3. Violations mean big fines
Whether you violate these rules intentionally or not, there can be severe consequences. You could be charged thousands of dollars per email that violates CAN-SPAM. Under CASL, penalties can reach $1M for individuals and up to $10M for businesses. Most famously, Rogers Media was fined $200,000 because they didn’t have a working unsubscribe process.
It pays to be aware of these laws. Otherwise, you will.
Not to mention, today’s digital-savvy and data-literate populace have little tolerance for unsolicited communications.
What are the Differences between CAN-SPAM and CASL?
Similarities aside, it’s essential to know how these laws differ and ensure you’re compliant. Use the table below to see how each law lays out what types of communications are covered, how to receive consent, and what unsubscribe mechanisms you need.
Sending Nonprofit Emails: How Do I Know If I Have Readers’ Consent?
As far as anti-spam laws are concerned, CAN-SPAM is widely considered quite lenient and the only model that deals with an opt-out law versus an opt-in law. This means you don’t need prior consent from recipients to send them messages.
However, you need to make it extremely easy for your reader to unsubscribe at any time. This is usually done by placing an unsubscribe link in the footer of your email.
CASL, on the other hand, requires organizations to ask permission before contacting both potential and existing supporters with any marketing communications and, as always, offers an easy way to unsubscribe.
One main difference between CAN-SPAM and CASL is the pre-checked toggle box. This is allowed under CAN-SPAM but expressly forbidden under CASL. If you are an American nonprofit with many supporters in Canada, you need to be aware of this requirement.
Under CASL, there are two types of consent:
- Express Consent is consent that is actively given, either in writing or through checking a toggle box that opts someone into your communications. This type of consent is valid until the recipient withdraws it.
- Implied Consent encompasses existing relationships within the previous two years where express consent is not required. It can be complex and is mainly attributed to the for-profit sector.
As an extra layer of protection, it is always better to receive express consent, even if this digital relationship happens to be with your mother.
Finally, under CASL, your organization needs to keep up-to-date records of what information was shared, when your supporter consented, and how this consent was made. This is all automatically tracked in a CRM or email marketing tool.
As a best practice, we recommend letting your audience choose to receive your communications regardless of CAN-SPAM compliance. This helps foster trust and show your donors that you care about their needs and preferences.
5 Tips for Writing and Sending Compliant Nonprofit Emails
While there is a lot of information to digest when it comes to email compliance policies for nonprofits, it’s not all that hard when you follow these basic steps. You can rest easy knowing you’re sending lawful fundraising appeals that adhere to both CAN-SPAM and CASL requirements.
- Get expressed consent from readers before sending them messages
- Your opt-in checkbox should NOT be automatically checked. Let your audience tick this box themselves to consent to your emails
- Include an email footer that contains:
- Your organization’s name
- The physical address and either a phone number, your email address, or web address
- An unsubscribe mechanism (remember, for both laws, the reader must be unsubscribed within ten days)
- A short reason why your reader is receiving your content
- Utilize a CRM or email marketing tool that tracks your opt-in data. That way, if it ever comes into question, you have proof you did the right thing.
If you send fundraising emails to donors or supporters who live in the European Union, be sure to comply with GDPR (General Data Protection Regulation), which governs email communications in that territory.
At the end of the day, you shouldn’t be shying away from email marketing. It is still one of the most profitable channels for fundraisers, with $45 in revenue generated for every 1,000 fundraising emails sent. The key is to make sure those 1,000 fundraising emails are going to the right audience. Give consenting supporters the information they want to read, and you will be rewarded.
Remember, email compliance goes beyond avoiding fines. It’s also about earning donors’ trust and improving the effectiveness of your fundraising emails or newsletters. By paying attention to the rules we’ve discussed, you can start making the most out of your nonprofit’s email marketing strategies.