CRTC Issues First Notice of Violation under Canada’s New Anti-Spam Law
by Cameron Mitchell 2015/03/18
Further to an earlier post, just eight months after Canada’s Anti-Spam Legislation (“CASL”) came into force on July 1, 2014, the Canadian Radio-television and Tele-Communications Commission (“CRTC”) has issued the first significant Notice of Violation against a Quebec-based company called Compu-Finder. CASL prohibits commercial electronic messages (“CEMs”) sent for the purpose of encouraging commercial activity without the express or implied consent of the recipient. The new legislation also requires inclusion of an ‘unsubscribe’ option on such electronic communication. Under CASL, the CRTC can impose penalties of up to $10 million on corporations and $1 million on individuals for violating the CEM rules.
On March 5, 2015, the CRTC announced that it had issued a Notice of Violation and a penalty of $1.1 million against Compu-Finder for what it called flagrant violations of CASL. The CRTC noted that Compu-Finder failed to comply with CASL by sending out CEMs promoting training courses to businesses without the consent of recipients, and also neglected to include a functioning ‘unsubscribe’ option. The CRTC became aware of Compu-Finder’s actions through the Spam Reporting Centre, where it received a significant number of complaints against Compu-Finder. Compu-Finder has 30 days to submit written representations in its defence to the CRTC. Unless it does so, the company will be found to be in violation of CASL and must pay the fine. The monetary penalty is designed to ensure compliance with CASL, and the CRTC noted that its goal in issuing violations is to encourage companies like Compu-Finder to amend their business practices to comply with the new legislation.
In its announcement, the CRTC also noted that it is in the process of investigating a number of other CASL complaints, indicating that it is taking CASL violations seriously. Whether or not the CRTC continues to issue hefty penalties against offenders, the action against Compu-Finder demonstrates that the new legislation has teeth, and should serve as a warning to businesses that the implications of CASL are not to be underestimated. If your business has yet to implement the necessary changes in order to ensure its compliance with CASL, you should consider doing so immediately to avoid penalties.
Steps to take include:
- Ensure that recipients of electronic communications have given their consent. Now that the CASL is in force, businesses that have not sought consent will face added hurdles, as sending electronic correspondence requesting express consent may itself be considered a prohibited CEM. Express consent is not time-limited and therefore continues until it is revoked.
- Consider whether implied consent has expired. Under CASL, implied consent based on an existing business or non-business relationship with recipients lapses two years after the event that triggered the relationship, such as the purchase of a product. Implied consent also applies to addresses that have been conspicuously published.
- Keep records of how you have obtained consent. The onus on proving that consent is on the party sending the CEM.
- Exercise diligence in ensuring that CEMs include the requisite ‘unsubscribe’ option and that it is properly functioning. This appears to be a key factor in the review of a company’s CASL compliance.
This first action taken by the CRTC should send a message to businesses that violators of CASL risk facing considerable consequences. It is in the best interest of businesses to ensure that they have taken the necessary measures to ensure CASL compliance.
If you have any questions regarding CASL or your business’ compliance status, please contact Cameron Mitchell at firstname.lastname@example.org.
* * This article is intended only to inform and educate. It is not legal advice. Be sure to contact a lawyer to obtain legal advice on any specific matter.