It has been just over one year since Canada’s Anti-Spam Legislation (“CASL”) came into force, so it is a good time to review the legislation and consider what businesses can do to protect themselves from investigations by the Canadian Radio-television and Telecommunications Commission (“CRTC”). To briefly recap, no Commercial Electronic Message (“CEM”) is allowed to be delivered to an email address unless it falls into one of the exempt categories or the recipient consents. Violations of the legislation carry severe penalties of up to $1,000,000 for individuals and $10,000,000 for companies. There are other nasty consequences that go along with being found in violation including adverse publicity and the potential for vicarious liability on employers, directors and officers.
If the CRTC approaches your company regarding a violation the onus is on you to prove that the CEMs that you sent were exempt or have been consented to. Therefore, you must be ready with accurate and complete records confirming the exemption or the recipient’s consent.
Despite the CRTC receiving hundreds of thousands of complaints there have only been three significant findings to date. The biggest penalty issued so far came on March 5, 2015 when a $1,000.000 penalty was issued against Compufinder. Compufinder was alleged to have sent CEMs without consent, without an unsubscribe mechanism (or one that functioned properly) and failed to implement unsubscribe requests within ten business days.
The Compufinder decision was followed by a finding involving Vancouver-based online dating site Plenty of Fish (“POF”). POF was required to pay a penalty of $48,000 and make changes to their compliance system. The company was alleged to have sent CEMs that contained an unsubscribe mechanism that was not set out “clearly and prominently” and was difficult to use.
The most recent decision came on June 26, 2015 when the CRTC announced that Porter Airlines of Toronto was required to pay $150,000 and make changes to its practices going forward. Once again, the focus was on allegations that some of the CEMs from Porter did not contain an unsubscribe mechanism, that some did not “clearly or prominently” set out the unsubscribe mechanism and that Porter failed to honor unsubscribe requests within ten business days. In other cases Porter could not provide proof it had received the recipient’s consent.
It is clear from the foregoing that having a visible, effective and simple-to-use unsubscribe mechanism and an ability to prove that a recipient had given consent are vital to being able to defend a Notice of Enforcement by the CRTC.
While there have only been the three noteworthy cases described above there are likely to be more arriving soon. It would be in your company’s best interest to review the policies and procedures you have in place to ensure compliance and to at least be able to mount a defence of due diligence.
Tags: Gregg Rafter, Article