Canada: The CRTC Means Business – First CASL Notice Of Violation Announced

The CRTC issued its first "Notice of Violation" under Canada's anti-spam law ("CASL") today, assessing an administrative monetary penalty of $1.1 million against Compu-Finder, for allegedly sending commercial electronic messages without consent and for providing an unsubscribe mechanism that did not function properly. According to Manon Bombardier, Chief Compliance and Enforcement Officer at the CRTC:

"Compu-Finder flagrantly violated the basic principles of the law by continuing to send unsolicited commercial electronic messages after the law came into force to email addresses it found by scouring websites. Complaints submitted to the Spam Reporting Centre clearly indicate that consumers didn't find Compu-Finder's offerings relevant to them. By issuing this Notice of Violation, my goal is to encourage a change of behaviour on the part of Compu-Finder such that it adapts its business practices to the modern reality of electronic commerce and the requirements of the anti-spam law. We take violations to the law very seriously and expect businesses to be in compliance."

Compu-Finder apparently sent commercial electronic messages to businesses promoting training courses in topics such as management, social media and professional development. The CRTC reported that Compu-Finder accounted for 26% of all complaints for this industry sector.

So, what are the takeaways for your business?

• Do not assume that CASL does not apply to your marketing emails if they are directed only to businesses and not consumers. As we can see from the Compu-Finder case, CASL applies and will be enforced in non-exempt B2B types of communications.
• CASL is a consent-based anti-spam law, but it also has other requirements. In this case, part of the complaint related to a non-functioning unsubscribe mechanism.
• This Notice of Violation related to only four alleged violations. Do not assume that, because the scope of a CASL-infringing activity was limited in time, the CRTC will not proceed.
• Email addresses here were allegedly obtained by "scouring websites" according to Ms. Bombardier. Although electronic address harvesting is under the purview of the Office of the Privacy Commissioner of Canada in that office's enforcement of the Personal Information Protection and Electronic Documents Act, the matter can be referred to the CRTC where enforcement tools under CASL are more robust.
• This is a reverse onus situation. Receiving a Notice of Violation automatically puts the recipient on the defensive – it is now up to Compu-Finder to make written representations on the size of the penalty, pay the penalty or enter into an "undertaking" with the CRTC on the issue.
• The CRTC has the power to levy significant administrative monetary penalties and, based on this example, seems willing to use those powers, even though it could have proceeded with less stringent measures such as warning letters, preservation demands, notices to produce and restraining orders.

CASL is a new and significant piece of Canadian legislation affecting business communications, and this case gives us a sense of its seriousness. We will continue to monitor developments concerning CASL as they unfold and post any updates to our website.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.