During the month of March, the weight of the enforcement provisions of CASL were felt by two businesses.
First of all, the CRTC’s chief compliance and enforcement officer issued a Notice of Violation to Compu-finder on March 5, 2015, which included an administrative penalty of $1.1 million for violations against Canada’s anti-spam law.
A news release published by the CRTC(1) explains that,
[f]urther to an investigation, the Chief Compliance and Enforcement Officer finds that Compu-Finder sent commercial electronic messages without the recipient’s consent as well as emails in which the unsubscribe mechanisms did not function properly. The emails sent by Compu-Finder promoted various training courses to businesses, often related to topics such as management, social media and professional development. The four alleged violations occurred between July 2, 2014 and September 16, 2014. Furthermore, an analysis of the complaints made to the Spam Reporting Centre of this industry sector shows that Compu-Finder accounts for 26% of all complaints submitted.
The timing of the alleged violations is noteworthy – CASL came into force on July 1, 2014. This means that the violations in question occurred within the first months of the legislation’s coming into force.
Additionally, the amount of the penalty should also be noted. Although many would consider the size of the penalty to be large, the penalty is not nearly as large as it could have been. Section 20(4) of CASL sets the maximum penalty for a violation by persons other than individuals at $10 million (as a reminder, the maximum penalty for a violation by an individual is $1 million).
Compu-finder must now respond to the CRTC’s Notice of Violation by either submitting written representations to the CRTC, paying the fine, or requesting an undertaking with the CRTC. If it pays the fine or fails to submit written representations, it will be deemed to have made the violation. If written representations are made, it will be decided on a balance of probabilities whether Compu-finder made the violation and, if so, whether the administrative penalty should be imposed, reduced, waived or suspended subject to conditions.
Plentyoffish Media Inc. was the other business to feel the impact of CASL. On March 25, 2015, the CRTC published a news release indicating that Plentyoffish Media Inc. paid $48,000 for an alleged violation of CASL(2). This was paid pursuant to an undertaking entered into with the CRTC’s Chief Compliance and Enforcement Officer.
Plentyoffish Media Inc. allegedly violated CASL by not having a proper (compliant) unsubscribe mechanism. Upon being notified of the CRTC’s investigation, Plentyoffish Media Inc. updated its unsubscribe mechanism to make it CASL compliant. Further, as part of the undertaking entered into with the CRTC, Plentyoffish Media Inc. agreed to develop and implement a CASL compliance program.
In its news release, the CRTC notes that the alleged violation occurred between July 1, 2014 and October 8, 2014 (yet another violation that occurred shortly after the coming into force of the legislation).
In this news release, the CRTC’s Chief Compliance and Enforcement Officer states that,
[p]rior to the coming into force of Canada’s anti-spam law, the CRTC conducted numerous outreach sessions and issued guidance material on interpretation of the new requirements. Plentyoffish Media erred by sending commercial electronic messages to its registered users with unsubscribe mechanisms that were not in compliance with the law.
These two cases remind us all that CASL’s existence cannot be forgotten. They show us that the importance of developing CASL policies and thinking through the implications of the legislation has not diminished. Further, the basis of the alleged violations in these two cases demonstrates that it is not only important to obtain proper consent to send commercial electronic messages (CEMs), but also to ensure that the form of any CEM being sent is CASL compliant.