CASL Update: $1.1 Million To Spare?

Canada’s anti-spam legislation (CASL) entered into force on July 1, 2014. Since then, organizations nationwide have been overhauling their communications and e-marketing practices to ensure CASL compliance. Nonetheless, in its first year of life, CASL has resulted in three major investigations, all of which have resulted in substantial fines and bad publicity for the companies involved. So is there any silver lining? Yes, we have learned a thing or two about how the Canadian Radio-television and Telecommunications Commission (CRTC) is interpreting CASL; we can better defend ourselves.

First, let’s recap: CASL aims to prohibit organizations from sending unsolicited commercial electronic messages (CEMs). For a message to fall under the ambit of CASL, it must be both electronic and commercial in nature. CEMs are only permitted to be sent:

  1. Where implied or express consent to send the message has been obtained by the sender; and

  2. Where the message contains required content.

For a more detailed overview of what constitutes consent and required content, or for information about statutory exemptions, please read our earlier post on CASL: Canada's New Anti-Spam Law: CASL

Compu-Finder

On March 5, 2015, the CRTC issued a Notice of Violation, with a price tag of $1.1 million, against 3510395 Canada Inc. (c.o.b. “Compu-Finder”) for its “flagrant” violations of CASL. Reportedly, the CRTC was receiving 1,000 complaints per day against Compu-Finder.

The CRTC determined that Compu-Finder sent CEMs to recipients without their consent, sent CEMs with an unsubscribe mechanism that was not functioning properly and failed to ensure that the unsubscribe mechanism was valid for at least 60 days. Compu-Finder had 30 days to submit a written response or pay. Compu-Finder failed to update their practices quickly and suffered harsh consequences.

To read the Notice of Violation in its entirety, please click here: Compu-Finder Notice of Violation

Plentyoffish

Plentyoffish Media Inc. (Plentyoffish) took a different approach. According to the CRTC, Plentyoffish sent CEMs that failed to contain an unsubscribe mechanism that was set out “clearly and prominently” and sent CEMs with an unsubscribe mechanism that could not be “readily performed.” Upon discovering that an investigation was underway, Plentyoffish took immediate steps to bring their practices into compliance.

On March 25, 2015, the CRTC announced that Plentyoffish gave an Undertaking to pay $48,000 and to implement a compliance program, as part of a voluntary settlement. By doing so, Plentyoffish is now free of any record of violation under CASL. Their new compliance program includes corporate compliance policies and procedures, training and education, monitoring, auditing and reporting mechanisms, and consistent disciplinary procedures.

To read the Undertaking in its entirety, please click here: Plentyoffish Undertaking.

Porter

Porter Airlines Inc. (Porter) followed Plentyoffish’s lead. According to the CRTC, Porter sent CEMs that failed to contain an unsubscribe mechanism that was set out “clearly and prominently,” sent CEMs without an unsubscribe mechanism, did not provide complete identification information in CEMs, and was unable to provide proof of consent for some of the email addresses to which it sent CEMs.

On June 29, 2015, Porter gave an Undertaking to pay $150,000 and to implement a compliance program. It fixed the unsubscribe function, updated the CEMs’ identification information and obtained consent for the recipients on its mailing list.

To read the Undertaking in its entirety, please click here: Porter Undertaking

What Should You Do?

  1. Obtain consent from recipients of your CEMs.

    • Express consent is valid until it is revoked. Implied consent expires within 2 years of the event that triggered your relationship with your recipient. Remember, consent is even required for business-to-business communications.

  2. Track how you obtained consent for each recipient and keep detailed records.

    • The burden of proving that consent was obtained is on you.

  3. Identify yourself in your CEMs.

    • CASL requires that you include your contact information, including a physical mailing address, or a link to an easily accessible website containing this information, in each CEM you send.

  4. Ensure that your CEMs have a proper unsubscribe mechanism.

    • Complaints about inadequate unsubscribe mechanisms have attracted a lot of attention from the CRTC. The unsubscribe option should be clearly set out in your CEMs. Your recipients should be able to unsubscribe within a few clicks – it should be quick and easy. Directing your recipients to a website requiring log-in information is too onerous. Also, ensure that you process requests to unsubscribe within 10 days.

  5. Be honest in your CEMs.

    • CASL gives the Competition Bureau the opportunity to address false and misleading representations. The “biggest markdown of the year” better be just that.

  6. Implement a corporate compliance program.

    • Having a corporate compliance program will help demonstrate due diligence in response to complaints. A good program has:

      • Senior management involvement;

      • Risk assessment;

      • A written compliance policy;

      • Record keeping;

      • A training program;

      • Auditing and monitoring;

      • A complaint-handling system; and

      • Disciplinary action for non-compliance.

How Momentum Can Help

We have learned that the CRTC is ready and willing to issue substantial monetary fines for CASL violations. As CASL enters its “terrible twos,” we should expect increased enforcement and prepare ourselves accordingly.

Please contact us so we can assist you in bringing your communications practices into compliance with CASL. We offer CASL training seminars, and we are happy to answer any questions you may have about your corporate privacy or e-commerce needs generally.