In last month’s post, I provided some tips to those of you who may be facing a regulatory prosecution under Canada’s now famous (some might say infamous) anti-spam legislation (CASL) . Those tips may of particular interest to Compu-Finder, a Quebec company that has found itself to be the first major target of CASL’s regulatory regime.
On March 5, 2015, the Canadian Radio-television and Telecommunications Commission (CRTC) announced that it has issued a notice of violation of CASL to Compu-Finder, which imposes a potential penalty of $1.1 million. The announcement made news headlines, since it is the first time that the CRTC has issued such a significant potential penalty under CASL.
When CASL came into force, there was great concern amongst businesses about the significant penalties that may be imposed under its regime. CASL provides the CRTC with the discretion to impose penalties of up to $10 million on a company for each violation. Such penalties have the capability of bankrupting many businesses.
Although little is known about Compu-Finder and its financial strength, a penalty of $1.1 million may very well be a death-sentence for that company. But, what has Compu-Finder done that warrants such a major penalty? In its press release, the CRTC has alleged that the Notice of Violation arises out of four commercial electronic messages (CEMs) sent by Compu-Finder between July and September 2014. Those CEMs were allegedly sent by Compu-Finder without having first obtained the requisite consent under CASL and/or without having included a working unsubscribe mechanism. In other words, Compu-Finder is now facing a potential penalty of $1.1 million because of four emails or texts that allegedly violated CASL’s requirements.
When CASL came into force, there was an assumption (or perhaps a false sense of hope) amongst many businesses that the CRTC would apply a sliding-scale approach to penalizing violators, that is, only the serious violators of CASL (e.g., those who send out spam emails containing malware) would face the million-dollar penalties. As a result, some have chosen not to implement CASL compliance practices, believing they would be spared CASL’s harsh fines. To those who subscribed to this assumption, Compu-Finder’s case should serve as a wake-up call. After all, CASL’s language does not differentiate between the spammers or hackers of the world, and those who innocently use emails to promote and market their business.
Compu-Finder has learned that lesson the hard way. The rest should learn from Compu-Finder’s case and ensure that they are in compliance with CASL before it is too late.
- Swinging the privacy rights pendulum – The recent proposed amendments to Canada’s privacy law regime - November 28, 2023
- Breaking the “glassdoor” – Dealing with online reviews by employees - August 29, 2023
- The unreliability factor of using AI in the workplace - June 27, 2023