On March 5th, 2015, the Canadian Radio-television and Telecommunications Commission (“CRTC”) issued the first Notice of Violation under Canada’s anti-spam law (“CASL”). The Notice of Violation was issued to Compu-Finder for sending commercial electronic messages (“CEMs”) without the recipients’ consent and with an ineffective unsubscribe mechanism. The Notice of Violation includes a $1.1 million administrative monetary penalty.
Compu-Finder now has 30 days to submit written representations to the CRTC or pay the penalty. It also has the option of requesting an undertaking with the CRTC, which is a negotiated settlement. If Compu-Finder unsuccessfully contests the Notice, Compu-Finder may appeal the CRTC’s decision to the Federal Court of Appeal.
The CRTC’s News Release states that the Notice of Violation issued to Compu-Finder relates to four violations of CASL involving emails promoting Compu-Finder’s business-related training courses. The period under investigation was between July 2, 2014 and September 16, 2014. According to the CRTC, Compu-Finder’s emails accounted for 26% of all complaints submitted to the CRTC’s Spam Reporting Centre.
The CRTC stated in its news release that “…Compu-Finder flagrantly violated the basic principles of the law by continuing to send unsolicited commercial electronic messages after the law came into force to email addresses it found by scouring websites”. It also stated that CRTC’s goal “is to encourage a change of behaviour on the part of Compu-Finder such that it adapts its business practices to the modern reality of electronic commerce and the requirements of the anti-spam law”.
This is the first Notice of Violation issued by the CRTC and is quite different from the investigation the CRTC reported on last fall.
In October of 2014, the CRTC reported that it had been working with a small Saskatchewan business to stop malicious spam messages that were unknowingly being sent from a server owned by a Saskatchewan-based computer reseller.
According to CRTC’s news release,
“In July 2014, the Spam Reporting Centre received reports of spam messages routed through Access Communications, an Internet service provider (ISP). During its investigation, the CRTC discovered that the spam messages were actually coming from a small business’s server, which used Access Communications as its ISP. This business’s server had become infected with malware …” It is estimated that the infected server had sent millions of malicious spam messages without the business’s or Access Communications’ knowledge.
Once alerted to the situation by the CRTC, the small business and Access Communications fully cooperated and removed all traces of the malware.”
Manon Bombardier, Chief Compliance and Enforcement Officer of the CRTC stated that “… [t]his investigation illustrates how we can tailor our enforcement actions to the situation at hand. By working together, we were able to stop this malicious spam from continuing to be sent to Canadians. We are committed to collaborating with Canadian businesses, large and small, to ensure they comply with the rules and we will continue to alert them when we suspect that their servers have become compromised.”
These two investigations illustrate the difference between a business who itself was a victim and a business, who the CRTC contends, engaged in flagrant non-compliance of CASL. In our view, the former should not engage the enforcement branch of CRTC, while for latter, based on the facts outlined in the news release of the CRTC, is the type of non-compliance CASL was designed to deal with.
It is very important that organizations ensure that their electronic activities comply with the requirements of CASL. Organizations that do not comply risk serious financial fines/penalties (up to $10 million) as well as criminal charges, civil charges, and potential personal liability for its directors.
More information about CASL is available on the Nelligan O’Brien Payne website.