On June 29, 2015, the Canadian Radio-television and Telecommunications Commission (“CRTC”) announced that Porter Airlines Inc. (“Porter”) has agreed to pay $150,000 as part of an undertaking for allegedly violating provisions of Canada’s anti-spam legislation (commonly known as “CASL”).
Porter Airlines — CASL Undertaking
The undertaking was entered into following an investigation conducted by the CRTC’s Chief Compliance and Enforcement Officer. It is alleged that Porter failed to provide proof that it had obtained consent from the recipients of commercial emails that it sent between July 2014 and February 2015. It is also alleged that commercial electronic messages that Porter sent did not comply with the unsubscribe requirements of CASL. Specifically, the CRTC alleges that some emails did not contain an unsubscribe mechanism, while in other cases the mechanism was not clearly or prominently set out. Other emails also purportedly do not contain all of the prescribed contact information required by CASL. The CRTC further alleges that Porter failed to honour requests to unsubscribe within 10 business days.
As part of the undertaking, Porter has agreed to improve its compliance program and increase training for staff in order to fully comply with CASL. In its press release, the CRTC made note of Porter’s willingness to cooperate with the investigation and take steps to improve its compliance procedures.
On a procedural note, under CASL the CRTC has powers to issue warning letters, preservation demands, notices to produce and notices of violation. Earlier this year, we saw the CRTC issue its first notice of violation against Compu-Finder which imposed an administrative penalty of $1.1 million. The CRTC also announced that the online dating service, PlentyofFish, agreed to pay $48,000 as part of a voluntary settlement for alleged violations of CASL. The most recent enforcement action against Porter is the first public news of an undertaking that a company has entered into with the CRTC. CASL provides that if a person enters into an undertaking, no notice of violation may be served on them in connection with the actions referred to in the undertaking.
CASL’s rules regarding the sending of commercial electronic messages (“CEMs”) or “spam” came into effect July 1, 2014. It prohibits the sending of unsolicited CEMs and requires certain prescribed
information, including an unsubscribe mechanism, to be included in the message. Violations of CASL can result in significant administrative monetary penalties — up to $1 million per violation for individuals and up to $10 million per violation for organizations, as well as civil liability through a private right of action (these provisions come into effect July 1, 2017) and vicarious liability on directors, officers and employers.
Significance of Announcement
Porter’s alleged violations of CASL are noteworthy because the CRTC claims that the company was unable to provide evidence of consent for the CEMs that it sent. In its press release, the CRTC remarked that “… to be fully compliant with the law, proof of consent is required for each electronic address. Some businesses are under the mistaken impression that they are compliant with the law by relying on general business practices or policies as proof of consent…. This is simply not the case.” This underscores the importance of keeping records of consent so that one can demonstrate compliance with CASL. Simply relying on “status quo” or existing documentation may not be sufficient if your organization is investigated for non-compliance with CASL.