Earlier today, the Canadian Radio-television and Telecommunications Commission (the CRTC) announced that Porter Airlines Inc. had agreed to pay $150,000 for alleged violations of Canada’s anti-spam law (known as CASL). Porter was fined despite the fact that it cooperated with the CRTC, took immediate corrective steps and it was the company’s first compliance issue under CASL.
According to its press release, the CRTC’s Chief Compliance and Enforcement Officer determined that Porter had contravened various CASL requirements between July 2014 (when CASL came into force) and April 2015.
The CRTC alleged that Porter had sent commercial electronic messages (CEMs):
- that did not contain an unsubscribe mechanism and/or the unsubscribe mechanism was not "clearly or prominently" set out in the CEMs;
- that did not provide the complete contact information as required under CASL;
- where some unsubscribe requests had not been processed within 10 business days; and
- where the company was unable to demonstrate that it had obtained the necessary consents.
Under the terms of the settlement, in addition agreeing to pay an administrative monetary penalty (AMP), Porter agreed to improve its existing compliance program (including increased training and education for staff and improved corporate programs and policies) to ensure that its activities, going forward, are fully compliant with CASL. It also brought its mailing list into compliance with CASL requirements.
This case is important for several reasons:
- it confirms that Canadians know their rights under CASL and are reporting CASL violations to the CRTC through its Spam Reporting Centre;
- it signals that the CRTC is committed to ensuring compliance and will not hesitate to take enforcement action where appropriate – including by imposing significant AMPs;
- it shows that the CRTC will impose significant financial consequences even where there are significant mitigating factors (e.g., first offence, cooperation, corrective action, etc.); and
- it appears that the CRTC is looking to send a clear message to the business community that it intends to aggressively enforce CASL.
A final takeaway is that, simply having a CASL policy in place is not sufficient to avoid either contraventions or sanctions under CASL, and this case serves as a reminder for companies to regularly assess the their CASL compliance programs. As part of their overall risk mitigation strategy, businesses should monitor the effectiveness of their CASL programs - including thorough audits - and provide ongoing compliance training for staff to avoid inadvertent breaches of the law.