On March 24, 2016, the Canadian Radio-television and Telecommunications Commission (“CRTC”) signed a memorandum of understanding (“MOU”) with the United States Federal Trade Commission.1 This MOU is an effort by Canada and the United States to work together on anti-spam enforcement measures, and expressly refers to unsolicited telecommunications, unsolicited commercial electronic messages (spam), and other unlawful electronic threats (e.g., malware and botnets).
The relevant anti-spam laws of Canada and the United States (collectively, the “Participants”), respectively embodied in the Canadian Anti-Spam Legislation (“CASL”) and the Federal Trade Commission Act, 15 USC §§ 41-58, contemplate that information may be shared with foreign agencies under certain circumstances. Further, as part of the objectives and scope of the MOU, the Participants understand that it is in their common public interest to cooperate with respect to Covered Violations. Part I(B) of the MOU defines “Covered Violation” as practices that would violate the Applicable Laws of one Participant's country and that are substantially similar to practices prohibited by any provision of the Applicable Law of the other Participant's country.
The MOU will allow the Participants to facilitate research and education related to unauthorized communications. Both Commissions also plan to share knowledge and expertise through training programs and staff exchanges, and to inform each other of developments related to the laws, among other activities. Under Part II(C) of the MOU, the Participants expressed an intention to use their best efforts to:
- disclose information upon request, including complaints and other personally identifiable information;
- provide investigative assistance in appropriate cases in accordance with domestic law;
- provide other relevant information in relation to matters within the scope of the MOU, such as information relevant to consumer and business education; government and self-regulatory enforcement solutions; amendments to relevant legislation; and staffing and other resource issues;
- explore the feasibility of staff exchanges and joint training programs;
- coordinate enforcement against cross-border Covered Violations that are a priority for both Participants;
- collaborate on initiatives to promote technical and commercially viable solutions to unlawful telemarketing and electronic messages;
- participate in periodic teleconferences to discuss ongoing and future opportunities for cooperation; and
- provide other appropriate assistance that would aid in the enforcement against Covered Violations.
Due Diligence for Organizations
CRTC has continually expressed its determination to reduce spam and unsolicited telemarketing. Indeed, CRTC indicated that the MOU will strengthen its efforts to deter spammers and telemarketers who do not respect the relevant laws and rules. In light of the MOU, organizations are encouraged to take extra precautions to ensure compliance with CASL. Whether organizations have exercise due diligence in the interpretation of CASL provisions is an all-or-nothing question, and no partial defence is available. As such, organizations should consider:
- ensuring that related third parties and relevant service providers are meeting CASL standards;
- incorporating a regular and routine due diligence plan to ensure that CASL provisions are complied with, and provide key employees with appropriate training on CASL compliance;
- maintaining accessible, timely, and accurate records to demonstrate proof of consent respecting commercial electronic messages and/or the installation of computer programs;
- ensuring that unsubscribe mechanisms are in place and easily accessible; and
- keeping track of Canadians who are registered on the National Do Not Call List, as the CRTC has already issued over $6.5 million in monetary penalties associated with companies making unsolicited phone calls.
There are substantial monetary penalties at stake under CASL, and organizations are encouraged to develop, maintain, and implement best practices to avoid liability, particularly in light of the fact that provisions creating a private right of action are scheduled to come into force on July 1, 2017.