In preparation for the July 1st coming into force of Canada’s Anti-Spam Legislation, the Canadian Radio-television and Telecommunications Commission (CRTC) has issued Compliance and Enforcement Information Bulletin CRTC 2014-326: Guidelines to help businesses develop corporate compliance programs.
The bulletin provides general guidance for best practices for businesses on the development of compliance programs to facilitate compliance with the new anti-spam law. It also offers insight as to what will be required for an organization to demonstrate that it exercised due diligence in the case of a violation of the law. The bulletin states that, in the event of the breach, the CRTC may take the existence of a compliance program into account when determining whether sanctions should include monetary penalties.
The CRTC recognizes that compliance programs will necessarily have to be tailored to the size of and resources available to a business or organization. They recommend appointing a chief compliance officer or a point person who is responsible and accountable for compliance with the law. The CRTC expects senior management to play an active role in “fostering a culture of compliance”, suggesting that a member of senior management be named the chief compliance officer.
The CRTC has identified several components of an effective compliance program. These include:
- Conducting a risk assessment;
- Developing a written compliance policy;
- Maintaining records and tracking consent, exceptions to consent, unsubscribe requests and actions;
- Implementing on-going training programs;
- Auditing and monitoring compliance;
- Handling of complaints; and
- Disciplinary and corrective action for employee violations.
The bulletin expands upon each of these components and provides examples as to how they may be implemented. In a business of any size, the compliance policy should be made easily accessible to all employees and be updated to keep pace with changes in legislation, non-compliance issues, or new services or products.
The CRTC’s Compliance and Enforcement Information Bulletin CRTC 2014-326 can be found here [http://www.crtc.gc.ca/eng/archive/2014/2014-326.htm].