On March 9, 2017, the Canadian Radio-Television and Telecommunications Commission (“CRTC”) released a Compliance and Enforcement Decision wherein it imposed a $15k administrative monetary penalty on an individual, William Rapanos, for sending 58 unsolicited emails advertising his business, contrary to Canada’s Anti-Spam Law (“CASL”).
After receiving complaints between July 8, 2014 and October 16, 2014, the CRTC investigated and subsequently sent a notice of violation (“NoV”) on April 22, 2016 to Mr. Rapanos identifying certain email campaigns, apparently sent by Mr. Rapanos, which were in violation of CASL. Specifically, the emails were sent without the recipient’s consent, they did not identify the sender of the email and they did not contain a valid unsubscribe mechanism. The NoV set out an AMP of $15,000.
Mr. Rapanos replied to the NoV, submitting that someone else sent the emails and he could have potentially been the victim of identity theft because anyone could have gained access to his unsecured wireless internet or home computer, which did not have a password. He also argued that the investigator did not “prove the case against him beyond a reasonable doubt” which was in violation of the Canadian Charter of Rights and Freedoms (the “Charter”).
The CRTC, on a balance of probabilities (the correct legal test, not the “beyond a reasonable doubt” standard as advanced by Mr. Rapanos), found that Mr. Rapanos had committed the 10 violations set out in the NoV. The CRTC was not persuaded by Mr. Rapanos claim that he may have been a victim of identity theft because he did not provide any other evidence or indications that his identity had been used fraudulently.
The emails were straightforward violations of CASL – the emails did not contain the prescribed information about the sender, the CRTC had submissions from individuals stating they did not consent to receiving CEMs from Mr. Rapanos and that they had no previous relationship with him (therefore, no exemption to consent applied), and there was no unsubscribe mechanism as required by the legislation. The CRTC maintained the AMP of $15,000.
Determining the amount of an AMP:
Section 20(3) of CASL sets out several factors which must be taken into consideration when determining the amount of an AMP. The CRTC gave particular consideration to the following:
1. Purpose of the penalty is to promote compliance, not punish. The CRTC was of the opinion that $1,500 per violation (well below the maximum of $1,000,000 per violation) would be “large enough to promote a change in behaviour” but not so large that he would be unable to conduct future (compliant) marketing campaigns. It’s worth remembering that in the Blackstone decision, the CRTC noted that an AMP should not be so high that it would put a company out of business and thus a lower penalty would be appropriate than the amount initially set out in the NoV.
2. The nature & scope of the violations. The CRTC noted that each of the three distinct email campaigns contained multiple violations (between three and four). It also pointed out that the violations “exhibited a disregard for the four core elements” of CASL which suggested that Mr. Rapanos was indifferent to whether he was conducting his marketing activity in accordance with the legislation.
3. Ability to pay. The CRTC stated that it is insufficient for a party to claim they are unable to pay an AMP without providing detailed documentation in support of that claim. In this case, Mr. Rapanos did not provide any documentation pertaining to his financial situation, despite being given several opportunities to do so throughout the investigation. Mr. Rapanos did submit that he could not afford an AMP of any amount because he had never had a career due to health issues and he and his wife live solely on social assistance. The CRTC gave these claims little weight because they were not supported by evidence and therefore could not conclude that an AMP of $15,000 was beyond Mr. Rapanos’ ability to pay.
4. Lack of cooperation. The CRTC noted several instances of non-cooperation by Mr. Rapanos including failure to provide a complete response to the notice to produce and an attempt to block the investigator from speaking to relevant parties.
5. Little indication of self-correction. Mr. Rapanos stated that he had secured his home network and put passwords on his computers but provided no other evidence or statements of how he planned to comply with CASL in the future. The CRTC was not satisfied that this was a clear indication or commitment that Mr. Rapanos would ensure future compliance. Additionally, they were also of the opinion that his continued denial of his involvement made it less likely that Mr. Rapanos would self-correct.
This Decision, particularly when considered alongside the Blackstone decision, includes important guidance for organizations.
In this case, the NoV set out an AMP of $15,000 which the CRTC confirmed in the Decision. This is in contrast to the Blackstone decision where the amount of the AMP was reduced to $50,000 from $640,000.
1. Cooperate. In both Blacktone and the current case, the CRTC found an unwillingness to cooperate with the investigation. The CRTC has clearly indicated that failure to cooperate may increase the need for a penalty to ensure future compliance with CASL.
2. Self-Correct. In Blackstone, the CRTC found there was potential for self-correction sufficient to suggest that a lower AMP would be appropriate namely, an inquiry to the Department of Industry prior to CASL coming into force and inquiries to the investigator in response to the notice to produce. In contrast, the CRTC was not convinced that Mr. Rapanos, by securing his home internet and computers, was demonstrating sufficient willingness to comply with CASL in the future.
3. Cost per violation – different for individuals than for businesses. In present case against an individual, the CRTC noted that the AMP amounted to approximately $1,500 per violation. In the Blackstone case, the small company was fined $50,000 for nine violations, or approximately $5,500 per violation. This may be a helpful benchmark for future AMPs as it demonstrates a lower per-violation cost for individuals when compared to businesses.