Earlier this spring the Canadian Radio-television and Telecommunications Commission (CRTC) fined the chief executive officer (CEO) of nCrowd, Inc. (nCrowd) $100,000 for his company’s breaches of Canada’s Anti-Spam Legislation (CASL). The CRTC decision is worth reading for a number of reasons including the following findings:
- nCrowd failed to prove that it took appropriate steps to ensure that it had consent to send commercial, electronic messages (CEMs) to more than one million email addresses that it had purchased from Couch Commerce.
- nCrowd’s unsubscribe mechanism and its process for handling unsubscribe requests were inadequate.
- CEO Brian Conley acquiesced in nCrowd’s CASL violations and therefore committed a violation of CASL, too.
This case serves as an important reminder that officers, directors and agents of a corporation can be found liable for the corporation’s violations of legislation if they direct, authorize, participate in, or even merely assent to or acquiesce in the illegal activity. In this case, the CRTC analyzed whether Mr. Conley’s actions met the definition of “acquiesce”. In his defense, Mr. Conley asserted that:
- it was impossible for a company CEO to have first-hand knowledge of millions of email addresses or the functionality of an opt-out button;
- Couch Commerce had represented that its list was CASL-compliant; and
- an independent investigation into Couch Commerce’s assets before the sale did not reveal any alleged violations of CASL.
According to the CRTC, however, Mr. Conley was experienced with email distribution platforms (having invented one) and knew how important this marketing method was to his business. He was familiar with the functionalities of CEMS and unsubscribe mechanisms and was personally involved with the acquisition of the email distribution lists from Couch Commerce.
Individuals acting on behalf of a company or tasked with directing or supervising its activities can reduce their risk of liability by taking steps, consistent with their role, to ensure that the company has implemented and complies with an effective set of internal controls reasonably designed to prevent violations of the law.