In its first real enforcement action since Canada's Anti-Spam Law ("CASL") came into force on July 1, 2014, the Canadian Radio Television and Telecommunications Commission (the "CRTC"), announced on March 5, 2015 that it had issued a Notice of Violation under CASL to Compu-Finder, a business providing executive and management training services.
The CRTC alleges that Compu-Finder violated CASL by promoting its training courses through commercial electronic messages ("CEMs") sent to recipients without consent, some of which were additionally non-compliant by failing to provide properly functioning unsubscribe mechanisms. In analyzing complaints made to the Spam Reporting Centre, the CRTC found that Compu-Finder accounted for 26% of all complaints submitted within its industry sector.
The CRTC imposed a penalty of $1.1 million against Compu-Finder for the four alleged violations that it investigated, and Compu-Finder now has 30 days to provide written representations to the CRTC in its defence, pay the fine or request an undertaking (which is basically a negotiated settlement and may still involve a fine). The release states that Compu-Finder "...flagrantly violated the basic principles of the law..." by continuing to send unsolicited CEMs after the law came into force to e-mail addresses it located by "scouring websites" and notes that "[c]omplaints submitted to the Spam Reporting Centre clearly indicate that consumers didn't find Compu-Finder's offerings relevant to them."
Every company that does business in Canada should have CASL compliance on its radar, and ensuring that one has express or implied consent, or an exemption, prior to sending out a CEM is essential. In addition, there is required content that must be included in every CEM such as properly identifying the sender, and providing a functioning, no-cost, easily usable unsubscribe mechanism.
There is a government-run website containing tips for compliance, frequently asked questions and more (including the Spam Reporting Centre that led to this notice of violation). The CRTC has also published guidance in its Compliance and Enforcement Information Bulletin CRTC 2014-326, dated June 19, 2014, entitled "Guidelines to help businesses develop corporate compliance programs" containing practical steps that companies can take to develop, foster and implement a CASL-compliant culture.
A particular lesson from this instance relates to what is known under CASL as the "business card rule", where a sender is granted implied consent to send some messages if the recipient has made known his or her electronic address (such as by putting it on a website or a business card). By stating that "consumers didn't find Compu- Finder's offerings relevant to them", the CRTC's press release anticipates this defence. It is important to remember that the "business card rule" is not an unfettered exception opening up the inboxes of recipients who give out their email addresses; instead, it can only be used where the message is relevant to the recipient or his or her duties, roles or functions (also, it does not exempt a sender from informational or unsubscribe requirements).
The digital landscape has changed for conducting business in Canada. With the CRTC clearly demonstrating that it will not hesitate to seek fines that are meant to deter continued non-compliance, businesses must a adopt CASL-compliant practices or risk CRTC sanction.