On July 1, 2014, Canada's Anti-Spam Law (CASL) became law. Since that date the Canadian Radio-television and Telecommunications Commission (CRTC) has been responsible for enforcing CASL regarding e-mails and other electronic messages, and many organizations have struggled to understand CASL and comply with it.
On July 1, 2017, a "private right of action" will become part of CASL, and therefore organizations will be exposed to lawsuits by recipients of "commercial electronic messages" (CEMs) who allege that the organization has not complied with CASL. Class action proceedings by multiple recipients against a single organization will be possible. While perhaps some organizations have not been rigorous about compliance with CASL because they have banked on "flying under the radar" with the CRTC, their risks will increase when the private right of action becomes available on July 1st, especially since class action lawyers will likely be keen to assist with litigation on behalf of recipients of CEMs.
When court proceedings are initiated under CASL's private right of action, the organization may be liable for both actual damages and statutory damages. The general rule in court proceedings is that a breach of law results in compensation equal to the actual damages suffered. Under CASL, the principle of statutory damages increases exposure significantly to organizations who send CEMs without express or implied consent of the recipient because they may be liable for damages equal to $200 for each breach to a maximum of $1,000,000 for each day of breach regardless of the amount of actual damages suffered.
For example, if a court determines that 1,000 e-mails on a given day constitute 1,000 breaches of CASL, the exposure to statutory damages will be $200,000.
In addition, the directors, officers or agents of an organization may be held personally liable if they directed, authorized, assented to, acquiesced in or participated in the commission of the CASL violation, subject to a "due diligence defence" (they must establish that they exercised due diligence to prevent the contravention of CASL). The implementation of a robust CASL compliance program by an organization will help make the due diligence defence available to directors, officers and agents.
While many understand that CASL can pose a great exposure to risk, there is less understanding about how to comply for several reasons, including:
- All CEMs are caught by CASL and they are defined very broadly under CASL. It is possible that an electronic message may be a CEM even though it would not typically be considered to be "spam". If one of the purposes of the message is to encourage participation in a commercial activity, it is a CEM regardless of whether it contains any advertising.
- A CEM may only be sent with express or implied consent of the recipient and the rules for determining whether consent is implied are intricate and may involve tracking key dates. For example, consent is implied if the recipient of the CEM purchased goods or services from the business that sends the CEM two years prior to the date of the CEM - the business must track the two year period for each customer, and for each CEM.
- The onus is on the organization who sends the CEM to prove express or implied consent. Because of this "reverse onus", it is critical that an organization maintains records of express or implied consent. One way that consent is implied is when the recipient conspicuously publishes the person's e-mail address on a webpage and it is not accompanied by a statement indicating that the person does not want to receive CEMs (the content of the CEM must be relevant to the recipient's business, role, functions or duties in a business or official capacity). If an organization relies upon this form of implied consent, it should keep records that satisfy the "reverse onus" such as copies of the relevant webpages.
Under the circumstances, it is especially important for organizations to ensure that by July 1, 2017 their e-mail and other electronic messages comply with CASL and they have a compliance program in place in order to help shield their directors, officers and agents from lawsuits.