skip to main content
Back to all blog posts

Posted in: Data Security/Privacy

Apr 19, 2017

Another Reminder to Comply with CASL: The CRTC Imposes $15,000 Penalty for Non-Compliance

By Amy Marcen-Gaudaur and Aaron Baer

Canada's Anti-Spam Legislation ("CASL") creates a comprehensive regime designed to prohibit, among other things, unsolicited or misleading commercial electronic messages (including emails).

As previously reported on The Spotlight, on July 1, 2017, CASL will introduce a new method for its enforcement: the private right of action. Until then, CASL continues to be enforced at the discretion of three federal agencies, one of which is the Canadian Radio-television and Telecommunications Commission (the "CRTC").

In a recent Compliance and Enforcement Decision (the "Decision"), the CRTC demonstrated its authority under the existing regime by imposing a $15,000 administrative monetary penalty ("AMP") on one individual for approximately 58 non-compliant emails.

The emails in question were found to violate section 6 of CASL in a number of ways, namely: (i) they did not identify the sender; (ii) they did not include information that would enable the recipient to readily contact the sender; (iii) they were sent without the recipient's prior consent; and (iv) they did not include a functioning "unsubscribe" mechanism.

The Decision reinforces guidance previously applied in an earlier decision ("Blackstone") regarding a non-compliant party's ability to pay the AMP set out in a notice of violation. Citing Blackstone, the Decision makes it clear that it is insufficient for a non-compliant party to claim the inability to pay without providing detailed documentary evidence in support of that claim.

The Decision confirms that the CRTC is monitoring the actions of small businesses for CASL compliance and that the CRTC will not shy away from imposing penalties for CASL non-compliance on such businesses.

The Facts

The Decision relates to three email campaigns sent by Mr. William Rapanos during the summer and fall of 2014. These email campaigns (rather ironically) advertised a design, printing and distribution service for commercial paper flyers.

Fifty individuals submitted complaints regarding the email campaigns to the CRTC's Spam Reporting Centre, and an investigation was subsequently undertaken. In conducting its investigation, the CRTC received documents from Mr. Rapanos and a number of third parties, including his landlord and his internet and cell phone providers.

Mr. Rapanos was ultimately issued a notice of violation setting out a $15,000 AMP and the details of his CASL violations. Mr. Rapanos disputed the notice of violation, claiming that he was not responsible for sending the emails and was not able to pay the penalty. He also asserted his right to be presumed innocent until proven guilty under the Canadian Charter of Rights and Freedoms ("Charter"), arguing that the case against him had not been proven beyond a reasonable doubt.

The Decision

The CRTC rejected Mr. Rapanos' arguments, upholding the notice of violation and the $15,000 AMP. The Charter argument was found to be inapplicable to the CASL enforcement proceedings, since they were not criminal in nature. On a balance of probabilities, the CRTC concluded (i) that the impugned emails violated CASL; (ii) that Mr. Rapanos was responsible for sending the emails; and (iii) that the $15,000 AMP was an appropriate penalty in the circumstances.

The evidence gathered during the CRTC's investigation clearly supported its conclusions on the first two issues. On the third issue regarding the amount of the AMP, the CRTC commented on a number of factors to be considered, including:

  • Purpose of an AMP
  • Nature and Scope of Violation
  • Ability to Pay
  • Lack of Cooperation
  • Self-Correction

The CRTC explained that the purpose of an AMP is to promote CASL compliance. It is not intended to be punitive. Therefore, the amount should be proportionate with the nature of the violation and should serve as a deterrent for future violations. In this case, the $15,000 AMP was considered to be appropriate: it was large enough to deter, but not so large as to prevent Mr. Rapanos from undertaking compliant email marketing campaigns in the future.

The CRTC further considered the nature and scope of the violation, commenting on its disruptive effect and the recipients' reasonable expectations to be free from unsolicited emails. The CRTC made note of Mr. Rapanos' indifference to the CASL violation and the nuisance that it had caused.

Regarding Mr. Rapanos' claim that he was unable to pay the $15,000 AMP, the CRTC reaffirmed the guidance previously applied in Blackstone. In Blackstone, the non-compliant party's claim was supported by evidence. Based on that evidence, the CRTC found that a lesser penalty (than the one set out in the notice of violation) would be appropriate and reduced the AMP from $640,000 to $50,000. Mr. Rapanos did not put forth any evidence to support his claim that he was unable to pay the AMP, thus leading the CRTC to give little weight to this consideration.

Finally, the CRTC commented on Mr. Rapanos' failure to cooperate or takes steps for self-correction. It was the view of the CRTC that both of these factors were relevant to its determination of an appropriate AMP. A stated intention to comply in the future was insufficient without some evidence of self-correction for the violations committed in the past.

Previous CRTC enforcement decisions have resulted in penalties of up to $1.1 million. In comparison, a $15,000 AMP might seem relatively inconsequential. However, the Decision is significant insofar as it provides useful guidance for determining appropriate AMP amounts and demonstrates the CRTC's willingness to enforce AMPs even in relatively small-scale cases. The Decision should be a taken as a warning for small business and entrepreneurs who may be at risk of non-compliance, but who may be operating under the false assumption that their actions will slip under the enforcement radar.

If you have questions about CASL or how to best position your organization to comply with CASL, please contact Paige Backman, the Co-Chair of Aird & Berlis LLP's Privacy & Data Security Team. You can also visit our CASL Resource page.

Related Categories

Related Blogs

Posted in: Privacy | Data Security/Privacy

Insights TheSpotlight
Equifax Breach - The Breach That Will Keep on Giving By Paige Backman and Meghan A. Cowan Sep 14, 2017 At this point, if you haven’t heard of the Equifax data breach, it could only be because you have rightfully been glued to the coverage of (or living through) Hurricane Irma, Harvey or Jose. On September 7, 2017, Equifax revealed that it was the subject of a cybersecurity breach over the s...

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
Ontario Court of Appeal Established New Privacy Rights – Utility Consumption Data and Grow Ops By Paige Backman Aug 21, 2017 If you are a utility monitoring consumption data, think twice before providing any of that information to the police. You may need to ensure the police first provide you with a warrant or other judicial authorization specifically requesting the information. The Ontario Court of Appeal, distinguis...

Posted in: Data Security/Privacy | CASL | GDPR | Data Protection

Insights TheSpotlight
With All Eyes Turned to CASL, is Anyone Paying Attention to GDPR? With Less Than 1 Year Before GDPR Takes Effect, Make Sure Your Organization is Ready By Paige Backman and Aaron Baer Jul 21, 2017 In early June, the Government of Canada came to its senses by suspending the provision of Canada’s Anti-Spam Legislation (“CASL”) that would have enabled a private right of action to be brought as of July 1, 2017. While this decision provided temporary relief to businesses who f...