We have been advised that fraudulent emails and faxes regarding unclaimed insurance money have been received by members of the public from a source claiming to be Aird & Berlis LLP. These communications are not from Aird & Berlis LLP. Disregard them and do not engage with the sender in any way. Please report the attempted fraud by contacting the Canadian Anti-Fraud Centre.

Back to all blog posts

Posted in: Data Security/Privacy | CASL | CRTC

May 28, 2019

Directors and Officers May Be Found Personally Liable Under CASL

By Aaron Baer and Sarah Newman

Many businesses understand that if they violate Canada’s Anti-Spam Legislation (“CASL”), which regulates the sending of commercial electronic messages (“CEMs”), their business may be subject to penalties for breach of CASL. However, what many people fail to appreciate is that directors and officers of corporations may be held personally liable for such CASL breaches.

In a recent compliance and enforcement decision by the Canadian Radio-television and Telecommunications Commission (the “CRTC”) on April 23, 2019 (the “nCrowd Decision”), the CRTC found that nCrowd, Inc. (“nCrowd”) sent CEMs that violated CASL. Importantly, the CRTC also found Brian Conley (“Conley”), the President and Chief Executive Officer of nCrowd, liable for the violations and imposed upon him an administrative monetary penalty of $100,000.

What is CASL?

CASL, which took effect in 2014, protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats. CASL was put in place to protect both businesses and individuals, although it has been criticized for being overly burdensome on small businesses.

Factual Background on the nCrowd Decision

The CRTC received 246 submissions relating to emails that were sent by nCrowd or its subsidiaries. CRTC investigated the submissions and issued a notice of violation (the “Notice of Violation”) to Conley.

The Notice of Violation prescribed a penalty of $100,000 on Conley for violations of:

  • section 6(1)(a) of CASL, which prohibits sending, causing or permitting to be sent CEMs to an electronic address unless the recipient of the message has consented to receiving it, whether consent is implied or express; and
  • section 6(2)(c) of CASL, which requires that a CEM must set out an unsubscribe mechanism in accordance with section 11(1) of CASL.

Conley made representations to the CRTC on March 16, 2017, in which he argued that he should not be liable for the violations and that he could not afford to pay the proposed fine.

Reasoning of the CRTC

The CRTC found that, on a balance of probabilities, nCrowd sent the 246 electronic messages, that the messages were CEMs under CASL, and that they were sent to a number of recipients located in Canada.

While the complainants alleged that they had not provided consent to receive the CEMs sent by nCrowd, nCrowd claimed that the company had consent to distribute CEMs to members of its email distribution list that had been acquired from a third party. The CRTC found that nCrowd failed to demonstrate what steps it took, if any, to ensure that it had express or implied consent to send CEMs to the email addresses on its email list. The CRTC concluded that nCrowd was unable to prove it had received express consent and that it was impossible to verify whether implied consent existed.

The complainants also alleged that the unsubscribe links in the CEMs were non-functioning, that unsubscribe requests which were made were not given effect within 10 business days, and that unsubscribe requests required further action on the part of the individual. nCrowd was unable to provide any documents that illustrated their unsubscribe mechanism policies and procedures, and Conley also did not address any of these issues when they were raised during the investigation.

It was alleged in the Notice of Violation that Conley should be personally liable for the violations of nCrowd because he acquiesced in the commission of the violations while he was President and CEO of nCrowd. Specifically, the CRTC found that Conley effectively agreed to the violations “tacitly, silently, passively or without protest.” In addition to evidence from the investigation, the CRTC found that not only was Conley aware of the functionalities of sending CEMs and of unsubscribe mechanisms, but that he was personally involved in acquiring the distribution list and that he must have known about the problems with the lists or that he “turned a blind eye to these problems.” The CRTC ultimately concluded that Conley had not proven that he or nCrowd took the necessary steps to comply with CASL and that, on the balance of probabilities, Conley acquiesced in the commission of the violations of CASL and should therefore be liable for damages.

Conclusions and Takeaways

Directors and officers should remember their obligations under CASL and appreciate that they can be personally liable for violations and breaches of CASL.

Areas of Expertise

Related Categories

Related Blogs

Posted in: Data Security/Privacy | CASL | GDPR | Data Protection

Insights TheSpotlight
With All Eyes Turned to CASL, is Anyone Paying Attention to GDPR? With Less Than One Year Before GDPR Takes Effect, Make Sure Your Organization is Ready By Paige Backman and Aaron Baer Jul 21, 2017 In early June, the Government of Canada came to its senses by suspending the provision of Canada’s Anti-Spam Legislation (“CASL”) that would have enabled a private right of action to be brought as of July 1, 2017. While this decision provided temporary relief to businesses...

Posted in: Data Security/Privacy

Insights TheSpotlight
Another Reminder to Comply with CASL: The CRTC Imposes $15,000 Penalty for Non-Compliance By Amy Marcen-Gaudaur and Aaron Baer Apr 19, 2017 Canada's Anti-Spam Legislation ("CASL") creates a comprehensive regime designed to prohibit, among other things, unsolicited or misleading commercial electronic messages (including emails).As previously reported on The Spotlight, on July 1, 2017, CASL will introduce a...

Posted in: Data Security/Privacy

Insights TheSpotlight
July 1, 2017 - Private Right of Action Under Canada's Anti-Spam Law (CASL) - The Day Businesses Shake Their Head By Paige Backman Mar 01, 2017 If you've heard anything about CASL lately, you are aware that as of July 1, 2017, individuals and organizations are entitled to bring a "private right of action" in the courts against those that contravene certain provisions of Canada's Anti-Sp...