Blog Post

Directors and Officers May Be Found Personally Liable Under CASL

Many businesses understand that if they violate Canada’s Anti-Spam Legislation (“CASL”), which regulates the sending of commercial electronic messages (“CEMs”), their business may be subject to penalties for breach of CASL. However, what many people fail to appreciate is that directors and officers of corporations may be held personally liable for such CASL breaches.

In a recent compliance and enforcement decision by the Canadian Radio-television and Telecommunications Commission (the “CRTC”) on April 23, 2019 (the “nCrowd Decision”), the CRTC found that nCrowd, Inc. (“nCrowd”) sent CEMs that violated CASL. Importantly, the CRTC also found Brian Conley (“Conley”), the President and Chief Executive Officer of nCrowd, liable for the violations and imposed upon him an administrative monetary penalty of $100,000.

What is CASL?

CASL, which took effect in 2014, protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats. CASL was put in place to protect both businesses and individuals, although it has been criticized for being overly burdensome on small businesses.

Factual Background on the nCrowd Decision

The CRTC received 246 submissions relating to emails that were sent by nCrowd or its subsidiaries. CRTC investigated the submissions and issued a notice of violation (the “Notice of Violation”) to Conley.

The Notice of Violation prescribed a penalty of $100,000 on Conley for violations of:

  • section 6(1)(a) of CASL, which prohibits sending, causing or permitting to be sent CEMs to an electronic address unless the recipient of the message has consented to receiving it, whether consent is implied or express; and
  • section 6(2)(c) of CASL, which requires that a CEM must set out an unsubscribe mechanism in accordance with section 11(1) of CASL.

Conley made representations to the CRTC on March 16, 2017, in which he argued that he should not be liable for the violations and that he could not afford to pay the proposed fine.

Reasoning of the CRTC

The CRTC found that, on a balance of probabilities, nCrowd sent the 246 electronic messages, that the messages were CEMs under CASL, and that they were sent to a number of recipients located in Canada.

While the complainants alleged that they had not provided consent to receive the CEMs sent by nCrowd, nCrowd claimed that the company had consent to distribute CEMs to members of its email distribution list that had been acquired from a third party. The CRTC found that nCrowd failed to demonstrate what steps it took, if any, to ensure that it had express or implied consent to send CEMs to the email addresses on its email list. The CRTC concluded that nCrowd was unable to prove it had received express consent and that it was impossible to verify whether implied consent existed.

The complainants also alleged that the unsubscribe links in the CEMs were non-functioning, that unsubscribe requests which were made were not given effect within 10 business days, and that unsubscribe requests required further action on the part of the individual. nCrowd was unable to provide any documents that illustrated their unsubscribe mechanism policies and procedures, and Conley also did not address any of these issues when they were raised during the investigation.

It was alleged in the Notice of Violation that Conley should be personally liable for the violations of nCrowd because he acquiesced in the commission of the violations while he was President and CEO of nCrowd. Specifically, the CRTC found that Conley effectively agreed to the violations “tacitly, silently, passively or without protest.” In addition to evidence from the investigation, the CRTC found that not only was Conley aware of the functionalities of sending CEMs and of unsubscribe mechanisms, but that he was personally involved in acquiring the distribution list and that he must have known about the problems with the lists or that he “turned a blind eye to these problems.” The CRTC ultimately concluded that Conley had not proven that he or nCrowd took the necessary steps to comply with CASL and that, on the balance of probabilities, Conley acquiesced in the commission of the violations of CASL and should therefore be liable for damages.

Conclusions and Takeaways

Directors and officers should remember their obligations under CASL and appreciate that they can be personally liable for violations and breaches of CASL.