March.26.2015

CRTC hands down $1.1 million penalty for breach of CASL

The CRTC has handed down its first Administrative Monetary Penalty (“AMP”) under the Canada Anti-Spam Legislation (“CASL”) against Compu-Finder for sending Commercial Electronic Messages (“CEM’s”) in breach of the CASL. While a long way short of the $10 million upper limit provided for in the CASL, the AMP levied will no doubt be seen as a wake-up call to those sending CEM’s, and a signal that there will be no ‘grace period’ in the CRTC’s enforcement of the legislation. Depending on Compu-Finder’s insurance coverages, it may also give rise to jurisprudence as to whether AMP’s come within the definition of “compensable damages”.

Under the CASL, which came into force on July 1, 2014 (but not before a ‘bow-wave’ of e-mails sent by all manner of businesses seeking to ensure compliance with the legislation…), CEM’s can only be sent to those who have expressly or impliedly consented, and must have an “unsubscribe” mechanism in them. In a press release dated March 5, the CRTC advised that it had issued a Notice of Violation to Compu-Finder for 4 alleged breaches of the CASL between July 2 & September 16, 2014. The release notes that Compu-Finder’s CEM’s breached both the consent and unsubscribe provisions of the Legislation.

The Notice of Violation specifies a $1.1million AMP, although Compu-Finder has 30 days to challenge it. The press release also specifically records Compu-Finder’s option of requesting an undertaking. These are provided for in section 21 of the CASL and may include conditions and a requirement to pay a penalty.

Comments:

The timing of the alleged breaches are of interest, given the first occurred the day after the Act came into force. The press release records that “…the CRTC has provided numerous information sessions across the country and made guidance materials available on its website.” Clearly there will be no ‘grace period’ as a matter of course in enforcement of the CASL.

The amount of the penalty is also noteworthy, given the scale of the alleged breaches. The AMP levied is 11% of the maximum allowable, however it is reported that this one entity was responsible for 26% of all complaints made to the (e-mail) spam reporting centre. The scale of the complaints becomes apparent when one notes that it is reported elsewhere that the spam reporting centre has fielded around 245,000 complaints to date.

Another aspect worthy of mention is the express inclusion in the Notice of Violation of the option of entering into an undertaking. In a statement, Manon Bombardier, the chief compliance and enforcement officer for the CRTC said that the goal of the Notice was “to encourage a change of behaviour on the part of Compu-Finder”. The offer of an undertaking may be seen as a signal that the CRTC wants to open dialogues with offenders and work in a co-operative fashion. However, it may also be seen as an effort to discourage litigious challenges to the amount of the AMP levied.

This case appears to have concerned business-to-business (“B2B”) CEM’s (the offending e-mails were sent to businesses offering various training courses). The transitional provisions in the CASL are very narrow in scope, and apply (only) to the B2B context. In addition, Regulations promulgated under the CASL provide an exemption to businesses sending messages to other businesses with which the sender has a “relationship” and where the message concerns the activities of the organization to which the message is sent. Many were expecting this exemption to be wide in scope and to be applied liberally, given the stated purpose of the CASL (s3). However, the fact that the very first AMP handed down was in the B2B context will no doubt have a chilling effect on those who held this expectation.

Finally, there is some US authority for the proposition that the AMP could fall within the definition of “compensable loss” where there is otherwise a trigger for coverage (Standard Mutual Insurance Co v Lay (2013 IL 114617, 989 N.E.2d 591 – see our Coverage for Cyber-Liability under the CGL Policy paper posted March 11). It is unknown what coverages Compu-Finder had in place, but there is the possibility that this Notice of Violation could form the basis for important precedent in this area of Canadian insurance law.

The CRTC press release is available here: http://news.gc.ca/web/article-en.do?nid=944159

Download as PDF

Adam Howden-Duke