CASL, Guest Post thumb image

CRTC Issues $48,000 Fine for Technical Violation of CASL

Martin Kratz at Bennett Jones LLP has posted a good summery of the Plenty of Fish fine:

Following up on its recent $1.1MM CASL enforcement action against Quebec executive training firm Compu-Finder (which you can read about here), the CRTC announced today that it has entered into an undertaking with online dating service operator Plenty of Fish.

According to a press release issued by the CRTC, Plenty of Fish failed to include a CASL-compliant unsubscribe mechanism in commercial e-mails to its subscribers. The violations occurred from July 1 to October 8, 2014. Plenty of Fish has now reportedly entered into an undertaking with the CRTC, an option for businesses subject to enforcement action under CASL. The CRTC states that Plenty of Fish will be required to pay a $48,000 penalty under the terms of the undertaking.

We note that the CRTC appears to be increasing the frequency of its enforcement actions under CASL. However, unlike its previous enforcement actions, the CRTC’s recent action against Plenty of Fish appears to have focused on a largely technical compliance issue – the prominence and ease of use of an unsubscribe mechanism. While the CRTC does not go into detail in its press release as to the particular deficiencies, we interpret this enforcement action as a sign from the CRTC that even technical violations of CASL may give rise to substantial regulatory penalties. We anticipate that other social media operators will wish to review their compliance plans – the CRTC press release notes that Plenty of Fish will implement a compliance training program and policy.

Martin Kratz
Leading Canadian Intellectual Property and Technology Lawyer
Bennett Jones LLP

Visit the original post for more and links to their CASL resources.

CASL, Guest Post thumb image

The CRTC issued its first “Notice of Violation” under Canada’s anti-spam law (“CASL”) today, assessing an administrative monetary penalty of $1.1 million against Compu-Finder, for allegedly sending commercial electronic messages without consent and for providing an unsubscribe mechanism that did not function properly. According to Manon Bombardier, Chief Compliance and Enforcement Officer at the CRTC:

“Compu-Finder flagrantly violated the basic principles of the law by continuing to send unsolicited commercial electronic messages after the law came into force to email addresses it found by scouring websites. Complaints submitted to the Spam Reporting Centre clearly indicate that consumers didn’t find Compu-Finder’s offerings relevant to them. By issuing this Notice of Violation, my goal is to encourage a change of behaviour on the part of Compu-Finder such that it adapts its business practices to the modern reality of electronic commerce and the requirements of the anti-spam law. We take violations to the law very seriously and expect businesses to be in compliance.”

Compu-Finder apparently sent commercial electronic messages to businesses promoting training courses in topics such as management, social media and professional development. The CRTC reported that Compu-Finder accounted for 26% of all complaints for this industry sector.

So, what are the takeaways for your business? Continue reading

CASL, Guest Post thumb image
by laura

The Canadian Radio-television and Telecommunications Commission (CRTC) is the principle agency tasked with enforcing Canada’s anti-spam law. Today they issued a Notice of Violation to Compu-Finder including a $1.1 million dollar fine for 4 violations of CASL. The violations include sending unsolicited email and having a non-working unsubscribe link. According to the CRTC, complaints about Compu-Finder accounted for 26% of all complaints submitted about this industry sector.

This is the first major fine announced under CASL.

One of the first things that jumped out at me about this is the action was taken against B2B mail. There are a lot of senders out there who think nothing of sending unsolicited emails to business addresses. In my experience, many B2B senders think permission is much less important for them than B2C senders. I think that this enforcement action demonstrates that, at least to the CRTC, permission is required for B2B mail.

The other thing that jumped out is that given the extent of the complaints (26%) the financial penalties were only slightly more than 10% of the $10M maximum penalty. It seems the CRTC is not blindly applying the maximum penalty, but is instead actually applying some discretion to the fines.

I’ve looked for the actual notice of violation, but haven’t been able to find a copy. If I find it, I will share.

This has been re-posted to the CASL Cure blog with permission from Laura of Word to the Wise

CASL, Guest Post thumb image

CASL software consent chart – Guest Post

Guest post authored by David R. Canton of Harrison Pensa LLP

CASL, the Canadian anti-spam act, contains provisions that take effect on January 15, 2015 that are intended to prevent malware from being installed on computers (including any device that uses software such as smartphones, cars, TV’s, routers, thermostats…). The sections require the software provider to obtain express consent from the computer user for certain installations. There are 2 different levels of consent. Both require the disclosure of specified information, and the second level requires the consent to be obtained outside of the license.

Unfortunately the CASL software consent provisions are tortuous and unclear, and if taken literally could cause huge problems for the software industry. The IT bar has been collectively scratching its heads trying to understand how to interpret the sections. The CRTC has tried to interpret them in a way that aligns with the intent of stopping people from installing malware on computers. While the CRTC interpretation may not line up with the act, we basically have to work within it for the time being. When advising clients we will have to include caveats that we can’t guarantee that a court would agree with the CRTC’s interpretation.

Because January 15 is close at hand, software providers with customers in Canada should consider whether they need to do anything to comply. Violating the act has the same huge potential consequences as violating the anti-spam provisions.

The chart below is an attempt to give an overview of the analysis that a software provider should do to determine what, if anything, they need to do. There are 2 caveats to this chart. First, the sections are technical and have their own caveats and exceptions, so you can’t rely on the chart alone. Second, it relies on the CRTC position as it stands at this moment based on statutory language that really doesn’t make a lot of sense.

download pdf CASL software chart

CASL, Guest Post thumb image

CRTC on CASL enforcement

Guest post authored by David R. Canton of Harrison Pensa LLP

Some businesses seem to be ignoring the CASL anti-spam law. Their attitude is that it’s been months since it’s been in force, nobody’s been fined, and there have been no public enforcement actions (other than one spam bot server situation). They are feeling safe that it’s not being enforced against typical businesses, and that the CRTC can’t possibly go after every small business.

In a recent webinar, the CRTC said they have issued a number of compliance orders under CASL. They are not making compliance orders public, though, and they did not say how many. They will at some time release stats on numbers of orders issued – perhaps at the end of the year.

They also said they would not always start with a gentle request to comply. In other words, don’t think you can sit back and not comply, then react only when they knock on your door.

The gentle approach is more likely if a business has tried but not quite got it right – less likely for one that has just ignored it. I suspect the CRTC will be eager to make some examples.

CASL, Guest Post thumb image

CASL Cure provides a CASL solution

Guest post authored by David R. Canton of Harrison Pensa LLP

Perhaps the most difficult compliance challenge arising from CASL – the new Canadian anti-spam law – is how to deal with one-off emails sent by individual employees. A new online service called CASL Cure provides an outbound email filter solution to this problem.

CASL requires either express consent, or one of a complex series of implied consents, before you can send email that is even slightly promotional in nature. Just 1 non-compliant email sent by 1 employee can put a business at risk for significant sanctions, including multi-million dollar fines, personal director and officer liability, and starting in 2017 private rights of action including class action suits. The onus is on the sender to prove compliance, so records must be kept to show how and when express consent was obtained, or how the recipient fits into an implied consent category. The email itself must contain specified contact info and an unsubscribe mechanism.

That is a lot to expect any employee to understand, let alone comply with, regardless of how much training they get.

CASL Cure solves this challenge in two ways. First, it automatically adds CASL compliant contact information and an unsubscribe mechanism to every email. Second, it compares the outbound email addresses to a whitelist of emails that have consent. If it detects an address that is not listed, it holds the email and sends a reply to the sender saying that the intended recipient is not on the CASL approved list, and offers a menu that the sender can use to enter the details of the nature of the consent. Once the sender completes that information, that consent detail is added to the whitelist and the email is released.

This solution significantly reduces the risk of sending non-compliant emails. And since it records how and who added the consent details to the database, it is easy for the business to deal with an employee who tries to cheat the system. It also helps immensely with a defense under CASL if an investigation results from a complaint. First, because the system records consent details. Second, if a non-compliant email does get through for some reason, such as an employee entering false information, it provides a due-diligence defense showing that the business did as much as it possibly could to prevent a violation.

Transparency disclosure – the providers of CASL Cure are clients of mine.