Risk Analysis thumb image

Strap on your Helmet …

Peter Clausi has written a great article about the upcoming troubles that businesses and individuals could face once CASL enter it’s next stage on July 1st 2017.

CASL really has only two key requirements. The first is that you, as the sender of a commercial electronic message (CEM) (including any business email or text), are prohibited from sending that CEM unless you can prove you had prior consent to send it to that person. You have to be able to prove you had prior consent. You can’t email someone to ask for consent to email them.

Second, all CEM’s must be transparent – it must clearly disclose who the sender is and it must include a simple unsubscribe link. This element is fairly straightforward. If you apply some business intelligence, human resources training and forethought, you can comply with this part of CASL.

It all seems simple, doesn’t it.

Whether you like these two elements is not relevant. This has been the law in Canada for several years. It doesn’t matter if you think it’s a silly law or a disproportionate one – this is a law with global exposure, as the CRTC has assumed jurisdiction if the email is sent or received in Canada (just passing through an ISP doesn’t count). Does your business operate outside of Canada but email into Canada on occasion? You’re caught. Are you a Canadian business sending any email outside of Canada? You’re caught too.

But a CRTC isn’t really the problem. The Commission’s limited resources mean you can probably sleep at night without worrying about the CRTC showing up at your office tomorrow. What you should be afraid of is July 1, 2017. Mark that date in your calendar. That’s the day when your company’s breaches of CASL, until then relatively innocuous, can be punished by a private right of action. Anyone to whom you send an email or text will have the right to sue – all they have to prove is that they received your message, and then the onus shifts to you to prove you had prior consent to do so.

That’s what CASL itself and the CRTC’s Enforcement Advisory are telling us.

After you get sued, you will then need to put forward evidence that you had prior consent to send that email. This would be part of the discovery process in the litigation, and since this type of litigation supports class action litigation, your legal bills are going to be astronomical. And if any of the recipients are outside of Canada, watch for creative aggressive plaintiff counsel to figure out ways to trace liability back to that jurisdiction. Double the litigation, double the legal expenses.

Click here to read the full article.

CASL, Risk Analysis thumb image

Jillian Swartz of Allen McDonald Swartz LLP has published an excellent article discussing the impending danger of class action lawsuits under CASL coming into effect on July 1st, 2017.

On July 1, 2017, CASL’s private right of action provisions, which provide for penalties of up to Cdn$1,000,000 per day, will come into effect. Class actions are almost a certainty. Any Canadian business (and any business that has customers, donors or contacts in Canada) that is not fully compliant with CASL must act now to develop and implement robust compliance strategies in order to mitigate its class action risk.

CASL provides for a private right of action. This means that, in addition to the risk that the regulators may bring an enforcement action against an organization that violates CASL, there is a potential for individuals, partnerships, corporations, organizations, etc. (or more aptly, a group of such persons) to bring a lawsuit against an organization that has breached CASL. There is a risk of high damages awards under CASL. The following chart summarizes the potential damages that a court may award.

As a result of the potential for high damages awards, it is likely that CASL litigation will become the next trend in class action litigation. It is also important to note that the CRTC, because it has limited resources to pursue enforcement action, has been focusing on the worst offenders. Class action lawyers are not similarly restrained, so it is likely that they will aggressively pursue organizations that have allegedly violated CASL. The class action risk is heightened because CASL allows a court to impose a monetary award without any proof that actual damages have been sustained.

An employer can be held liable where an employee violates CASL while acting within the scope of his or her employment, unless the employer can show that it exercised due diligence to prevent the violation. In addition, it is an offense to aid, induce, procure or cause to be procured the sending of CEMs in violation of CASL.

For more visit their article here or download the PDF version here.

Risk Analysis thumb image

A high-level look at the looming disaster

Peter Clausi has written an in depth article looking at the reality of how CASL has changed the landscape of commercial email activity in Canada, the consequences of not complying with the new rules and also the upcoming changes to the law and their impacts.

CASL compliance is about consent, not content. You need consent BEFORE you send the email. You cannot email someone to ask for consent to send that person email. If challenged, the onus is on you as the sender to prove you had prior consent.

Actually, it’s worse than that.

Every message you send must have a built-in unsubscribe feature. Must. If you don’t, you’re in breach of CASL.

The statute is so broad, the consequences so harsh, that most of us in the compliance industry did not think it could be rigorously enforced. The CRTC simply lacked the resources or the will to enforce CASL in any meaningful way.

We were wrong.

In March of 2015, the CRTC gave notice of its intentions when it punished a numbered corp with an administrative monetary penalty of $1,100,000 for having sent emails without the recipients’ consents as well as for sending commercial emails that did not have a properly functioning unsubscribe mechanism. We didn’t criticize the penalty since the numbered corp was what we normally think of as a true spammer – atta go, CRTC!

Then Plenty of Fish got hit for $48,000. We didn’t really care since it’s a free dating website, so we all just giggled a little, albeit nervously.

We began to really care in June of this year when regional flyer Porter Airlines was hit by the CRTC for $150,000 for CASL breaches. And we really paid attention a few weeks ago when Rogers Communications agreed to a $200,000 fine, for the “offence” of sending corporate emails that did not always have a fully functioning “unsubscribe” mechanism.

Look at the email you send. Is there a fully functioning unsubscribe mechanism in every email you send? If not, your entire organization is at risk.

Visit the original post for the full article.