Have you implemented protocols, policies, training, and other educational initiatives within your organization to ensure that your company’s email marketing campaigns comply with Canadian spam legislation? Let’s hope so.
Since July 1, 2014, the Canadian Anti-Spam Law (CASL) has governed the spam landscape, prohibiting individuals or companies from sending unsolicited emails for commercial purposes (called CEMs or commercial electronic messages) unless they have the express or implied consent of the recipient (see “What Is CASL Consent Anyway?” for an explanation of the rules on express and implied consent).
What is the worst that can happen if you don’t comply with CASL? Let’s just say you might want to make sure you have overdraft protection.
In plain English: serious bucks are at stake.
The only (legal) person at the moment that is authorized to enforce CASL is the CRTC (the Canadian Radio and Telecommunication Commission… regulators of TV, telephones, and all things internet). Yes, a handful of unelected bureaucrats in Ottawa are designated as the CASL watchdogs. CASL empowers the CRTC to set fines of up to $1 million for an individual spammer and up to $10 million for a corporate spammer.
The CRTC processes complaints from civilians filed with the Spam Reporting Centre, investigates the complaints, and (if the complaint is valid) issues a Notice of Violation to the contravening party with an associated fine (an “Administrative Monetary Penalty” or AMP). The spammer then has the opportunity to challenge the fine. The CRTC will consider (among other factors) the ability of the spammer to pay the fine when deciding on what fine to impose.
Will the CRTC maintain its status as the only contender in the enforcement ring? Perhaps… but then again, perhaps not.
The Private Right of Action
What do you think would ensue if private citizens could start lawsuits for each email received allegedly in violation of CASL? Mayhem, perhaps? Sheer and utter mayhem?
CASL contains something called a “private right of action” which would allow people who receive spam to sue spammers in Court for damages. Under this private right of action, the minimum damages that can be awarded is $200 per spam message, up to $1 million per day of spamming. So if you send out a campaign of 200 emails in violation of CASL, you could be subject to a damages claim of $40,000. Remember when we said you might want to make sure you have overdraft protection? Right.
This private right of action was scheduled to come into effect on July 1, 2017.
Canadian small business and charities voiced (loudly… more like shouted) concerns about the potential repercussions of this private right of action (class action lawyers were all in favour of it, of course). The Government of Canada actually listened—to the small business people and charities, not to the class action lawyers—and in early June 2017, the government decided to delay the coming into force of the private right of action indefinitely.
Compliance is key. Having in place at your business the right systems and procedures (in writing) for compliance is referred to as a “due diligence” defence and can be relied upon if the “private right of action” ever comes into effect. To prove this defence you would have to show that you have implemented written policies, procedures, or protocols regarding CASL compliance; trained your employees; tracked complaints filed in relation to CEMs; how complaints have been resolved; and what monitoring mechanisms are in place to assess and track CASL compliance.
Better to ensure compliance in the first place, to be honest.
As always, if you have any questions about CASL and how to make sure you comply and have everything in place to ensure that you have a good due diligence defence in place in the event of an accident, give us a shout. We’re always happy to help solve problems.