Canadian Anti-Spam Enforcement 2015: A Year in Review

Written by Martin P.J. Kratz, QC, J. Sébastien A. Gittens, and Graeme S. Harrison

Over the last year, the Canadian Radio-television and Telecommunications Commission (CRTC) has been active in its enforcement actions under Canada's Anti-Spam Legislation (CASL). As shown by the following summary of publicly-disclosed enforcement actions in 2015, it is clear that this regulatory agency has exhibited a willingness to enforce the electronic communications provisions of CASL using the various mechanisms provided thereunder and issue significant penalties for non-compliance.

On March 5, 2015, the CRTC issued a penalty of $1.1 million to Compu-Finder under CASL. Compu-Finder allegedly sent commercial electronic messages without consent and failed to honour unsubscribe requests.

On March 25, 2015, the CRTC announced that it entered into an undertaking with online dating service operator Plenty of Fish. The CRTC found that this organization failed to include a CASL-compliant unsubscribe mechanism in commercial e-mails to its subscribers, and announced that Plenty of Fish would be required to pay a $48,000 penalty under the terms of the undertaking.

On June 29, 2015, Porter Airlines Inc. paid $150,000 as part of an undertaking pertaining to alleged CASL violations. The CRTC alleged that Porter Airlines sent commercial electronic messages (in the form of emails) that did not contain an unsubscribe mechanism, and that Porter Airlines did not honour unsubscribe requests, in some cases, within 10 business days. In other cases, the CRTC alleged that Porter Airline's unsubscribe mechanism was not clearly or prominently set out. Finally, the CRTC found that Porter Airlines was unable to prove that it had consent to send the commercial electronic messages in question.

On November 20, 2015, the CRTC announced that Rogers Media Inc. paid $200,000 under the terms of an undertaking regarding alleged CASL violations. The CRTC stated that Rogers Media sent commercial e-mails that contained inadequate unsubscribe mechanisms. In some instances, the unsubscribe mechanisms did not contain an electronic address that was valid for 60 days after the message was sent. The CRTC was also of the view that Rogers Media did not give effect to certain unsubscribe requests within 10 business days.

On December 3, 2015, the CRTC served its first warrant under CASL to take down a command and control server located in Toronto, Ontario as part of a coordinated effort directed by law enforcement agencies in many countries at the Win32/Dorkbot malware family. The CRTC reports that this malware family has infected over one million personal computers in over 190 countries.

These enforcement actions show that the CRTC is targeting technical and other violations under CASL. Given the potential liabilities associated with a violation under CASL and the expected increase in frequency of the CRTC's enforcement actions, businesses should review the way in which they communicate electronically to ensure that they are compliant with CASL. Our series of posts "Defending Enforcement under CASL", considers the foundations of a compliance defence to liability under CASL.

The enforcement actions also show that most defendants have adopted to use undertakings as a means for resolution of the action.

For a more complete look at CASL and what it means for you and your business, please visit our Anti-Spam Learning Centre.