The Canadian radio-television and Telecommunications Commission (CRTC) has levied a $1.1-million fine against Compu-Finder Inc., a management training company based in Quebec, for violations of the Canadian anti-spam legislation (CASL). The fine is the first to be levied under CASL, which came into force last September.
The significant fine is intended to send an important message, says Gillian Stacey, lawyer with Davies Ward Phillips & Vineberg LLP in Toronto and chairwoman of the firm’s technology committee: “The amount specified by the CRTC in this notice of violation was certainly intended as a wake-up call from the regulators.”
Companies across Canada – financial services firms among them – are scrambling to ensure they are compliant with CASL legislation, which prohibits the sending of commercial electronic messages without the recipient’s consent, including messages to email addresses and social networking accounts, and text messages sent to cellphones.
The Compu-Finder case highlights the need to ensure that businesses do not use email addresses collected from public websites for marketing purposes, cautions Wendy Mee, associate with Blake Cassels & Graydon LLP in Toronto.
“The only time where [publicly posted email addresses] creates implied consent is where the message is relevant to the recipient’s role in a business or official capacity and the email address is not accompanied by a statement indicating that the recipient does not wish to receive such messages,” Mee notes. “This [Compu-Finder] violation makes it clear that the CRTC will not consider implied consent to exist where these conditions are not met.”
Financial advisors also should look closely at what third parties that are operating on their behalf – marketers, for example – are doing in regard to complying with CASL requirements, cautions Paige Backman, lawyer and leader of the privacy team with Aird & Berlis LLP in Toronto.
In addition, advisors who have taken steps to comply with the legislation should not just breathe a sigh of relief; more work is required. “Complying with CASL isn’t just about setting up the right processes and protocols at the outset,” Stacey says. “It is [also] about monitoring the effectiveness and ongoing compliance of those processes.”
Smaller financial advisory companies may think they are too insignificant to come to the attention of the CRTC, but they may be next in line, says David Fraser, privacy lawyer with McInnes Cooper LLP in Halifax: “You are overly optimistic if you think only large firms are a target. In fact, if I were the CRTC and I wanted to make an impact, I’d go after small firms like financial advisors or lawyers.”
In many ways, Compu-Finder, which has 30 days to submit a written response or pay the fine, was an easy and obvious target for the CRTC, one of three regulators overseeing CASL. (The other regulators are the Competition Bureau and the Office of the Privacy Commissioner of Canada).
Manon Bombardier, the CRTC’s chief compliance and enforcement officer, states in a release that Compu-Finder “flagrantly violated the basic principles of the law by continuing to send unsolicited commercial electronic messages after the law came into force to email addresses it found by scouring websites.” In addition, Compu-Finder’s website did not have a working “unsubscribe” mechanism.
Complaints about Compu-Finder made to the Spam Reporting Centre, to which consumers, businesses and other organizations can report CASL violations, represented 26% of all complaints for the sector that Compu-Finder operates in, a business-to-business category that offers training courses to businesses on topics such as management, social media and professional development.
The complaints against Compu-Finder were not the first from disgruntled consumers. Since 2008, the company has been criticized publicly for sending unwanted emails to unknown recipients.
“Compu-Finder’s breaches were significant,” says Backman. “These were not one-time breaches. They evidenced a business model of complete disregard for the law. They breached the very basic premises of CASL.”
Against this backdrop, Backman notes, the fine could have been much larger, given that the potential penalty could be as high as $10 million.
“Perhaps the regulators were looking to balance sending a message to organizations they need to comply with CASL without giving too much more fire to the numerous organizations already rallying against this law,” she says.
For Compu-Finder, an enterprise not well known until now, the size of the fine may be fatal, says Fraser: “[A fine of] $1.1 million may destroy the company.”
From the CRTC’s perspective, the fine is the cost of ensuring the new rules will be adhered to.
According to Bombardier, the hefty fine will help to ensure compliance with CASL and “encourage a change of behaviour on the part of Compu-Finder, such that it adapts its business practices to the modern reality of electronic commerce and the requirements of the anti-spam law.”
There is little doubt that more fines are imminent, says Stacey: “It is early days and, with over 120,000 complaints filed through the Spam Reporting Centre, we can reasonably expect that there will be more newsworthy findings from the regulators on CASL.”
© 2015 Investment Executive. All rights reserved.