The Canadian Radio-television and Telecommunications Commission (CRTC) announced today that it has issued its first penalty under Canada’s Anti-Spam Legislation. It totals C$1.1 million against Compu-Finder for sending emails without consent and ignoring unsubscribe requests.1 The penalty is well below the C$40 million statutory maximum, but at C$275,000 per violation, it establishes a credible enforcement baseline that anyone sending to Canadian addresses should take seriously.
The CRTC’s findings are straightforward. Compu-Finder sent commercial emails without prior consent. When recipients unsubscribed, the mail kept coming. Some contacted the company after subsequent mailings to report that they were unable to unsubscribe, and even those people continued to receive new emails.2 By the time the CRTC acted, Compu-Finder’s mail accounted for more than 25% of the spam complaints reported to Canadian regulators. The agency gave the company an opportunity to correct its practices. It did not.
Two things about the penalty are worth noting. First, the CRTC treated each send instance as a single violation — four violations in total — rather than counting individual recipients. This is what the EEC/DMA refers to as a “send instance.”3 This may be surprising to some activists who were hoping penalties might be computed on an individual message basis and had dreams of shocking penalty amounts as a result. So activists who hoped for per-recipient penalties will find that disappointing. Second, and more importantly for email marketers: this was all B2B mail. As Laura Atkins has pointed out, most people assume anti-spam enforcement targets consumer inboxes.4 Compu-Finder’s case puts that assumption to rest. CASL applies to commercial electronic messages regardless of whether the recipient is a consumer or a business contact.
The practical compliance questions are the same ones they have always been: Do you have documented consent for every address you’re mailing into Canada? Does your unsubscribe mechanism actually work? Those are not complicated requirements. This wasn’t a technical violation of some bit of CASL minutiae on Compu-Finder’s part. This was an operational failure of their program as a whole. The company apparently had an unsubscribe link that did nothing. That is the kind of failure that can produce a seven-figure penalty.
If you send to Canada and haven’t recently verified your consent records and unsubscribe infrastructure, the CRTC has now demonstrated that it will use its authority under CASL to “help” you get your house in order.
Footnotes
- Service Canada, CRTC Chief Compliance and Enforcement Officer Issues $1.1 Million Penalty to Compu-Finder for Spamming Canadians, (2015), https://www.canada.ca/en/news/archive/2015/03/crtc-chief-compliance-enforcement-officer-issues-1-1-million-penalty-compu-finder-spamming-canadians.html (last visited Mar 5, 2015). ↩︎
- The Canadian Press, CRTC Issues First Anti-Spam Penalty: $1.1M Fine for Compu-Finder, CTVNews (2015), https://www.ctvnews.ca/sci-tech/crtc-issues-first-anti-spam-penalty-1-1m-fine-for-compu-finder-1.2265527 (last visited Mar 5, 2015). ↩︎
- Email Experience Council & Direct Marketing Association, A Digital Marketer’s Guide to Canada’s Anti-Spam Law “CASL,” https://www.ana.net/content/show/id/accountability-digital-marketing-CASL (last visited Dec 25, 2024). ↩︎
- Laura Atkins, CRTC Fines Compu-Finder $1.1 Million for CASL Violations, Word to the Wise (Mar. 5, 2015), https://wordtothewise.com/2015/03/crtc-fines-compu-finder-1-1-million-casl-violations/ (last visited Mar 5, 2015). ↩︎
This post does not constitute legal advice; consult qualified legal counsel on your specific obligations under CASL.
About the Author
Mickey Chandler is a Consultant & Attorney with over 28 years of experience in Email Deliverability & Privacy Law. He has a strong background in email authentication infrastructure (SPF, DKIM, DMARC), ISP and mailbox provider relations, anti-spam policy and compliance, CAN-SPAM and state anti-spam law gained through overseeing the Abuse & Compliance team at Salesforce Marketing Cloud, originating the ISP relations role at Informz (now part of Higher Logic), and working in the fight against spam since 1997. He holds a B.A. in Government, a B.S. in Computer Information Systems, and a J.D. from the University of Houston Law Center. He is a certified CIPP/US professional and a certified CIPM professional.
