Posts

15 Recommendations to Strengthen and Simplify CASL

/0 Comments/in , /by

Following our testimony before the Standing Committee on Industry, Science and Technology of the House of Commons, and the rich and numerous exchanges we had with members of Parliament during the question period, we published a brief containing a series of recommendations to be taken into account in their review process of the Canadian Anti-Spam Law.

Here are the 15  recommendations that you can also download in its original PDF format:

—–

This brief presents a series of recommendations to supplement the presentation given by our president, Philippe Le Roux, at the Committee’s 79th meeting. The following recommendations support two main objectives:

  • Enhance the benefits of Canada’s anti-spam legislation (CASL) for consumers and businesses
  • Facilitate CASL compliance for businesses

1) Educate consumers about CASL

Consumers are aware of CASL’s existence, but they are not aware of the primary rules regarding consent. As a result, many complaints are being filed about messages that are fully compliant with the regulatory requirements but perceived by certain recipients as unsolicited. This places an unnecessary burden on enforcement agencies and creates needless friction between businesses and consumers.

R1: We recommend that a CASL education and outreach campaign be launched across the country to educate consumers about the kinds of messages and situations that are regulated as well as the defence mechanisms available, such as the Spam Reporting Centre (SRC) and the private right of action.

2) Educate businesses about CASL compliance

The main obstacle to CASL compliance is total or partial ignorance of the regulatory requirements. The latest studies show that less than 20% of Canadian businesses know that a compliance program is needed to make use of the due diligence defence. For small and medium enterprises, which account for 97% of Canadian businesses, this falls to less than 5%.

R2: We recommend that a campaign be launched to educate small businesses about the many regulatory requirements and the importance of compliance programs. This campaign should be carried out in cooperation with agencies that deal with small businesses, such as chambers of commerce, industry associations, and advocacy organizations such as the Canadian Federation of Independent Business (CFIB).

R3: We also recommend that the CRTC produce CASL awareness webinars based on the conferences given by the investigations and compliance team during the awareness campaign last spring in Toronto, and that these webinars be posted on its fightspam.gc.ca site.

3) Improve the fightspam.gc.ca website

The authoritative website for information about CASL is only updated a few times a year, leaving the perception that it is not really a topic of concern for businesses. As well, the site does not provide an objective-based user experience, but instead presents categories of information, making it very difficult for an inexperienced user to find what they are looking for. Lastly, the site hides the regulatory requirements for recordkeeping, the basis for most fines.

R4: We recommend that the fightspam.gc.ca website be redesigned based on a dual architecture: one section educating consumers about how CASL protects them, how to determine whether or not a message is compliant, and the various courses of action available if they receive a non-compliant message; and another section educating businesses about the requirements and the CRTC’s interpretations with respect to compliance.

4) Remove uncertainty surrounding the most common issues

During its two appearances before the Committee, the CRTC referred to some of the directives it has released over the past three years. We have identified about 100 common compliance issues affecting small businesses. The CRTC is clearly too slow to release information, adding stress and a needless burden on companies that wish to comply.

As well, the CRTC’s published decisions show that in each case, it has taken a narrow interpretation of CASL, each time creating an unreasonable requirement for small businesses that wish to comply. This way of dealing with businesses that make honest mistakes discourages small businesses from investing in compliance.

R5: We recommend that the CRTC establish an advisory committee made up of key stakeholders (consumer advocates, legal experts, email marketing experts, compliance experts) to identify and analyze the most common compliance issues and quickly release its compliance requirements and guides on these issues, in line with the advisory committee’s recommendations.

5) Oversee compliance services

CASL compliance service providers such as Certimail, Newport Thomson, AAM, Deloitte and KPMG are strategic allies for the CRTC in encouraging Canadian businesses to develop documented compliance programs. Despite our very limited resources, this year Certimail has educated more small businesses in Quebec than the CRTC has across Canada.

Companies would be more motivated to invest in a compliance program if they were assured that these programs are effective, which is not currently the case.

R6: We recommend that the CRTC publish codes of conduct that oversee, recognize and endorse industry-developed compliance programs, as is the case with the GDPR in Europe.

6) Range of fines

It is surprising that Canada’s biggest spammer, Compu-Finder, which generated up to 25% of the complaints filed with the CRTC at the time of investigation and consistently refused to cooperate throughout the process, was fined the same amount as Rogers Media, which acted in good faith and fully cooperated during the investigation.

As well, threatening a small business of 10–30 employees with $10 million in fines appears to be so disconnected from the reality of these businesses that they do not take CASL and its enforcement seriously and are not motivated to comply.

Although the $10 million cap needs to stay in place so that fines continue to serve as a deterrent and prevent multinationals from seeing fines as simply a cost of doing business, a graduated range of fines depending on the business, the offence and the context would make the threat more real and therefore more effective.

R7: We recommend that the CRTC set a range of fines taking into account the size of the business, its annual revenues, the number of complaints received, the seriousness of the offence, the intent and past history of the business. A minimum and maximum fine for each offence category could be set.

7) Private right of action (PRA)

As long as the number of fines remains negligible compared to the number of complaints (6 vs. 1.1 million), consumers and businesses need another avenue to protect their rights.

The PRA has a deterrence power that the CRTC has not been able to obtain in three years. We received 10 times the number of requests for information on compliance in spring 2017 than in spring 2014. This number plunged immediately following the government’s June 7 announcement that the measure was being postponed.

R8: We recommend that implementation of the private right of action be announced quickly with a deadline of July 1, 2018, so that businesses can be educated about the above recommended compliance requirements.

8) Limit withdrawals to the reference entity

The CRTC is currently interpreting “withdrawal of consent” more broadly than the consent itself. The following is an example given by the CRTC during a recent presentation in Toronto. If a consumer signs up for newsletters from Dove (a Johnson & Johnson brand), Johnson & Johnson cannot send that consumer commercial email messages (CEMs) about its other brands. However, if the consumer withdraws consent, by default this withdrawal must be applied to all CEMs sent by Johnson & Johnson, including those pertaining to brands for which there may be implicit or explicit consent, even though the consumer may not be aware that both brands belong to the same company.

R9: We recommend that withdrawal be limited to the brand in question, not the parent company’s entire line of brands, whose existence and breadth may be unknown to consumers

9) Transactional and service messages

Under section 6.6, transactional and service messages that do not require consent must now include withdrawal mechanisms, which imposes a burden on companies and creates confusion and frustration for consumers who receive them.

R10: We recommend that section 6.6 be simply repealed so that only identification information is required in such messages.

10) Differentiating the various types of commercial electronic messages

Currently, virtually all CEMs fit into three categories:

  • batch messages
  • automated marketing messages sent individually, but without human intervention
  • individual messages written and sent explicitly by someone for each mail out

However, CASL provides that, by default, withdrawal of consent in response to any of these messages must be interpreted as a withdrawal of consent for all commercial electronic messages of all types.

R11: We recommend that CASL be amended to reflect these different message categories and that the regulatory requirements take them into account, such as by limiting the scope of withdrawals to the category of message that initiated the withdrawal request by default.

11) Expand complaint forms and make them public

The current complaint form does not allow complainants to provide additional context when filing a complaint. This is extremely frustrating for some consumers, and it deprives investigators of information that could help validate and process complaints.

Furthermore, the SRC is a black box, and this lack of transparency is very frustrating to consumers who want to know if they are the only ones complaining about a company, and to companies interested in finding out how many complaints have been filed against them.

R12: We recommend that the complaint form be expanded to include fields that allow complainants to provide context about the offending messages, and that the complaints index be made accessible through an open data file as well as a web interface allowing searches on multiple criteria, including company names and brands. Of course, this information would be accompanied by a notice indicating the basis of the complaint has not been validated.

12) Speed up investigations to keep up with complaints

With just under 500 investigations and six fines issued in three years over more than 1.1 million complaints, the CRTC is leaving the impression that there is practically zero chance of getting caught. In fact, small businesses see CASL as little more than a game of Russian roulette with six bullets in a revolver with 1 million blanks, rather than a set of regulations that apply to everyone.

R13: We recommend that the CRTC develop mechanisms to automate complaint analysis and processing combined with a graduated range of fines to reduce the investigation workload required for each case.

R 14: We also recommend that companies subject to a first validated complaint receive a warning letter to raise awareness and to inform them that they could face investigations or fines.

13) Promote the benefits of CASL

Not only has CASL resulted in a sharp drop in spam in Canada, but it has also had a positive impact on the effectiveness of email marketing. The email marketing performance of Canadian companies has increased over 20% since CASL came into force. Promoting the competitive advantage of CASL compliance will help the government motivate businesses.

R15: We recommend that the government launch an education campaign about the effectiveness of email marketing when it complies with CASL best practices. This will allow companies to see the cost of compliance as an investment in marketing.

Those are our main recommendations based on four years working with dozens of small businesses of all sizes and in all fields to ensure they are compliant, as well as on over 20 years of expertise in effective email marketing. We are available to the Committee and its members to discuss these recommendations in greater detail.

 

Parliamentary Review of CASL: A Festival of Asinine Discourses

/0 Comments/in , , /by

If you believe, like many do, that you still receive a lot of unsolicited messages (i.e., spam) in your inbox, you’re all hallucinating.

At least this is what the Canadian Chamber of Commerce seemed to imply when it told members today, during the second revision session of CASL by the Standing Committee on Industry, Science and Technology, that spam is no longer a problem.

Today’s session consisted of a long series of approximations and erroneous or exaggerated assertions. The discourses, whose similarity might suggest that they are secretly coordinated, all revolved around the same central idea:

Overseeing commercial electronic messages sent from businesses prevents the authorities from dealing with the “bad guys” who threaten IT security. So let’s give companies the opportunity to send all the messages they want to whomever they want because the real problem that the CRTC should be concentrating on are fraudsters.

This type of assertion is asinine: Imagine the CAA calling for the abolition of the driving rules so that the police can devote themselves to the fighting against terrorism.

Let’s look at and analyze the central pearls of this type of reasoning.

Spam is no longer a problem (???)

According to Scott Smith, Director, Intellectual Property and Innovation Policy at The Canadian Chamber of Commerce, spam is no longer a problem for Canadians. This hyperbolic assertion is taken from a report, supplied by anti-spam software vendor Trustwave, which Smith relies upon and states that anti-spam software blocks 99% of spam.

Even if this statement was objective and credible, how then does one explain the over 5,000 complaints that the CRTC continues to receive on a weekly basis, and the 1 million + complaints its registered in the last three years?

Technological illiteracy or misinformation?

The complexity of CASL has been rightly pointed out by speakers, especially when it comes to the various types of “implied consent”.

But to argue, as Mr. Smith did, that there is no technology that exists for businesses to manage consents, or that you have to invest a lot of money to do so, is to misinform and mock the intelligence of the members of the committee.

While not all marketing technology suppliers are up to regulatory compliance standards (a consequence of inadequate educational work on behalf of the CRTC regarding CASL), there are already several solutions available to manage and document different types of consent.

Providers, such as Dialogue Insight, iTracMarketer and Cyberimpact for mass mailings or emailChecker and CASL Cure for individual emails, all offer practical solutions tailored to all sizes of businesses, with costs that go from ten dollars to a few hundred a month.

A plethora of alternative facts

At a time when everyone is concerned about the phenomenon of “fake news” and its impact on society, it is impressive to see the number of “alternative facts” than the lobbyists delivered to the members of Parliament.

For example, Ms. Aïsha Fournier Diallo, Senior Legal Advisor at Desjardins General Insurance Group, daftly stated that CASL prevents her from sending SMSs to VISA Desjardins clients, informing them of their credit limit, or from sending password reset emails to customers.

Even Barry Sookman, senior partner of McCarthy Tétrault and considered a top figure in the field, gave testimony that could cast doubt on his credibility. He stated that CASL had no impact on fraudsters. In fact, because of CASL, the CRTC was able to dismantle an international network of cyber-pirates who sent out malware affecting millions of computers around the world.

He went on to illustrate the excessive nature CASL, by explaining that it prohibits a teenager from offering babysitting services to neighbors or prohibits a person from recommending their dentist to a friend. When deputy Eva Nassif challenged him, he acknowledged the exaggerated nature of his examples.

Me Sookman went on to talk about the perils that CASL causes to Canadians by referring to a National Post article, whereby American television game show Jeopardy had banned Canadian candidates specifically because of CASL. The producers of the show have since denied this fake news and indicated that Canadian candidates were never banned from the show, but that applications were simply suspended to take the time necessary to adapt its form to Canadian regulations.

Mr. Sookman even attempted to persuade the Honourable Maxime Bernier, (who addressed the fact that politicians should be held accountable under CASL) that if CASL applied to politicians, Mr. Bernier would not have been legally allowed to send messages to his list of 65,000 supporters during the Conservative Party’s leadership race. A false assertion because those 65,000 people subscribed to Maxime Bernier’s list to receive those messages.

Ignoring the real problems

What is most damaging in these testimonies and discourses, intended to represent the interests of businesses, is that the real issues and problems are ignored.

CASL and its enforcement by the CRTC pose real problems for SMBs, but at the same time, it’s an opportunity for businesses to improve their digital communications. Among these problems are:

  • The restrictive interpretation of rules by the CRTC
  • The numerous frequent situations still missing guidance from CRTC
  • The lack of clarity in the definition of commercial electronic messages
  • The challenge of documenting verbal consents
  • The lack of data on the volume of spam and its evolution
  • The lack of collaboration with Internet service providers
  • Etc.

We need a marketer in the room!

Having listened to the testimonies and debates of this session many times over, I’ve come to two conclusions:

1) Speakers, unfortunately, spent most of their time showing bad faith by demonizing CASL instead of using it to expose the real issues that affect businesses, so that members of Parliament can put in place solutions.

2) Entrusting the defense of digital and email marketing to lobbyists and lawyers who have no expertise in the field of email marketing is not the best way to improve CASL’s areas of contention, nor does it benefit companies, in particular, SMEs.

It’s time to start thinking about this law in terms of clear rules that make sense from a variety of angles and perspectives.

CASL’s first Parliamentary Review Session

/1 Comment/in , /by

The House of Commons Standing Committee on Industry, Science and Technology began yesterday their review of the Canadian Anti-Spam Law. The CRTC launched the presentation by addressing those key areas that are of concern to Parliamentary deputies. Little news has been made available to the public, but we’ve been on the watch and below you’ll find highlights from the review.

A questionable discretion

Considering that this law is the one that generates the most complaints from consumers, that it has been decried and actively challenged for years by lobbyists since its adoption seven years ago, it’s surprising that this review process was not publicly announced.

In fact, the only place where information has been disclosed is on the Committee’s agenda, which is generally followed only by professional lobbyists. However, given the importance of this legislation, and how much it affects ALL Canadian businesses, it was expected that this process would have been publicly announced, at least to those organizations concerned, to allow them to prepare for the Committee’s reflection.

One has to wonder what’s with all the discretion.

Department officials’ and the CRTC’s opening remarks

The first session was devoted to the hearing of department officials:

  • Mark Schaan, Director General, Marketplace Framework Policy Branch, Innovation, Science, and Economic Development Canada
  • Charles Taillefer, Director of Digital Transformation Service Sector in the Privacy and Data Protection Policy Branch, for Innovation, Science, and Economic Development Canada

Followed by CRTC officials:

In his address, Mr. Schaan gave a brief history of the law. He affirmed the law’s effectiveness and went on to say that spam has been reduced by more than one-third in Canada, explaining the importance of this legislation for the development of e-business in Canada.

The floor was then given to the CRTC. In his speech, Mr. Harroun cited the various enforcement mechanisms used to apply CASL, ranging from warning letters to administrative monetary penalties, to notices of violation and commitments.

He then highlighted the CRTC’s public education and awareness efforts, in particular for businesses, indicating that a total of 6 conferences were held in Toronto last May that reached 1,200 companies. One deputy member reminded him that Canada was not limited to Toronto. Finally, he explained the work done by the CRTC at the international level to develop collaborative agreements with the authorities of several other countries.

Requests for information are evolving

In response to the Committee’s first question, Mr. Harroun argued that requests for information received by the CRTC from businesses are increasingly about the development of compliance programs. While in 2014, the questions were more about the concept of consent and unsubscribe links. He then went on to stress the effectiveness of the various penalties that the CRTC can impose on companies.

The Private Right of Action

On June 7th, Minister Bains announced that he was temporarily suspending the private right of action (PRA), which was to begin on July 1, 2017, pending parliamentary scrutiny of CASL. It was therefore normal that the implementation of this right of appeal was the subject of several questions by members of the Committee.

These questions allowed Mr. Schaan to explain why the department had decided to suspend the PRA.

In particular, he explained that the main reasons are the risk of multiplying costly class action suits and the fact that there are still many gray areas concerning CASL compliance.

The CRTC, for its part, insisted that the PRA is an important enforcement tool and that similar measures are already present in the legislation of several countries, in particular, the United States, Australia, and the United Kingdom.

Already more than 1.1 million registered complaints

Mr. Barrat indicated that the CRTC has already registered more than 1.1 million complaints in its spam reporting center, which is the primary source used for investigations. And that complaints continue to enter at a rate of 5,000 per week. He also noted that complaints result from the activities of all industrial sectors and all sizes of businesses including the not-for-profit sector.

CASL is effective

As the committee continued, Mr. Schaan demonstrated the effectiveness of CASL by citing various independent reports. He referred to a US report showing that one year after the Act came into force, the number of emails received by Canadians decreased by 29%, and the volume of spam from Canada fell by 37%. He also cited a study done by Ipsos on behalf of CIRA showing that by October 2014, 62% of Canadians were aware of CASL and believe in its effectiveness. In fact, 84% of them had already taken advantage of it to reduce the volume of commercial messages they received. For their part, 49% of companies felt that the Canadian Anti-Spam Act Law had no impact on their marketing, 23% felt that the impact was minimal and 27% said they had a significant impact.

Mr. Schaan pointed out that Canada was one of the top 5 countries for generating spam. But since the passing of the bill, Canada is not even in the top 10.

The RCMP called in for collaboration

In a question on the means used to manage the international dimension of spam arriving in Canada, the CRTC explained that cooperation and agreements with authorities in other countries were increasing and that there was no particular difficulty at this level. However, he stressed that he doesn’t receive similar collaboration locally, particularly with the RCMP. He indicated help from them would be beneficial in enforcing CASL.

More than 30 completed investigations

The CRTC indicated that during the grace period it completed more than 30 investigations, of which only six have been made public to date. All other investigations are still in the process of negotiating commitments with collaborating companies. Some of the complaints received at the spam notification center are shared with the RCMP for criminal investigations to be conducted.

CASL as a benchmark

Witnesses indicated that the notion of consent as defined in the Canadian Anti-Spam Law is the benchmark for the ongoing revision of the Personal Information Protection and Electronic Documents Act currently being conducted by the Privacy Commissioner.

Meanwhile, MPs have made many parallels between the rules of CASL and that of the National Do Not Call List’s Rules, which is enforced by the same CRTC’s team and generates more than one hundred investigations per year for half the number of complaints received under CASL.

The CRTC is unable to provide numbers

A curious fact to note is that with each question relating to numbers and complaints or investigations, the CRTC was unable to answer. This was also the case when asked about the industrial sectors that generated the most complaints, the number of investigations and fines, and the types of complaints received.

When the Honourable Maxime Bernier inquired about the financial impact on businesses of becoming compliant, the CRTC was still unable to provide even estimates.

—–

You can listen to the full recording of the exchanges on the committee’s website until the transcription is published. Until then, we are currently taking steps to obtain the dates and participants of the next sessions, as well as to take part in the debates to present the point of view based on the dozens of SMBs in Quebec that we have already helped to implement CASL compliance programs.

 

CASL: What’s changed since July 1st?

/0 Comments/in , /by

After three long years, the grace period has ended, and companies must have established and implemented a compliance program. Businesses can no longer defend themselves by explaining that they weren’t aware of all the criteria necessary to be compliant.

From now on, to whom can you send messages to?

 

From now on, you may only send electronic business messages to:

  • persons who have given explicit consent,
  • clients who have made at least one transaction in the last two years,
  • individuals who have requested, within the last six months, to receive business information.

ATT: For all other contacts, you can no longer send them communications. This includes sending a consent request. The CRTC was very clear on this subject: an email requesting consent is a commercial electronic message and can not be sent without prior consent! 

What to do about leased or purchased lists?

The CRTC argued that when you obtain lists from a third party, you must verify that your supplier has obtained the appropriate consent for each contact. This includes consent for the type of communication (medium & content) one can send to an individual.

The CRTC clarified that in order to discharge your liability you must demonstrate that you’ve taken action to verify the legality of the consents obtained by your supplier. Otherwise, or if the CRTC deems that your actions are insufficient, you will be held responsible.

This practice also applies to directories. Before using the information from a repertory, you must verify that you have the right to do so and that the publisher of the directory obtained the proper consents. Otherwise, you will be held responsible.

Can agencies, ESPs and CRM suppliers be held responsible?

The CRTC has explained, in reference to the responsibility of agencies and technology platforms, that if the suppliers are involved in the content of the message, they may be held jointly liable for violations of Canada’s Anti-Spam Legislation.

For example, this applies to agencies that write copy and design emails (and other electronic messages) for their clients, as well as ESPs and CRMs that offer dynamic content customization or dynamic segmentation.

We’ll be consulting with our partner lawyers shortly for more information. Stay tuned for a detailed article on this subject.

Polls & Surveys

With regards to emails inviting individuals to participate in a poll, if the survey is just a study, it does not fall within the definition of a commercial electronic message and therefore does not require prior consent.

However, if the poll or survey refers to a product or promotes it, even subtly, it must meet all the requirements of CASL.

A good rule of thumb is to ask yourself if the individual who completes the survey can guess the name of the company or brand. If so, your survey is likely to be in violation of the law.

SMS and MMS messages

Although there are less commercial text messages sent in Canada than in other countries, consumer complaints about them are on the rise and these messages are in the CRTC’s viewfinder.

The CRTC explained that if companies send text messages for commercial (not necessarily promotional) purposes, or plan to do so, they must ensure that their compliance program covers these types of messages.

ATT: If a person is not on the National Do Not Call List (NDNCL), this does not mean you have consent to send them text messages.

Whereas the NDNCL uses an opt-out procedure (a person has to contact them to be removed from their list), Canada’s Anti-Spam Law uses an opt-in principle (individuals must give you permission to be contacted).

Transactional messages

The CRTC has clarified that transactional messages such as the confirmation of a transaction, change of password, scheduled alert, etc.) are not considered a commercial electronic message, as long as it does not contain a commercial offer. Also, transactional messages can be sent even if the person has withdrawn their consent.

However, the CRTC has made it clear that these transactional messages must comply with all the provisions of CASL, including those articles referring to “mandatory information” and “unsubscribe mechanisms”.

Brands and parent companies

When the CRTC discussed this point during an IAB presentation, the crowd told them they were crazy. Take note: Any withdrawal of consent applies to the whole company by default (affiliates and parent companies included), and not the just the brand or business indicated in the unsubscribe form.

Let’s take Loblaws and Shopper’s Drug Mart as an example: if a consumer unsubscribes from the Loblaws supermarket newsletter, consent is automatically withdrawn from the entire company and not just from supermarket communications. If the consumer was subscribed to the Shopper’s Drug Mart newsletter at the time when they withdrew their consent to Loblaws, under the law, they should no longer receive Shopper’s Drug Mart newsletters.

The only way to manage this situation legally is to propose an unsubscribe form in which the consumer can choose the brands from which he or she wishes to remain subscribed to.

When the CRTC was told that this was a bit crazy, their response was “We don’t know how you operate, guys! So come and talk to us so that we can understand you better”.

In conclusion, the law is tricky. For those not who are not vigilant or proactive, they will eventually be heavily fined and required to complete their compliance program.

The solutions and compliance programs offered by Certimail, built in collaboration with researchers from the Faculty of Law at Université de Montréal, meet the new requirements of the CRTC.

If you already have a program set up by us, you have nothing to change. You’re covered.

If you don’t have a compliance program, our experts are at your disposal to assess your situation and can offer you an efficient and inexpensive program that meets the CRTC’s requirements.

 

CASL: First Fine To A Corporate Executive

/0 Comments/in , , /by

The CRTC announced that Ghassan Halazon has paid, as an individual, a fine of $10,000 to relieve himself of his responsibilities as CEO, in violations of the Canadian Anti-Spam Law (CASL) committed by the company he ran at the time. This is the first time a corporate executive has been fined, and there are several lessons to be learned.

Enforcement of CASL is toughening up

Several observers misinterpreted the government’s decision to postpone the right to civil and collective redress at the end of 2017, as a sign of easing of the application of CASL. This is not the situation and Halazon’s case demonstrates this.

The CRTC has always stated that the three transitory years that companies had to implement their compliance program was sufficient and that those who have not yet done so have no excuse. In fact, Steven Harroun, the CRTC’s Chief Compliance & Enforcement Officer, said at a recent conference:

Commercial electronic messages are the primary source of what prompts Canadians to report cases that require follow-up investigation — commercial email messages that you or your organisation may be responsible for sending. Email messages account for more than three-quarters of incidents reported to us.

(…) 

Every business should have a compliance program in place to help ensure each commercial message or telemarketing call is compliant. If your practices are ever called into question, a thorough compliance program can help you in a due diligence defence.

(…)

But let me be clear, CASL and Unsolicited Telemarketing Rules are not new. And ignorance is not a defence.

Look at it this way—if I do a U-turn on the 401 and my defence to the police officer who pulls me over is that I did not know I couldn’t make a U-turn, I’m still getting the ticket.

The same applies if violations under these laws have been determined. There will be consequences, which could include administrative monetary penalties and the obligation to implement compliance programs. At best. And, at worst, public shaming that will keep your public relations department busy for a long time.

The message is clear, very quickly, several penalties a year will jump to several fines per month, as was the case with the National DNCL, another organisation regulated by the CRTC.

Why was Mr. Halazon fined?

In 2009, Mr. Halazon founded Cough Commerce, the company that launched TeamBuy.ca in 2010 and bought Dealfind.ca in 2013. Unfortunately, the merger wasn’t successful, and the company had to file for bankruptcy protection on August 29, 2014. Halazon’s business was then bought on September 24, 2014, by nCrowd, an American company specialising in bundle purchases.

Nevertheless, according to the CRTC, between July 2 and September 9, 2014, TeamBuy violated CASL, by sending several emails with a withdrawal mechanism that was not functioning well or was too complicated. Ghassan Halazon being at the time CEO of the company was found personally responsible under section 31 of the Act, which states that:

Directors, officers, etc., of corporations

31 An officer, director, agent or mandatary of a corporation that commits a violation is liable for the violation if they directed, authorised, assented to, acquiesced in or participated in the commission of the violation, whether or not the corporation is proceeded against.

C-level, directors, managers, administrators are all personally liable

Section 31, on which Halazon’s fine is based, is one of the many provisions of CASL that few people know about nor is it discussed by the media. It’s unfortunate, because corporate protection under this section is removed, and thus makes individuals such as directors, managers, administrators, etc. personally responsible for CASL violations.

The CRTC’s Chief Compliance and Enforcement Officer has made this clear in a recent statement:

Receipt of commercial emails is the primary source of complaints from Canadians who report cases requiring follow-up investigations, and you or your organisation may be held responsible for sending these commercial emails. 

The CRTC’s adamant actions…

Canada’s Anti-Spam Legislation came into force on July 1, 2014, and TeamBuy went bankrupt two months later. Yet, the CRTC investigated this case, for almost three years, for emails sent over a very short period. This unyielding behaviour runs counter to much of the CRTC’s reassuring PR speeches. What their actions do seem to mean is that:

  • That the notion of transition period is not taken into consideration and that the CRTC expects companies to have been compliant since July 2, 2014,
  • Their enforcement is not solely for the goal of compliance, but for punishment,
  • Everyone, at any time, past or present, is at risk of being fined.

Another surprising move by the CRTC

It is also surprising to note that while the case file was concluded on June 12, 2017, the CRTC waited until Friday afternoon to publish this news on its website, and this without issuing a press release − an approach often used in politics to make sure journalists don’t talk about it. 

Are you insured?

More and more organisations are now taking out liability insurances, commonly referred to as an Errors & Omissions insurance (E&O) to protect their employees. A common practice with NGOs to protect volunteers, but that is now becoming more standard practice for private businesses, in light of CASL.

N.B.: Savvy insurance companies are starting to exclude CASL from their policies if the company can not demonstrate that it has implemented a complete compliance program.

In conclusion

Each decision made and conference given by the CRTC sheds a little more light on their approach regarding investigations and fines. Regardless, the words of the CRTC’s Chief Compliance and Enforcement Officer must be taken seriously:

Each company should have a compliance program to help ensure that every commercial or telemarketing message is compliant. If your practices are challenged one day, a comprehensive compliance program can help you establish a due diligence defence.

Now then, considering that the emails you, your company and your employees sent, or send today can haunt you in the future, it’s more important than ever to protect yourself and to implement a compliance program. Speak with one of our experts for free.

 

CASL Compliance: How badly informed are Canadian and QC firms?

/0 Comments/in , /by

Seven years after its approval by Parliament and three years after it came into force, a Canada-wide survey shows that businesses, small and large, are still confused about CASL compliance, the types of messages it regulates, and the means to protect oneself from fines and lawsuits.

Canadian companies

The study, which was conducted recently by the Direct Marketing Association of Canada (DMAC) and law firm Fasken Martineau DuMoulin LLP, surveyed over 200 individuals directly responsible for CASL compliance of their organisation. Here are some of the highlights from the study:

  • 64% didn’t understand how to make their message CASL compliant beyond consent and an unsubscribe link
  • 46% were unaware that an organisation could be ordered to pay damages
  • 40% of them didn’t know that they can be held personally liable
  • 64% stated that their organisation did not (or didn’t know if their organisation had) a formal compliance policy
  • 63% believed that employees and staff don’t require CASL compliance training
  • 60% indicated that their company never performed a compliance audit

This is quite disconcerting, especially considering that the last 3 points are items required by the CRTC, to be able to defend oneself, should you face an investigation or prosecution.

No better for Quebec SMBs

Although this study was conducted amongst medium to large business in English Canada, a similar study was just recently published surveying Quebec SMBs.

  • Less than 5% of Quebec SMBs comply with CASL
  • More than 75% were unaware that companies could be fined, even if they have explicit consent
  • Only 35% knew that from July 1st, 2017 onwards, companies will be subject to civil or collective redress
  • 40% were surprised to learn that SMBs, as well as individuals, can face the same charges as large companies
  • 38% didn’t know that many QC companies have already been investigated and received fines
  • 1 out of 4 were unaware that CASL regulates individual emails, as well as text and social media messages

The CRTC’s shortcomings

Although the CRTC enforces CASL, informing and educating businesses is their greatest shortcoming. An article exists to help companies defend themselves, but it must meet the CRTC’s eight required categories. However, finding these requirements on an official website is very difficult.

The regulatory body does give presentations, but for the moment, it is almost exclusively to large law firms in Toronto. Unfortunately, 97% of Canadian companies are small businesses that can’t afford to do business with these big firms.

What can you do for yourself?

Canadian law states that “no one is supposed to ignore the law“.

A compliance program is also the only way to protect you and your business, and your employees, from tens or even hundreds of thousands of dollars in fines and legal fees.

So what do you do? You don’t want to stop your email marketing activities because it’s the top digital performer when it comes to ROI. We’ve done the calculations and penny for penny, all things considered, even a small investment in a compliance program is better than no investment at all.

 

 

1M Complaints: Insights into the CRTC’s investigation process

/0 Comments/in , /by

In the last 36 months, the CRTC received just over 922 262 complaints under CASL, representing more than 300,000 complaints a year! Demonstrating, that many Canadians support this legislation, and increasing continue to do so.

 

Près d'un million de plaintes pour la Loi Canadienne anti-pourriel

 

As the chart above shows, the daily volume of complaints has been growing steadily for over a year, exceeding 1,000 complaints per day since October 2016.

Mainly email, but text and instant message complaints are fast on the rise

According to the CRTC, email accounts for roughly two-thirds of complaints and SMS a good third. On the other hand, while the number of accusations about non-compliant emails has decreased by almost 10% in the past year, SMS denunciations have more than doubled. Additionally, although they represent only a tiny fraction of the total, instant message complaints are also growing.

Consent issues represent approximately two-thirds of the complaints received, but their growth is lower than for content or misleading subject claims that have increased by 60% over the past year. This suggests that the Competition Bureau, which handles these types of complaints, will continue to distribute heavy fines like it’s it’s done so with Budget, Avis and Amazon.

How cases are selected

In a presentation to IAB Canada in Spring 2017, the CRTC has stated that considering the international scope of spam, it has already entered into collaborative arrangements with the authorities of a dozen countries, including the United States, the United Kingdom, Australia, and the Netherlands.

These agreements are bilateral, meaning that the authorities exchange information with each other to initiate investigations, to investigate them further, or to prosecute and punish the perpetrators.

 

 

Although the CRTC didn’t share the criteria on which it relied to prompt past cases, they did explain that their investigations are triggered, not only by the data provided by their international and industry partners but also by the messages and information they receive at specific addresses on different websites. Commonly referred to as “Honeypots”.

What happens next?

When the CRTC conducts an inquiry, one of the first things it does, more often than not, is to send the company a request for information to be supported by the appropriate documentation. For example, in the context of “consent”, the CRTC will require the company to provide proof of consent of all persons to whom the company has sent emails to, for a particular period. This includes:

  • The type of consent (explicit or implied)
  • The date of consent
  • The information held on the person
  • A CSV file with the justificatory pieces for each consent
  • The company’s privacy policy
  • Database management guidelines for contacts
  • Electronic communication policies
  • Screenshots of subscription forms
  • etc.

Incontestably, documentation is crucial, yet it’s one of the least known aspects of Canada’s Anti-Spam Law. Without it, you are quite sure to be found guilty.

When you get a notice of violation…

When the CRTC has completed its investigation, it sends a notice of violation. The company then has 30 days to negotiate a voluntary commitment agreement.

A voluntary undertaking is not an admission of guilt, but rather is a negotiated settlement that includes an immediate payment as well as a commitment to take a series of steps to correct the alleged violations.  This includes establishing a comprehensive compliance program and implementing it.

To negotiate the terms of the voluntary agreement, you will need to document the steps you took to comply with CASL and to demonstrate your financial limitations. (It goes without saying that it is dangerous to conduct such negotiations without the support of an—expensive—lawyer specialised and experienced in negotiations with the CRTC.)

If you refuse to sign a voluntary agreement, you’ll receive a much bigger penalty, one that can be contested in the Court of Appeal, if you have the financial means to do so. That’s why, so far, all but one offender, CompuFinder, have committed to settlements and immediately paid the amounts negotiated with the CRTC.

The CRTC revealed that they don’t have a grid to determine penalty amounts. Primarily because of 1) the complexity of CASL, 2) the criteria relevant to each case, and 3) the need to be flexible enough to ensure that the fines are sufficiently dissuasive to be effective without putting companies into bankruptcy.

Les amendes infligées par le CRTC en vertu de la Loi Canadienne anti-pourrielSome of the  fines imposed by the CRTC under CASL

The compliance program is a requirement

The compliance program imposed in the voluntary commitment agreement is, according to the CRTC, the centrepiece of ensuring that a company no longer violates the Canada’s Anti-Spam Law.

In fact, for the CRTC, fines and voluntary commitments are in essence a means of encouraging ALL BUSINESSES to develop a compliance program that complies with its requirements.

(By the way, you’ll have greater peace of mind and save money if you implement a compliance program with Certimail, before any possible investigation than under the direct supervision of the CRTC.)

Worried about being investigated?

For people who have hidden a part of their wealth in a tax haven, but confess it to the tax authorities before the situation gets discovered, their chances of paying a fine or being penalised are minimal. The CRTC offers a similar opportunity under Canada’s Anti-Spam Legislation.

If you suddenly realise that your business has violated Canada’s Anti-Spam Legislation, you can contact the CRTC as part of its “voluntary disclosure” process.

Although the CRTC doesn’t guarantee that you won’t have a penalty to pay, it promises to be gentle in the handling your file. It will advise you on the best ways to permanently correct your situation with the mandatory compliance program.

The only requirement imposed by the CRTC is that you identify ALL the violations in your original statement. This implies that you must conduct a thorough audit to determine all breaches of compliance.

**Any violation discovered during the voluntary disclosure that was not reported in the original statement will be excluded from the declaration and sanctioned as if it had been found during a typical investigation.**

July 1st has come and gone, an audit and voluntary disclosure are the very minimums of protection. Ultimately though, a compliance program is mandatory and is your best protection.

 

CASL: The 6 most common mistakes you weren’t aware of

/0 Comments/in , /by

Most companies believe that they already comply with CASL. But, of the majority of businesses we’ve met, they are in fact, not compliant, simply because they aren’t aware of the complexities and details of this law. Unfortunately, this ignorance is already costing companies and employees, heavily.

Of the approximately 100 compliance rules and items we validate for our clients, we’ve identified the 6 most common mistakes and how to resolve them. Check and see if your company’s compliance level is what you believe it to be.

N.B.: This is not a substitute for a compliance program as required by the CRTC, but is an easy way to assess whether your business is as compliant as you think it is. A full compliance program, which meets the CRTC’s eight required categories, is the only way to truly protect yourself from costly penalties and prosecution. Section 33 (1) of the Act states that “No person shall be held liable for a violation if they prove that they have taken all reasonable precautions to prevent its commission”.

Mistake #1: No unsubscribe mechanism in individual emails

While most companies ensure that they have an unsubscribe link in their newsletters, there is very little compliance with this requirement for their individual emails.

Simply put, CASL makes no distinction between a promotional newsletter sent to thousands of people and an email sent from one employee to another person. In both cases, these are “commercial electronic messages”, and the Act requires that each message includes mandatory information and a mechanism for unsubscribing.

Solution:

Make sure that your business email signatures and all of your employees’ email signatures include a statement indicating how one can withdrawal from your business’ communications.

For example:

If you receive an email from an employee at Deloitte Canada, you’ll note that their signatures always include the following statement: “If you do not wish to receive future Deloitte business emails, please send this email to ‘[email protected]‘. Similarly, at Certimail, my colleagues and I consistently include in our email signatures the following sentence, “If you no longer wish to receive commercial messages from Certimail, please indicate this by replying to this message”. Voilà. It’s as simple as that.

Mistake #2: Misworded newsletter sign-up forms

As per Canada’s Anti-Spam Legislation, the concept of consent is not equivocal; it is explicit. That is to say, the wording of consent given determines what one has the right to send and receive.

This means then if your subscription form refers to newsletters, consent, therefore, applies to newsletters and no other type of commercial email or communication. For example, this means that one or a series of emails from sales (news about promos, blog articles, “I think you might find this useful”, etc.) are in violation of the law, and risk fines.

Solution:
Check the wording on ALL your consent forms, so that they don’t limit your electronic communications, by using broader text, as illustrated in the example below.

For example:

On the left, taken from our website, consent is requested for advice and promotions for all electronic communications (see the form for yourself, and don’t be shy to sign up to stay informed of the law). On the right, consent is limited to newsletters, forcing a company to request permission again for other types of electronic messages.

Good and bad newsletter sign-ups

Good and bad newsletter sign-ups

Mistake #3: Records of ALL email communications are not kept

Many SMBs typically erase emails from their inboxes as soon as the content is no longer needed, useful, or relevant. People typically do this to free their attention span, and consequently, disk space.

Such a practice is dangerous under the Canada’s Anti-Spam Legislation. The CRTC requires that businesses retain the text of all their commercial emails should an investigation arise. Without these records, you have no way of defending yourself.

Solution:
Implement an email protocol to automatically archive messages on a server (IMAP or Exchange) or manually archive messages to folders instead of deleting them.

Mistake #4: Proof and records of consent are not kept

When under investigation by the CRTC, many SMBs justify themselves with the following: “We only send our newsletters to those who have registered on our website“.

In a notice published in July 2016, the CRTC states that a company claiming to have obtained consent for the sending of a commercial electronic message must provide proof of that consent and must retain all evidence of such consent (such as, but not limited to, completed forms, audio recordings, etc.).

Most US platforms such as MailChimp, Campaign Monitor, SalesForce, etc. don’t keep records of consent.

When a person, who once gave you consent in the past, makes changes to his or her profile, that new information replaces the original data. In the event of an investigation, you will not be able to provide proof that you once had that individual’s consent.

Solution 1:

Consider using a Canadian ESP, such as Cyberimpact or Cakemail. They are optimised for CASL and automatically archive and keep records of consent.

Solution 2:

Archive all your data by implementing an automatic or manual daily export of all the information and activity regarding your sendout lists. 

Mistake #5: Copies of forms and their version histories are not kept

Some SMBs do their due diligence and retain consent data provided through form submissions, such as the date, time and IP address of the user. Unfortunately, this information is not enough to prove consent.

Remember, consent must be explicit and not equivocal. You must, therefore, be able to provide proof that the information displayed on the form, that the user completed, was explicit. Considering the investigation process, if and when the CRTC contacts you, the chances are strong that your website has undergone a redesign or changes, and a form from a year ago is not the same as it is today.

Solution 1:

Consider using a Canadian ESP, one that automatically archives copies of forms.

Solution 2:
Take a screen shot with a time stamp of each of your consent forms every time you change or update your website or forms.

Mistake #6: No written compliance policy

While you may take all necessary measures to comply, you are never entirely immune to the error of an employee, subcontractor or technical problem that may put you in a violation of the law.

Fortunately, section 33.1 of Canada’s Anti-Spam Law provides some support and “defence” for businesses that have demonstrated good governance; though only if you have taken all the necessary measures to be compliant. The CRTC has stated that these measures must include a formal compliance program that meets eight specific requirements. One of these requirements is to have a written compliance policy that employees know and respect. Failure to do so will result in disciplinary action.

Solution:
Write your CASL policy following a full risk audit and analysis, and make sure your employees understand and apply it.

Running a business without having a written CASL policy like riding a motorcycle without a helmet: “It’s safe as long as there’s no accident”

What’s your score?

If you’re already aware of and make none of these mistakes, then bravo! You are one of the very few companies that do their due diligence. But there are over 100 rules to respect, so formalising your compliance program should be quick and inexpensive if you haven’t already done so. It would be a shame to be so savvy, yet fined for one of the 100 rules and regulations.

If you’ve found that some of these 6 mistakes apply to your business, it’s proof that you’re not compliant. July 1st has passed, and fines and class actions are multiplying. There are over 100 rules to respect, so now is the time to set up your compliance program to protect yourself, your employees, and your business.

We’re here to assess your situation, and to provide you with an inexpensive yet highly effective way, to set up a compliance program, which meets the CRTC’s requirements.

We know and understand that businesses don’t always have the cash or want to make the time to set up a program immediately, but our solutions are specially adapted to the reality of independent workers, small businesses to medium ones.

 

IMPORTANT: CASL is NOT just an anti-spam law!

/0 Comments/in /by

Combining the term “CASL” along with “Anti-Spam” when talking about email marketing, has created significant confusion affecting many businesses and organisations.

In practice, true anti-spam legislation would only affect activities considered spam (i.e., mass mailings of promotional content). CASL regulates, not just mass mailings but ANY electronic message sent in a commercial context, regardless of the number of recipients and the presence, or absence, of promotional content.

CASL’s official definition

“CASL” is not another term to represent “anti-spam. The Canadian Anti-Spam Legislation is defined as follows: “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act” (S.C. 2010, c. 23).

This definition explains that the purpose of the Act is to promote the development of e-businesses in a context of consumer confidence.

The act as defined automatically amends and modifies four important pieces of legislation − 1) the Canadian Radio-television and Telecommunications Commission Act, 2) the Competition Act, 3) the Personal Information Protection and Electronic Documents Act and 4) the Telecommunications Act.

CASL governs ALL your business emails

Since the act’s passing, studies have shown that Canadians are receiving less spam. In addition, because of renewed consumer confidence, open and click-through rates are on the rise again.

Unfortunately, though, too many companies have, wrongly, reduced their email marketing activities to avoid fines and prosecution. Even if you don’t send any newsletters or email promotions, you are still at risk of violating the Act and can face fines or even a lawsuit. This is because CASL applies to, and is in place to regulate, ALL electronic messages sent in a commercial context, not just promotional emails. This includes single emails that employees send throughout the day to potential clients, partners, and associates. As well as, newsletters, text messages, social media messages, etc.

Often when we discuss CASL with business owners or marketers, they’ll spontaneously list the steps they’ve taken to make their newsletters compliant. One has set up a subscription form; another uses an email platform to have an automatic “unsubscribe” link at the bottom of their newsletters. But when we ask them what they’ve done, so that the commercial emails that their employees send throughout the day are also compliant, they are confused and have no answers. Unless you are an NGO or political party, you can assume that 99% of all the messages that are sent by your business and employees are regulated by CASL.

One hundred rules that each message must respect

There are in fact 100 rules that ALL electronic messages (email, newsletters, text and social media messages, etc.) must comply with. Items include prior consent, the message’s content, sender identification, withdrawal mechanism rather than its presentation, etc.

For example, some companies are aware that their individual emails must also comply with CASL. However, they only think about consent requirements and completely forget, or are simply not aware, that these emails also require a withdrawal mechanism (ex.: “If you do not want to receive commercial messages from our company, please let us know by replying to this message“). If such a withdrawal mechanism is not indicated and included, then your emails violate the act.

Canada’s Anti-Spam Legislation is so complicated, and at times vague, that it’s almost impossible to be totally compliant. However, if you follow rigorous steps to be compliant and set-up a program, you will most likely avoid fines and prosecution. Consider it like a protection program or a license to communicate electronically.

How to protect yourself against fines and trials

Given the complexity of the Act, Parliament has provided a defence to protect honest businesses if they’ve done their due diligence.

Section 33 (1) of the Act states that No person shall be held liable for a violation if they prove that they have taken all reasonable precautions to prevent its commission”.

This implies that if a company can demonstrate that it has taken the appropriate actions to comply with the Act, they can not receive a fine or be convicted in a trial if the company or employees accidentally violate the Act.

ATTENTION THOUGH: The CRTC has defined that “proper precautions” means putting in place a documented compliance program that meets eight required categories.

Such a compliance program involves verifying the company’s practices and then implementing a written policy and ensuring that all employees respect it on a daily basis in their electronic communications.

The advantage is that as long as the company is in good faith and enforces its policy and compliance mechanisms, this program becomes a license that protects it from fines and lawsuits if ever it accidentally violates the Act.

Now that July 1st, 2017 has passed, the only way to protect yourself from CASL is to quickly implement a compliance program that meets the CRTC’s eight required categories.

 

 

 

 

Amazon complies but is still fined $1,1M!

/0 Comments/in , , , /by

Amazon’s emails complied with three essential principles of the Anti-Spam Act:

  1. Amazon sent messages only to those with whom it had consent,
  2. Each email contained a straightforward and efficient unsubscribe mechanism,
  3. Information to identify and contact the business (company name, mailing address and phone) was indicated.

So, why did Amazon agreed to pay a penalty of $1 million and the sum of $100,000 for certain investigative expenses incurred by a government regulator?

The devil is in the details

Although Amazon complied with the three top items of Canada’s Anti-Spam Law, there are still 53 pages of details and guidelines in the Act. In fact, after analysing the Act with marketing communications specialists and researchers at Université de Montréal’s Faculty of Law over the course of several months, we’ve identified more than 150 compliance risks for businesses.

For example, 99% of emails sent by a business are commercial, so they must comply with the Anti-Spam Act. This includes individual business emails. Do your emails have an unsubscribe mechanism? Your newsletters I’m sure do, but probably not your individual ones. Yet, it’s mandatory.

Canada’s Anti-Spam Law applies to four pieces of Legislation

The act is defined as follows: “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the 1) Canadian Radio-television and Telecommunications Commission Act, 2) the Competition Act, 3) the Personal Information Protection and Electronic Documents Act and 4) the Telecommunications Act” (S.C. 2010, c. 23).

Many SMBs are simply not aware of the reach of this legislation. It’s not just an anti-spam act; it’s a true code of “electronic” conduct for businesses. Additionally, journalists and commentators, regularly talk about the CRTC’s role in enforcing this act, but often omit the Competition Bureau’s (and other regulatory bodies’) involvement.

For example, if you violate one of the Competition Bureau’s articles through an email communication, you will be fined, and heavily. Note carefully; fines can reach up to $10 million when a violation is done via email.

The case of Amazon

Canada’s Competition Bureau stated, “With the adoption of Canada’s Anti‑Spam Legislation, provisions were added to the Competition Act to provide additional tools for addressing false or misleading representations in all forms of electronic messages. The Bureau’s investigation into Amazon’s price advertising was made per these provisions.”

So, because Amazon was promoting prices, by referring to savings in relationship to list prices, they were fined.

Amazon complies but is still fined $1,1 MIL!

Amazon complies but is still fined $1,1M for misleading pricing.

As indicated by the Competition Bureau, “Amazon often compared its prices to a regular price—or “List Price”— signaling attractive savings to consumers. The Bureau’s investigation concluded that these claims created the impression that prices for items offered on www.amazon.ca were lower than prevailing market prices. The Bureau determined that Amazon relied on its suppliers to provide list prices without verifying that those prices were accurate.

Although it’s primarily on Amazon.ca that these type of promotions are found, the Competition Bureau was able to convict Amazon because the company had communicated these promotions by email.

Not a first for the Competition Bureau

The case of Amazon is not the Competition Bureau’s first fine under CASL. They’ve already gone after car rental companies Avis and Budget for hiding certain mandatory fees in posted promotional pricing.

Additionally, the Competition Bureau said that it’s been documenting these situations since 2009 and fighting for years to prevent these types of practices. But it was only with the arrival of CASL that it finally had the means to do so.

The case of Avis and Budget pending before the Competition Tribunal was settled by the companies’ consent to pay $3M in fines and $250,000 in compensation to the Bureau. 

The mandatory compliance program is your only real protection

As these examples here illustrate, it’s almost impossible to be confident that you’ll never violate CASL, especially since many details of the Act are very vague and will only be clarified by actual cases in years to come.

It’s for this particularity that Parliament has provided in the Act a means to protect ones-self: if a business (or individual) can demonstrate that it has acted diligently to comply with the Act, it will be immune from sanctions. To “act diligently” means to have a compliance program that meets the CRTC’s eight requirements.