Posts

Tech Change Costs Porter $150,000 In CASL Fines

/0 Comments/in , , /by

Porter Airlines is the latest company to face the wrath of the CRTC with a fine of $150,000 for failing to Canada’s Anti-spam Legislation (CASL).

Manon Bombardier, CRTC’s Chief Compliance and Enforcement Officer, emphasised Porter’s collaboration:

“We appreciate that Porter Airlines took corrective action once it became aware of our investigation. The company has voluntarily entered into an undertaking and committed to comply with Canada’s Anti-Spam Law.”

Even though Porter seemed to be acting in good faith, they still agreed to comply and pay without contesting the decision. Moreover, the airline publicly admitted its fault and explained that it was mainly related to a change of technology for the sendout of some of its emails.

This penalty against Porter Airlines demonstrates how high the chances are of paying a fine, even if you are acting in good faith and believe you are compliant.

CRTC spokesperson Manon Bombardier was very clear about the risks:

“Some businesses are under the mistaken impression that they are compliant with the law by relying on general business practices or policies as proof of consent for the majority of the electronic addresses to which they send their commercial emails. This is simply not the case.”

The CRTC identified many issues in Porter’s case but noted that it wasn’t at fault in all their sendouts. Only a limited number of emails were problematic. The issues were:

  • General lack of information on how to stop receiving commercial messages
  • Unclear unsubscribe mechanisms
  • Lack of proper contact information
  • Unsubscribe requests not fulfilled within the 10-day grace period
  • Inability to provide proof of consent

The CRTC news release didn’t mention if these problems were limited to general emails, newsletter, transactional email of emails sent by individuals to Porter customers.

All in all, if Porter Airlines had followed the CRTC’s recommendations, when CASL came into effect, by conducting an audit of its procedures and implementing a clear compliance policy for its employees, it could have demonstrated due diligence, and avoided this hefty fine, despite the problems caused by its change of systems.

Regarding your own business, the time to act is now. At the very minimum, perform an audit. Followed by the implementation a compliance program that covers CASL’s 100+ rules and regulations.

 

SMB Plenty of Fish to pay $48K for a form!

/0 Comments/in , , /by

In no less than three weeks after issuing its first fine, the CRTC announced that PlentyOfFish Media Inc., a Vancouver SMB, has also been fined under Canada’s Anti-Spam Act.

PlentyOfFish Media Inc. is a 75-employee Vancouver-based company that manages the popular free dating site Plenty of Fish, a destination with over 90M users.

Consent was not an issue

The facts compiled by the CRTC cover the period from July 1, 2014 (when CASL first came into effect) to October 8, 2014 (when the CRTC informed the company that it was subject to an investigation).

Over this period, the CRTC criticised Plentyoffish Media for not having a clear enough unsubscribe link and a form too complex to complete the process.

N.B.:  The complaints received by the CRTC concerned emails sent to registered members of the site, and therefore to persons who had given their consent to receive them. So, consent was never an issue.

This fine is a case in point that even with consent as well as an unsubscribe link and form; businesses can still pay fines. One must be diligent. And PlentyOfFish showed their diligence by immediately paying their $48,000 fine and correcting the problem.

The CRTC makes its point clear

By giving a relatively small fine compared to the $1.1M one imposed at the beginning of the month to Compu-Finder, the CRTC is showing that it understands CASL, how to enforce it, and adjusts their fines based on the situation at hand.

It’s clear though, acting blindly in goodwill is not enough to avoid penalties.

In fact, as the CRTC stated in an Information Bulletin, that the only way to protect yourself against fines is to conduct a complete audit of your company and have a compliance policy which corrects those weaknesses identified by the audit.

If Plentyoffish had taken such action with Certimail or a consultant, they wouldn’t have had to pay this penalty and endure the bad-press that came with it.

And now what about you? Have you done an audit set up your program to avoid this kind of situation?

Even With Consent Avis & Budget To Pay $3M

/0 Comments/in , , /by

(Update March 23, 2017) In a joint agreement before the Competition Tribunal, the Avis Budget Group (ABG) agreed to pay a $3 million penalty along with a $250,000 fee. Let’s also add the lawyers’ expenses on top of this, which has probably been very costly for ABG considering how long these parties have been fighting it out in court.

—–

The Competition Bureau, issued a news release, stating that under the Canadian Anti-Spam Act (CASL), it is asking the Competition Tribunal to impose $10 million fines (each) to the Avis Budget Group, and its two subsidiaries Aviscar and Budgetcar, in addition to forcing them to reimburse consumers fines of up to $35 million. These fines are the first to be imposed by the Competition Bureau under CASL. 

Consent was not an issue

While most journalists and observers have emphasised the importance of consent when referring to CASL, this exemplary penalty demonstrates the complexity and reach of Canada’s Anti-Spam Law. The Competition Bureau asked the Competition Tribunal to impose the maximum amount allowed by law to each of the three companies, not because of a problem of consent, but because of misleading promotional content in their emails.

It should be noted that the Canadian Anti-Spam Legislation goes much further than prohibiting spam. The Act contains 70 different rules for each commercial electronic message sent. Furthermore, it also amends the Competition Act by allowing the Competition Bureau to issue fines under CASL when a company violates Section 74.011 of the Competition Act.

And so this is the basis for the case of the Avis Budget Group violation. The Competition Bureau believes that the promotions advertised by the group were misleading because the listed prices were 35% lower than the actual price the consumer paid.

In its Notice of Application, the Competition Bureau examined the promotions in their various formats, from websites to mobile applications to radio and print advertisements. But it was because these promotions were also sent by email, that fines of $10M could be imposed plus $35M to consumers that had been wronged.

The importance of carrying out a complete compliance audit

Many companies and industry observers erroneously believe that Canada’s Anti-Spam Law only imposes obligations regarding consent. The CRTC itself contributes to this false perception through its Business FAQs (How can businesses ensure they are in full compliance with CASL?)

This false perception is what led to the flurry of emails around July 1st, 2014 requesting consumers for their consent (an action that was completely unnecessary for businesses and in certain cases illegal).

CASL is complicated, there are many rules a commercial electronic message must adhere to, and some of the regulations can be unclear at times due to weak jurisprudence. The best way to protect your business is to conduct a comprehensive compliance audit (you are required to do so to be compliant according to the CRTC) and to implement a compliance policy that corrects any weaknesses identified during the audit.

This is what the CRTC recommends for all businesses that want to avoid penalties.

CASL’s First Fine: QC SMB Compu-Finder $1,1M!

/0 Comments/in , , /by

According to a press release issued by the CRTC, it’s Morin-Heights’ SMB 3510395 Canada Inc. a.k.a Compu-Finder who received CASL’s very first notice of violation. And appropriately, this notice came with a fine of no less than $ 1,100,000!

For those covering and concerned with Canada’s Anti-Spam Law, many weren’t expecting this first penalty to be issued so soon. Many also suspected that the CRTC would choose a large, robust business as its first target. So when the CRTC announced that its first fine was to be issued to a Quebec SMB, for $1,1 million, everyone was caught by surprise.

Compu-Finder, operating under several business names including Academie de Gestion and ACF Management, is a company of about fifteen employees offering training courses for businesses and individuals. Their methods to recruit clients has always been controversial, so this first fine sets an excellent example.

Never-ending harassment

Compu-Finder’s never-ending harassment to executives across the country used methods similar to that of the most sophisticated Russian spammers. Even Certimail’s CEO suffered their endless flurry of emails and tried unsuccessfully several times to unsubscribe himself from their lists. He:

  • Used their unsubscribe form,
  • Sent emails asking for the removal of his address from their lists,
  • Even called on their 800 line.

The promises that his address would be removed from their list were only lies as he continued to receive their spam, like the tens of thousands of other SMB executives.

The CRTC mentioned that Compu-Finder was the subject of 26% of the 245,000 complaints they received from across Canada since CASL came into effect.

The fact that a Quebec SMB was able to generate more than 63,000 complaints in only a few months is indicative of the level of harassment they inflicted on the community.

Compu-Finder’s bad practices were common knowledge

For years now, the media has denounced Compu-Finder’s malicious practices. In 2008, Nelson Dumais, columnist of La Presse wrote an article on their underhanded methods, then in 2010 interviewed a former employee confirming the company’s culture of unethical practices.

In 2011, in their monthly magazine, consumer protection organisation Protégez-vous used Compu-Finder as an example to illustrate the relevancy of CASL.

The company was also known in the late 1990s for bad marketing practices, by saturating corporate fax machines with spam.

A lesson for all

When going through PIPEDA Report of Findings of the Investigation into the personal information handling practices of “Compu-Finder”, it’s quite clear that company owners, Sylvie Pagé and Alain Guyot were reckless in their marketing practices.

As a matter of fact, the Office of the Privacy Commissioner of Canada used the Compu-Finder case as an example of “how not to collect and use e-mail addresses”.

Let this be a good lesson and an example for all.