William Rapanos (a.k.a. Bill Rapanos) a businessman and marketer from Toronto now living in B.C., was fined $15,000 for sending 58 emails contravening Canada’s Anti-Spam Law between July and October 2014.
This case is a huge lesson regarding the severity with which the CRTC enforces this law. Consider yourself warned.
Quite simply, CASL applies to non-business owners
One of the many elements of the Canadian Anti-Spam Legislation but that is little known to the public, is the fact that this act applies to individuals. The legislator clearly indicated this by specifying in the Act that the maximum penalties under this law are $10M for corporations and $1M for individuals.
It wasn’t Rapanos’ company that received the fine, but he himself, making him the first Canadian to be fined as an individual for a violation of Canada’s Anti-Spam Law.
This is important because it confirms that you don’t have to be a business owner, to be subject to Canada’s Anti-Spam Law.
For example, take the situation of a person who sends an email to their contact list to announce the sale of their used car on Craiglist; this type of email is considered a commercial email. The person sending this email can face a fine and prosecution if they don’t meet the many requirements of the law. Yikes!
Your older messages can still come to haunt you
Rapanos’ offences were committed during July and October 2014. During this time CASL had just come into force, but it wasn’t until April 22, 2016, nearly two years later, that the CRTC sent him a “notice of violation”.
In fact, the anti-spam legislation stipulates that you can file a complaint, or initiate a lawsuit for damages, up to three years after receiving a non-compliant message.
However, the CRTC can go as far back as they want to (up to July 1st, 2014) to investigate you. They can go three, four, five, ten years in the past to inquire about a company’s practices, or you.
This means that if you don’t have a compliance program in place or have committed to a “voluntary disclosure”, you can be subjected to fines or lawsuits, even if you stop sending emails and other electronic messages.
Investigations are not decided on the number of emails sent or complaints received
The $15,000 fine Rapanos received concerned only 58 emails sent over a period of four months, not 58,000, not 580 but 58. That’s less than 15 per month!
So imagine the several hundreds of thousands of complaints among the thousands of companies reported to the CRTC.
Everyone is in the CRTC radar. For example, Vancouver start-up Pof Media (PM) had to pay a fine of $48,000, even if the CRTC only received 70 complaints amongst the millions of weekly emails sent to PM members.
This confirms what the CRTC has always said, “the number of complaints it receives is not an essential factor for initiating an investigation”.
No one is safe, and presumably, the CRTC is taking stern action to make sure everyone implements a compliance program.
If you try to hide, you will eventually be found
In its decision, the CRTC emphasised that it requested and obtained the following information during their investigation:
- Log files of the registrar who managed the addresses (DNS) of the website (firstunitedpartners.com) to which the emails pointed to
- IP addresses of the ISP used to register and administer the site, provided by Bell
- Telephone numbers used to register the domain name, provided by WIND and 7eleven Canada
Clearly, they are savvy in identifying and tracking offenders.
There is no presumption of innocence
It gets even more intense… The CRTC has confirmed that under the Administrative Monetary Penalties (AMP / SAP), the official name of its fines, the right to the presumption of innocence does not apply because its investigations are not “criminal proceedings”. Another little-known fact of Canada’s Anti-Spam Law amongst the majority of Canadians.
So remember, if you are the victim of an investigation, and challenge the decision before the Court of Appeal, you must provide proof of your innocence (and also bear the cost of an appeal).
The only defence that can be used is that of due diligence, which means that A) you have a compliance program that meets the CRTC’s eight requirements or B) you’ve submitted a “voluntary disclosure” along with the required comprehensive audit.