Last week the CRTC published an undertaking made by Kellogg Canada Inc. to pay a $60,000 fine after violating Canada’s anti-spam law (CASL). A third party sent promotional e-mail messages to recipients on behalf of Kellogg without their express or implied consent from October 1 to December 16, 2014.
In addition to paying the penalty, Kellogg has committed to reviewing its compliance program, including revising written policies and procedures, updating its training programs to address CASL obligations, tracking CASL complaints and their resolution, and updating its auditing mechanisms to assess compliance.
In a statement to ITBusiness.ca, Kellogg said, “We are aware and disappointed in our company’s alleged violation of Canada’s anti-spam legislation as it relates to commercial electronic messages sent by our third-party suppliers on behalf of Kellogg Canada in late 2014. … At Kellogg, consumers are at the heart of all we do, and we will continue to earn their trust and demonstrate a commitment to integrity and ethics each and every day.”
This is the fifth time a company has had to pay fines for CASL violations since the law came into force in July of 2014. Spam complaints have been flooding the CRTC since that time. In the context of undertakings, where the organization admits to the violation, cooperates with the CRTC and settles the issue by committing to fix/change their practices, penalties have ranged from around $50,000 to $200,000. Needless to say, the reputational costs associated with being publicly recognized as a ‘spammer’ is also worrisome.
Recently, PrivaTech posted a blog article on the guidance provided by the CRTC this past July, stressing the importance of maintaining records of consent. The message is loud and clear: Take CASL seriously. Organization must understand their obligations and take the necessary steps to implement a strong CASL compliance framework that employees and service providers can commit to following.
A CASL Compliance Program is Critical
For many organizations, there is still uncertainty about how exactly their practices need to change with respect to targeted outbound e-marketing initiatives. The fear of a CASL complaint, accompanied by a grueling CRTC investigation, has left some organizations paralyzed. With Canada having one of the strictest anti-spam laws in the world, hitting the SEND button may appear too risky. But CASL compliance is indeed doable. Many businesses rely heavily on their promotional e-campaigns, and they can continue to do so – CASL is not intended to impede marketing efforts. Compliance may seem onerous, but every organization can put an effective CASL compliance program in place.
Mistakes are costly and damaging so it’s critical to get this right. Join PRIVATECH in for a one-hour webinar as we take a practical look at the key steps for developing and implementing a CASL compliance program. With the business relationship transition period coming to an end on July 1, 2017, and the coming into force of the right to sue an organization for CASL violations, it is important to pay heed to lessons learned from the CRTC’s guidance and investigations, and put together a plan to address your organization’s CASL compliance gaps.