CRTC Demonstrates Small Businesses will Not Escape CASL Scrutiny

On March 9, 2017, the CRTC imposed a administrative monetary penalty (AMP) of $15,000 on an individual, William Rapanos, for sending commercial electronic messages (CEMs) advertising the design, printing and delivery of marketing flyers over a 3 month period, that:

  1. Did not identify the sender;
  2. Did not include information that enables the recipient to readily contact the sender;
  3. Were sent without prior consent from the recipients; and
  4. Did not always contain a functioning unsubscribe mechanism.

The five websites cited in the CEMs that were brought to the attention of the Spam Reporting Centre all redirected to a single domain, however the same domain protection service was being used by all to block registration information, indicating one sender. Mr. Rapanos first insisted that he had boarders living in his home who may have accessed his unsecured Wi-Fi connections to send the CEMs, and upon producing no evidence of their existence, claimed that perhaps someone unknown to him accessed his home Internet connection maliciously. Again, this claim was not supported by any indication of fraud or identity theft.

Monetary Penalty Analysis

Mr. Rapanos also objected to the amount of the AMP imposed by the CRTC, stating that he would not be able to pay it because he had never been employed for any significant amount of time due to health issues. Once again, Mr. Rapanos provided no supporting financial documentation supporting this objection.

The decision highlights the 10 CASL violations committed by Mr. Rapanos, and the CRTC felt that the AMP is appropriate because it is essentially the equivalent to $1500 per violation. This is well below the maximum allowable penalty of $1,000,000 per violation. The CRTC also found that a lack of cooperation with respect to its notice to produce, and a lack of an indicators of self-correction were relevant factors in determining the AMP.

Full Cooperation and Accountability are Critical

When CASL compliance obligations are not taken seriously, it is difficult to sway the Commission’s investigators into reducing a penalty. The difficulty the CRTC experienced in obtaining evidence in this case was unacceptable. Since the Compu-Finder spamming decision that highlighted a lack of cooperation with the CRTC’s investigative efforts, the CRTC has provided much guidance on the importance of good record keeping for due diligence, and the need to providing supporting documentation in the context of a CASL investigation. As we approach the end of CASL’s transition period on July 1, 2017, this case is a good reminder to small and large businesses alike that a sound understanding of CASL compliance responsibilities must become top priority.

For assistance with your CASL compliance initiatives or CASL record-keeping obligations, contact PRIVATECH. Or, visit our CASL Compliance Toolkit for useful templates for building a CASL Compliance Program, or our CASL E-Learning Course, available on a license-model.