A recently announced 1.1 million dollar fine by the CRTC under the CASL (Canadian Anti Spam Legislation) shows that the legislation is to be taken serisly. IT World Canada reports that a Quebec based firm Compu-Finder has been hit with this penalty for blatantly disregarding CASL requirements even inspite of warnings that action would follow.
In its news release by the CRTC the Chief Compliance official says:
“Prior to the coming into force of the anti-spam law, the CRTC conducted numerous outreach initiatives to increase the awareness of businesses on the new requirements. Creating a secure online environment for Canadians is also the responsibility of industry. Despite the CRTC’s efforts, Compu-Finder flagrantly violated the basic principles of the law by continuing to send unsolicited commercial electronic messages after the law came into force to email addresses it found by scouring websites. Complaints submitted to the Spam Reporting Centre clearly indicate that consumers didn’t find Compu-Finder’s offerings relevant to them. By issuing this Notice of Violation, my goal is to encourage a change of behaviour on the part of Compu-Finder such that it adapts its business practices to the modern reality of electronic commerce and the requirements of the anti-spam law. We take violations to the law very seriously and expect businesses to be in compliance.”
Manon Bombardier, Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
Notice of the fine makes others take CASL seriously
With other legislation many companies have waited to take action until they see if the government is serious about enforcement. Up to now this has been the case for this legislation as well. Some companies took baby steps by emailing their lists asking for explicit permission to continue to contact the holders of email addresses on their list. Oddly, for a period of time these specific requests took on the shape of spam with many of the emails active people received being made up of a 'cleaning" campaign. Thankfully this process seems to have run its course with many companies operating under the provisions of having implied consent since since the names on their list had been collected under the normal course of business through networking, group acitvies and trade shows.
Under the legislation addresses obtained this way can be used for a period of time but eventually getting explicit permission for contact through a recorded approval is going to be necessary for any company to be comfortable they are in compliance.
Put the right components in your compliance plan
Businesses who wish to use electronic communications to promote their activities and to deal with potential clients and customers will need to put the right components into their plans as they develop their contact lists. The most critical ones include an explicit and easy unsubscribe process on all electronic promotions and an explicit recorded permission to use an email, SMS, or other electronic address for contact purposes. The one fairly large exception to all of this is for representatives of organizations with which you have an ongoing business relationship as long as the communication is within a reasonable time frame of when the relationship existed.
Example: I would interpret this to mean that if you worked with a real estate person for a transaction then they could continue to electronicly contact you for a couple of years after the transaction completed (assuming you only do one deal) but would need to delete you from their list eventually due to a no longer existing ongoing business relationship. Of course having an unsubscribe capability on all promotional electronic messages would also be needed so a person could delete themselves as they wish.
Clean up needs to be the order of the day
Given the announcement of this potential large fine any business that plans to use an electronic list for promotional purposes needs to take the steps to clean their list now. Interestingly, if you note in the quote above it was the lack of effort to become compliant that made the compliance officer act. It appears that if you are undertaking best efforts to become compliant the commission will give you some room to make it happen. Seems like a good effort can win the day and avoid problems if a complaint comes your way.