CRTC

March 2019


Voluntary Undertaking To Resolve Spam Allegations

Blacklock’s Reporter allegedly sent CEMs without consent, without contact info, and without a valid unsubscribe mechanisms. Blacklock’s agreed implement a compliance program to ensure compliance with CASL, including:
• review of current compliance practices
• develop and implement policies and procedures
• track and resolve spam complaints
• implement audit measures for reporting the program’s progress to the CRTC

Given the size and scope of Blacklock’s business, the CRTC declined to issue a fine, so funds could instead be invested in the aforementioned compliance program.
https://crtc.gc.ca/eng/archive/2018/ut180928.htm
jbho: the brief summary doesn’t clarify whether the CEMs were email or text messages. But no matter, you still need to provide contact info and an easy way to unsubscribe.

By my count, this is CASL enforcement number 18.
https://jbho.blog/north-america/canada/casl-tracker/

 

$15,000 For Failing To Register As A Telemarketer

DZ Climatisation – $15,000 for failing to register as a telemarketer and pay subscriptions to the National DNCL. In addition to the fine, DZ Climatisation has agreed to implement a compliance program.
https://crtc.gc.ca/eng/archive/2019/vt190318.htm
jbho: yet another reminder of the procedural requirements.

 

December 2018

Vicarious Liability Under CASL

The CRTC has released guidelines clarifying what it means to aid and abet a CASL violation. The guidance states such a violation could occur through providing data, providing access to tools or equipment, or giving technical assistance or advice. Liability will be determined based on:
• level of control over the entity causing a violation
• degree of connection between the activity and a violation
• evidence of reasonable steps taken to avoid violations

The guidance provides three examples of potential violations involving obtaining personal information from third parties and bundling of consent. Specifically, it states that a pre-checked tick box is not valid consent for software downloads.
https://crtc.gc.ca/eng/archive/2018/2018-415.htm
jbho: A reminder to vet your service providers and perform due diligence to ensure that data is collected, used, shared, and retained in a fair and lawful manner. Additionally, make sure you have well-constructed contractual agreements with clearly defined obligations and appropriately distributed liability.

The criteria for vicarious liability here are similar to the FCC’s declaratory ruling on vicarious liability under the TCPA (FCC 13-54). 

Finally – and perhaps most importantly – the guidance reiterates that an individual or organization will not be found liable if they establish that they exercised due diligence to prevent the commission of a violation. So ramp up that vendor risk management program!

And to help avoid violations of Section 8 (unsolicited software installations), you might want to use a vendor like Kryptowire to keep tabs on what your apps are doing.

$55,000 For DNC Violations

Bouchard Parent Associés – $55,000 for calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer, and pay subscriptions to the National DNCL.
https://crtc.gc.ca/eng/archive/2018/2018-483.htm
jbho: yet another reminder of the procedural requirements

$18,000 For DNC Violations

Toronto Breeze Air Duct Cleaning – $18,000 for calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer, and pay subscriptions to the National DNCL.
https://crtc.gc.ca/eng/archive/2018/2018-482.htm
jbho: yet another reminder of the procedural requirements

November 2018

$65,000 For Failing To Verify Clients’ DNC Subscriptions

Groupe FMT 2001 allegedly failed to ensure its clients registered as telemarketers and paid their subscriptions to the National DNCL. The CRTC also claimed Groupe FMT 2001 failed to keep records ensuring its clients compliance with DNC requirements.

In addition to the $65,000 monetary penalty, Groupe FMT 2001 has agreed to implement a compliance program to prevent future violations.
https://crtc.gc.ca/eng/archive/2018/vt181130.htm
jbho: the regulations require the records be keep for three (3) years after creation (e.g., after calls are made).
October 2018

$25,000 For DNC Violations And Calling Outside Permitted Hours

Weather Pro Windows and Doors – $25,000 for calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer, failure to pay subscriptions to the National DNCL, and calling outside permissible calling hours.
https://crtc.gc.ca/eng/archive/2018/vt181001.htm
jbho: yet another reminder of the procedural requirements

$25,000 For DNC Violations

National Foods – $25,000 for calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer, and pay subscriptions to the National DNCL.
https://crtc.gc.ca/eng/archive/2018/2018-382.htm
jbho: another case of not following the procedural requirements. Here 101 calls resulted in an enforcement action. Didn’t help that National Foods (allegedly) did not cooperate with the CRTC, first in failing to respond to demand requests, then in denying it was a telemarketer.
September 2018

$40,000 For DNC Violations And Illegal Sharing Of DNCL

Gestion David McKinnon – $40,000 for calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer, failure to pay subscriptions to the National DNCL, and improperly disclosing contents of the National DNCL to clients of its service.
https://crtc.gc.ca/eng/archive/2018/vt180911.htm
jbho: a reminder you can’t share DNC subscriptions.

May 2018

$10,000 For Unsolicited Faxes

BroadFx Media (Canadian Home Grocers) – $10,000 for faxing numbers on the National Do Not Call List (DNCL), sending faxes outside permissible hours, and sending faxes for clients who failed to register with (and pay subscriptions to) the National DNCL.
https://crtc.gc.ca/eng/archive/2018/vt180501.htm
jbho: always surprises me when people are still faxing in this day and age.

A reminder that, for enforcement purposes, faxes are telephone calls, and all the call rules apply.


$100,000 For TextSpam

Ticket reseller 514-BILLETS allegedly sent advertising texts without consent, that failed to include statutorily required contact information. The texts read:

Would you like offers for discount tickets for [short list of event categories]

514-BILLETS attempted to rely on an EBR to request consent, but failed to include the statutorily required elements of a consent request (e.g., who is requesting consent, contact info, purposes of consent, and notification consent can be withdrawn at any time).

Per the terms of the Undertaking, 514-BILLETS has agreed to implement a compliance plan, including
• a review of current compliance practices
• development and implementation of corporate policies
• train employees on compliance with the act
• implementation of disciplinary measures
• implement a complaint management program
• implement monitoring and audit measures

Additionally, 514-BILLETS must refund $75,000 to consumers ($10 rebate coupons to 7,500 consumers), and pay $25,000 in administrative fees.

The undertaking fully settles all alleged or potential responsibility of 514-BILLETS.
https://crtc.gc.ca/eng/archive/2018/ut180315.htm
jbho: a reminder you can’t really send a text asking for consent to text, unless it’s a referral (Section 4 of the CASL Regulations). Then you still need to provide all the statutorily required disclosures.

By my count, this is CASL enforcement number 16.

April 2018


Undertaking For Faulty Unsubscribe Mechanism

Ancestry Ireland sent two types of commercial electronic messages:
• promotional offers
• messages related to products for which clients have subscribed
Ancestry Ireland maintained two separate unsubscribe mechanisms, so users could only opt-out of one type of email at a time.

The CRTC objected, finding that consumers should be able to unsubscribe from all messages with just one operation.

As a result, Ancestry Ireland has implemented measures to ensure opt-outs are coordinated across message types and with the multiple vendors who send them. Additionally, Ancestry Ireland agreed to implement a compliance program that includes:
• a review of current compliance practices
• development and implementation of corporate policies and procedures
• employee training and awareness
• disciplinary measures in the event of non-compliance with internal procedures
• a complaint management program
• monitoring and audit measures

The undertaking fully settles all alleged or potential responsibility of Ancestry Ireland. No fines were assessed.
https://crtc.gc.ca/eng/archive/2018/ut180124.htm
jbho: take note, as this one could be an important interpretation of CASL. Ancestry Ireland likely considered the mails to fall into two distinct ‘classes,’ justifying two distinct opt-out mechanisms. However, the CRTC felt they were close enough that one opt-out should apply to all.

Per CASL Section 6, 11. (1)(a) “The unsubscribe mechanism … must enable the person to whom the commercial electronic message is sent to indicate, at no cost to them, the wish to no longer receive any commercial electronic messages, or any specified class of such messages, from the person who sent the message or the person — if different — on whose behalf the message is sent …” (emphasis added).

And per the Regulations at 3(2) “The unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act must be able to be readily performed.”

As I read, neither explicitly imposes an obligation to offer a “STOP ALL” unsubscribe mechanism. Apparently, the CRTC is reading the “or” to mean “if you like, you can additionally offer specific opt-outs for,” but a global opt-out must still be offered. Perhaps a review of the parliament’s intent would be instructive?

By my count this is the 15th CASL enforcement to date. See my CASL Tracker

$90,000 For After Hours & DNC Violations

MSB Enterprises (Canadian Home Grocers) – $90,000 for calling numbers on the National Do Not Call List (DNCL), Making calls outside permissible hours, and failing to register as a telemarketer and pay subscriptions to the National DNCL.
https://crtc.gc.ca/eng/archive/2018/vt180117.htm
jbho: as a reminder, per the UTRs Part III, section 23: “a telemarketing telecommunication is restricted to the following hours: 9:00 a.m. to 9:30 p.m. on weekdays (Monday to Friday); and 10:00 a.m. to 6:00 p.m. on weekends (Saturday and Sunday).”

February 2018

$20,000 For Unsolicited Telemarketing

Big City Windows and Doors – $20,000 for calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer and pay subscriptions to the National DNCL.
https://crtc.gc.ca/eng/archive/2018/vt180209.htm
jbho: don’t forget the technical and procedural requirements.

December 2017

$25,000 For Failing To Cooperate With CRTC Investigators

Air Duct Cleaning and its owner were fined for failing to cooperate with a compliance inspection. The investigation was initiated based on the belief Air Duct Cleaning was not registered with the National Do Not Call List (DNCL) operator and that it had not paid its subscription to the National DNCL. The CRTC found that Air Duct Cleaning willfully ignored notices and failed to respond with any justification or defence. Thus, a monetary penalty of $15,000 was issued against the company, and $10,000 against its owner.
http://www.crtc.gc.ca/eng/archive/2017/2017-445.htm
jbho: Make sure you have consent to call, and don’t forget the procedural requirements.

Also a reminder that company officers can be held personally liable for UTR violations.

October 2017


CompuFinder CASL Fine Reduced; CASL Constitutional

The CRTC issued two opinions in response to challenges of the $1.1 million fine issued against CompuFinder. CompuFinder argued:
• the fines were excessive and world force the company into bankruptcy
• the CRTC investigator was biased
• evidence produced by the CRTC was incomplete/unreadable
• consent was not needed where a relationship was established
• where consent was required, CompuFinder had implied consent though ‘conspicuous publication’ of addresses
• the CRTC failed to take into account CompuFinder’s compliance program as a ‘Due Diligence’ defence

The CRTC found that the investigator fairly conducted the investigation, and the maturity of CompuFinder’s compliance program was dubious (some elements implemented after investigations began), thus no ‘Due Diligence defence applied. Additionally, the CRTC determined that CompuFinder failed to produce sufficient evidence of any ‘relationships.’ Finally, consent could not be implied due to the way CompuFinder sourced addresses, and the generic content of the CEMs failed to demonstrate any relevance to a recipient’s business, role, function or duties .

However, the CRTC admitted that not all the evidence provided was readily understandable or usable. Based on that it reduced the number of violations from 451 to 317 (and opt-out failures from 116 to 87). The CRTC also implied that this being one of the first CASL enforcements, lack of cooperation by CompuFinder may have been previously overstated. Finally, those factors, in combination with CompuFinder’s overall financial health, convinced the CRTC that the penalty should be reduced from $1.1M to $200,000.
http://www.crtc.gc.ca/eng/archive/2017/2017-368.pdf

On the constitutionality question, the CRTC reasoned that although CASL was a (potentially illegal) restriction on commercial speech, the protection afforded consumers outweighed the rights and freedoms of senders.
http://www.crtc.gc.ca/eng/archive/2017/2017-367.pdf
jbho: the constitutional issues are very nuanced, but the results are similar to constitutional challenges of the TCPA in the US. I leave further interpretation as an exercise to the reader.

On the revised enforcement decision, the opinion provides some additional guidance on B2B exemptions under CASL. For example, the CRTC stated that a purchase or contract alone did not necessarily create a ‘relationship.’ “(T)he mere fact that an organization paid for training on behalf of one of its employees is not sufficient to demonstrate that the organization had, or intended to create, a relationship that would allow for a complete exemption.” So if you plan to solicit to an organization with whom you are contracting, you might want to include an ‘right to market’ clause in the Agreement.

The opinion also provides some clarification on implied consent through conspicuous publication. “Conspicuous publication requires that the person to whom the message is sent publish, or cause to be published, the address in question. The reproduction of a person’s contact information by a third party on its own initiative does not satisfy this requirement.” Since CompuFinder pulled contact info from directory sites – sites whose terms of use contained disclaimers to the effect that users of the directory were not to send unsolicited CEMs to the addresses found in the directory – consent could not be implied.

The CRTC also cited the relevance factor, and stated the generic nature of CompuFinder CEMs did not necessarily comport with the functions of the receiving organizations or individuals.

Interestingly, the means of collecting the publically available addresses was not discussed.

As a reminder B2B prospecting to non-scraped addresses is permissible if the following three conditions are met:
1. the recipient makes his/her contact information publically available, or voluntarily discloses his/her contact information to the sender
and
2. the contact information is posted/shared WITHOUT instructions not to send unsolicited CEMs
and
3. the message is relevant to the person’s business, role, functions or duties in a business or official capacity
Remember that the OPC has warned that scraping invalidates any ‘publically available’ implied consent (PIPEDA Report of Findings #2016-003)

August 2017

$65,000 For Unsolicited Telemarketing

Toronto Star – $65,500 for calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer, and failing to ensure its telemarketers complied with the Unsolicited Telemarketing Rules (UTRs).
http://www.crtc.gc.ca/eng/archive/2017/vt170801.htm
jbho: remember, these fines are usually accompanied by an order where the company agrees to implement a compliance program to avoid similar violations in the future.

June 2017

CEO Fined $10,000 For CASL Violations

The CEO of Couch Commerce (Mr. Halazon) was fined $10,000 for allegedly supervising the sending of emails without a proper unsubscribe mechanism. The opt-out allegedly either did not work, could not be readily performed, or took longer than 10 days to be honored.

In addition to the monetary penalty, Mr. Hazalon has agreed to implement a compliance program, including:
• review of current practices
• develop and implement policies and procedures
• develop and implement training for employees
• implement disciplinary procedures
• track complaints and monitor complaint resolution
• report progress and program changes to the CRTC
http://www.crtc.gc.ca/eng/archive/2017/ut170612.htm
jbho: a reminder that company officers can be held personally liable for CASL violations.

March 2017

$15,000 For Spam Emails

A home based business (William Rapanos) was fined $15,000 for sending emails advertising a design, printing, and distribution service for commercial flyers, without consent, that:
• failed to identify the sender
• did not include contact information
• did not include a functioning unsubscribe mechanism
The CRTC launched an investigation based on complaints received at its spam reporting centre (58 complaints from 50 individuals).
http://www.crtc.gc.ca/eng/archive/2017/2017-65.htm
jbho: surprising that a relatively small number of complaints would drive an investigation.

Also of interest is that the CRTC appears to have counted violations based on email ‘batches.’ That is, it cited 3 email blasts for a total of 10 violations:
rapanos
The $15,000 was reached by assessing $1,500 per violation. The commission cited lack of cooperation as a contributing factor in the fine amount.

Unfortunately, still doesn’t provide much clarity around how violations will be tallied once the private right of action is in force.

By my count, this is now the 9th CASL enforcement action. Let me know if I’ve missed anything.

$60,000 For Failure To Register As Telemarketer

Newspaper Call Center was fined $60,000 for allegedly making telemarketing calls for a client that failed to register with and pay subscription fees for the National Do Not Call List (DNCL), as well as allegedly failing to keep appropriate registration records.
http://www.crtc.gc.ca/eng/archive/2017/vt170207.htm
jbho: don’t forget the procedural requirements

February 2017

$100,000 For Unsolicited Robocalls

Club Cranberry Vacations allegedly made predictive dialed calls to numbers on the National Do Not Call List (DNCL), abandoned more the 5% of calls made, failed to register as a telemarketer and pay subscriptions to the National DNCL.
http://www.crtc.gc.ca/eng/archive/2017/vt170206.htm
jbho: don’t forget the technical and procedural requirements.

November 2016

Slow Month For The CRTC

Support Avenues – $25,500 for calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer and pay subscriptions to the National DNCL
http://www.crtc.gc.ca/eng/archive/2016/2016-441.htm
jbho: Remember, these fines are usually accompanied by an order where the company agrees to implement a compliance program to avoid similar violations in the future.

October 2016

$50,000 for B2B Marketing Emails

Responding to complaints received at its Spam Reporting Centre (http://fightspam.gc.ca/eic/site/030.nsf/frm-eng/MMCN-9EZV6S), the CRTC fined Blackstone Learning $50,000* for nine campaigns consisting of some 385,000 unsolicited emails. Blackstone argued it had implied consent based on ‘conspicuous publication’ of the email addresses it contacted, but the CRTC felt Blackstone failed to provide evidence supporting the validity of its consents (e.g., addresses were not scraped). Moreover, the contents of the messages – advertised various training courses & offered group rates – were not necessarily related recipients’ professional roles.

*The initial fine assessed was $640,000, but was reduced due to Blackstone’s ability to pay.
http://www.crtc.gc.ca/eng/archive/2016/2016-428.htm
jbho: A reminder that CASL covers B2B marketing.

B2B prospecting to non-scraped addresses should be permissible if the following three conditions are met:
1. the recipient makes his/her contact information publically available, or voluntarily discloses his/her contact information to the sender
and
2. the contact information is posted/shared WITHOUT instructions not to send unsolicited CEMs
and
3. the message is relevant to the person’s business, role, functions or duties in a business or official capacity
Remember that it appears scraping will invalidate any ‘publically available’ implied consent (PIPEDA Report of Findings #2016-003 on Compu-Finder’s $1.1M CASL fine)

Also interesting here is that the CRTC considered each campaign to constitute a violation, rather than each email. An important distinction for after 1July2017

$18,000 For 7 Telemarketing Calls

The owner of Home Improvement Companies Dynique Restoration and Victorian Restoration was fined $18,000 for allegedly calling numbers on the National DNCL, failing to register as a telemarketer and failing to pay DNCL subscription dues.
http://www.crtc.gc.ca/eng/archive/2016/2016-391.htm
jbho: Make sure you have consent to call, and don’t forget the procedural requirements.

September 2016

CRTC Racks Up $250,000 In Fines For UTR Violations

Two IT Service companies with common ownership were fined for violations of the Unsolicited Telemarketing Rules (UTRs). Highlights include:

  • Thee Future Web – $194,000 for allegedly calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer and subscribe to the National DNCL, failing to identify itself as the caller, and failing to send a valid Caller ID number.
  • NextGen Webstore – $56,000 for allegedly calling numbers on the National Do Not Call List (DNCL), failing to register as a telemarketer and subscribe to the National DNCL, and failing to identify itself as the caller.

jbho: Remember, these fines are usually accompanied by an order where the company agrees to implement a compliance program to avoid similar violations in the future.

August 2016

8th CASL Enforcement To Date (AFAIK)

Kellogg Canada has entered into a voluntarily undertaking for allegedly sending marketing emails without consent. In addition to a $60,000 penalty, Kellogg has agreed to implement a CASL compliance program, including revising policies and procedures, implementing training programs, tracking email complaints and complaint resolutions, and implementing updated monitoring and auditing mechanisms to assess compliance.
http://www.crtc.gc.ca/eng/archive/2016/ut160901.htm
jbho: Remember it’s not just the fines, implementing the compliance programs cost money too.

I’m keeping track of the CASL enforcements I’ve seen here.

July 2016

CRTC Racks Up Over A Million In Fines For UTR Violations

Six companies were fined $1,233,000 in connection with robocalls allegedly made by and on behalf of Sirius. Highlights include:

  • Sirius XM – $650,000 for allegedly failing to identify the caller in prerecorded messages, for failing to provide a toll-free opt-out number in prerecorded messages, and continuing to call individuals who asked to be opted-out.
  • Raid – $500,000 for allegedly calling numbers on the National Do Not Call List (DNCL), and failing to ensure its clients subscribed (and paid dues) to the National DNCL
  • 9117-7683 Québec – $40,000 for allegedly calling numbers on the National Do Not Call List (DNCL), and failing to ensure its clients subscribed (and paid dues) to the National DNCL
  • Leads, Call Centers & Marketing Solutions – $30,000 for allegedly calling numbers on the National Do Not Call List (DNCL), and failing to ensure its clients subscribed (and paid dues) to the National DNCL
  • 8472416 Canada – $8,000 for allegedly calling numbers on the National Do Not Call List (DNCL), and for failing to keep records of its clients registration/subscription to the National DNCL
  • 9165-2602 Québec – $5,000 for allegedly calling numbers on the National Do Not Call List (DNCL), and failing to ensure its clients subscribed (and paid dues) to the National DNCL

http://news.gc.ca/web/article-en.do?nid=1091989
jbho: Remember, these fines are usually accompanied by an order where the company agrees to implement a compliance program to avoid similar violations in the future.

Leave a Reply