The Canadian Radio-television and Telecommunications Commission (“CRTC”) recently announced that Porter Airlines Inc. (“Porter”) agreed to pay $150,000 for alleged violations of Canada’s anti-spam legislation (CASL). The payment by Porter is part of a larger voluntary undertaking by which Porter will implement a number of corrective measures to ensure compliance with the law.
The voluntary undertaking is the culmination of a CRTC investigation alleging that between July 2014 and April 2015 Porter engaged in a number of violations of the Act. These alleged violations included:
- sending commercial e-mails that did not contain an unsubscribe mechanism;
- sending commercial e-mails that failed to clearly or prominently set out the unsubscribe mechanism;
- sending commercial e-mails that did not provide complete contact information; and
- failing to honour within ten business days requests from recipients to unsubscribe from receiving future e-mails.
The CRTC also stated that Porter was unable to provide proof that it had obtained consent for each e-mail address that received its commercial e-mails.
Upon becoming aware of the investigation, Porter cooperated with the CRTC and immediately began taking corrective action. The voluntary undertaking between Porter and the CRTC involves enhanced training and education for Porter’s employees and improved corporate policies and procedures.
Although CASL has been in place since July 2014, organizations continue to incur significant financial penalties for violations of the Act. Earlier this year a $1.1 million penalty was issued to Compu-Finder for sending commercial e-mails without consent of the recipients (see Canada’s anti-spam legislation has teeth – company fined $1.1 million for “spamming” businesses).
In addition to highlighting the importance of complying with the unsubscribe requirements of the Act, the news release also emphasizes that organizations must be able to provide evidence of obtaining consent to send commercial e-mails to each e-mail address. Practically, this means that in addition to actually obtaining consent, organizations must have a system in place for storing and retrieving these consents.
Given the significant financial and operational consequences that may flow from non-compliance, organizations that have not already done so should review their e-mailing practices and policies to ensure that they are on-side of the legislation.