What we can learn from the CRTC’s first CASL enforcement decision
12 APR 20170
For internet marketers and web savvy businesses, Canada's Anti-Spam Legislation, or CASL for short, has been a subject of speculation and concern for years. Enacted in the summer of 2014, CASL places a number of strict rules, limitations, and prohibitions related to unsolicited commercial electronic messages (CEMs), such as emails, SMS, and messaging services in an effort to combat spam and reduce consumer fraud.
Under CASL, legitimate CEMs need to be truthful, accurate, specifically opted-into, and contain a method of unsubscribing from further messages, and other legal disclosures. Failure to follow the rules can result in absolutely devastating fines.
How devastating? How about $640,000? That's what Blackstone Learning Corp was initially ordered to pay in the first CASL enforcement decision before the fine was reduced to $50,000.
Blackstone, an unremarkable online seminar service, was found in violation of gaining proper consent for it's messaging campaigns. Over the course of nine separate marketing campaigns between July 4, 2014 and December 3, 2014, Blackstone sent over 385,000 unsolicited emails to various individuals without consent. The CRTC received complaints about the business and decided to investigate.
So lesson one, you can expect the CRTC to aggressively pursue cases wherever they are found. Blackstone was not a large company with particularly deep pockets, not were they particularly aggressive with their campaigns. 385,000 messages is a lot, but nowhere near the output of some of the most notorious spammers.
Of course, Blackstone argued in their defense. They fully acknowledged they sent the emails, where they made a distinction was whether or not they were solicited. Blackstone claimed that they had "implied consent” for sending messages to those email addresses because all of the addresses were conspicuously published on public forums and social media accounts.
The CRTC however dismissed that argument. CASL has strict, clearly defined rules governing address procurement. Posting your email address in a public forum is no more an invitation for a marketer to send you unsolicited mail as parking your car in a public lot is an invitation for someone to drive off with it.
Again, we can learn from this. CASL applies to every business. Whether you're purchasing shady email lists from blackmarket sites, or simply skimming Facebook profiles for posted addresses, the end result is the same. You need clear, specific consent to send a CEM to an individual, end of story. For businesses, this means you need a method of obtaining, and recording, consent from potential contacts.
So why was Blackstone's penalty reduced from a crushing $640,000 to a merely bruising $50,000? There are a few reasons. Firstly, the CRTC's stated goal when applying penalties is to ensure compliance, not to be purely punitive. If the penalty is so great that it would effectively shut the business down, the CRTC may be persuaded to lower the fine.
Secondly, after some initial resistance, Blackstone demonstrated an effort to self-correct and adjust their internal policies to comply with CASL. This show of admonishment likely saved the business several thousand dollars, as it was one of the key factors the CRTC considered when adjusting the fine.
This is another lesson for businesses to absorb. While CASL imposes a great burden of responsibility and diligence on a business (some might say too much), good faith efforts to show an attempt to comply with the regulations can go a long way. If you do find yourself in a precarious situation through a mistake or oversight, taking the initiative and correcting the behavior immediately can help ward off a substantial penalty.