Private Right of Action Coming July 1 – Time for a CASL Health Check?
Date: April 27, 2017
A new means of enforcing compliance with Canada’s Anti-Spam Legislation or “CASL” will come into force July 1, 2017, making it a good time for organizations to revisit CASL compliance and address any compliance problems.
CASL has been in force since 2014 and features broadly applicable and strict rules that govern electronic messaging. To date, these rules have been enforced by the CRTC via a regime for imposing administrative monetary penalties. There have only been a handful of enforcement cases. Though the CRTC has pursued large and reputable organizations for somewhat technical infractions, an October 2016 decision in which the CRTC reduced a fine proposed in a notice of violation from $640,000 to $50,000 has led some to discount the downside risk of violating CASL.
However one assesses this downside risk, it will certainly increase on July 1st with the advent of a new private right of action. Very simply, beginning in July individuals affected by a contravention of CASL (or related provisions of the Personal Information Protection and Electronic Documents Act and the Competition Act) will be able to apply to court for damages – both compensatory damages (for actual loss) and general damages (irrespective of actual loss). For electronic messaging contraventions, general damages will be $200 for each contravention, subject to a cap, rendering the real concern the risk of class action claims.
In 2014, most organizations conducted some form of organizational review in conjunction with the launch of a CASL compliance program. The object of these initiatives was to support compliance and foster a due diligence defence by identifying all formal address lists and databases, by identifying all formal and informal messaging activity of significance and by addressing compliance gaps.
Today, organizations should address any known gaps that remain outstanding. They should also consider revisiting key programs or business lines to confirm that messaging activity is well understood and under control and to identify and address any existing compliance problems. This kind of “health check” need not be onerous, but is a prudent step to take in light of the pending change and the associated risks.
The article in this Client Update provide general information and should not be relied on as legal advice or opinion. This publication is copyrighted by Hicks Morley Hamilton Stewart Storie LLP and may not be photocopied or reproduced in any form, in whole or in part, without the express permission of Hicks Morley Hamilton Stewart Storie LLP. ©