Canadian Regulator Levies C$1.1M Fine In First Major Case Under New Spam Law

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Peter Menyasz

March 6 — Canada's federal spam regulator has imposed the first fine levied under Canada's new anti-spam law, a C$1.1 million ($880,000) penalty against training marketer Compu.finder Inc.

The penalty is based on violations of Canada's Anti-Spam Legislation (CASL) in which Compu.finder allegedly sent commercial electronic messages without the recipient's consent and sent e-mails in which the unsubscribe mechanisms didn't function properly, the Canadian Radio-television and Telecommunications Commission (CRTC) said in a March 5 statement.

“Given this enforcement action and the significant penalties under CASL for failing to comply—including monetary penalties and a private right of action that becomes effective July 1, 2017—U.S. businesses should familiarize themselves with and take CASL into account in assessing their compliance risks,” Melissa J. Krasnow, a partner at Dorsey & Whitney LLP in Minneapolis, told Bloomberg BNA March 6.

U.S. Companies Should Take Note 

“U.S. businesses may be subject to CASL as CASL applies to all commercial electronic messages where a computer system located in Canada is used to send or access the commercial electronic messages, subject to certain exceptions,” Krasnow said.

“A starting point is for U.S. businesses to determine whether CASL, in addition to the U.S. CAN SPAM Act, applies to them and if yes, take steps to comply,” she said.

“Where there is a nexus with Canada, CASL and the CAN SPAM Act, compliance issues are coming up in website and mobile application privacy policies, marketing and e-mail service provider agreements and in mergers and acquisitions discussions,” she said.

30 Days to Pay or Respond 

The messages, sent between July 2, 2014, and Sept. 16, 2015, promoted training courses on business management, social media and professional development, the CRTC said.

A review of complaints to the federal government's Spam Reporting Centre also showed that 26 percent of those filed to date on training sector companies were about the Quebec City-based firm, it said.

The Notice of Violation issued to Compu.finder gives the company 30 days from March 5 to file written representations contesting the notice or to pay the fine, the commission said.

Compu.finder didn't respond to Bloomberg BNA's March 5 request for comment on the penalty.

Education Effort Ineffective?

The penalty was levied despite the regulator's education efforts on the CASL, which took effect July 1, 2014.

The CRTC has conducted outreach initiatives within the Canadian business community to increase awareness of the new anti-spam requirements, Manon Bombardier, the CRTC's chief compliance and enforcement officer, said in the statement.

In June 2014, the CRTC issued compliance guidance that said companies would help avoid liabilities, including significant administrative monetary penalties, legal fees and reputational damage from potential violations of the CASL and its implementing Unsolicited Telecommunications Rules by initiating corporate compliance programs.

“Despite the CRTC's efforts, Compu.finder flagrantly violated the basic principles of the law by continuing to send unsolicited commercial electronic messages after the law came into force to email addresses it found by scouring websites. Complaints submitted to the Spam Reporting Centre clearly indicate that consumers didn't find Compu.finder's offerings relevant to them,” Bombardier said.

Higher Penalties Available 

“By issuing this Notice of Violation, my goal is to encourage a change of behavior on the part of Compu.finder such that it adapts its business practices to the modern reality of electronic commerce and the requirements of the anti-spam law,” Bombardier said.

The anti-spam law, passed in December 2010, empowers the CRTC to impose penalties of up to C$10 million ($8 million) per violation for businesses and up to C$1 million ($800,000) per violation for individuals.

It also provides for extended liability for violations, including vicarious liability and director/officer liability.

To contact the reporter on this story: Peter Menyasz in Ottawa at

To contact the editor responsible for this story: Donald G. Aplin at



Request Bloomberg Law: Privacy & Data Security