Anti-Spam Enforcement Continues as Kellogg Pays $60,000 for Alleged Violation
The Canadian Radio-television and Telecommunications Commission (“CRTC”) announced that breakfast cereal seller Kellogg Canada Inc. has agreed to pay $60,000 as part of a settlement for alleged violations of Canada’s anti-spam legislation (“CASL”), which came into force on July 1, 2014.
The Alleged Violation
The CRTC’s announcement noted the alleged violation of subsection (1)(a) of CASL:
From 1 October 2014 to 16 December 2014, inclusively, messages were sent by Kellogg and/or its third party service providers during the period of 1 October 2014 to 16 December 2014 to recipients without consent of their recipients.
Companies charged with breaching CASL can pay the assessed penalty, make written representations with the goal of reducing the penalty, or enter into an “undertaking” with the CRTC on the issue. In this instance, pursuant to section 21 of CASL, Kellogg voluntarily entered into the Undertaking with the Chief Compliance and Enforcement Officer of the CRTC.
As part of the Undertaking, Kellogg also agreed to comply with CASL and ensure that it, and any third party service providers it works with, comply with CASL and its regulations. The company has committed to reviewing and updating its compliance program, which will include:
- reviewing and revising written policies and procedures regarding compliance;
- providing training programs for Kellogg employees;
- tracking of commercial electronic message complaints and subsequent resolution; and
- implementing updated monitoring and auditing mechanisms to assess compliance.
Kellogg’s agreement to the Undertaking fully resolves all outstanding issues with respect to Kellogg's or its subsidiaries’ alleged non-compliance with CASL.
Lessons for Business
Kellogg is one of several companies to have faced an enforcement action by the CRTC, and like many, it opted to enter into an undertaking that included both a compliance commitment and a payment. It is not the first company to attract the attention of the CRTC: a$1.1 million penalty was levied against the Quebec-based technology training firm Compu-Finder in March 2015; in June 2015, Porter Airlines Inc. agreed to pay $150,000 as part of an undertaking for alleged CASL violations. Plentyoffish Media Inc. and Rogers Media Inc. were also enforcement targets in 2015, entering into similar undertakings.
Businesses that contravene CASL’s CEM provisions can find themselves facing penalties of up to $1 million per violation for individuals and up to $10 million per violation for organizations, as well as vicarious liability for employers, directors and officers.
Beginning in July 1, 2017, CASL will also impose civil liability by providing for a private right of action, allowing individuals and organizations affected by an act or omission that is in contravention of CASL to bring an action in court against individuals and organizations whom they allege have violated the law. Once in force, the private right of action will allow such applicants to seek actual and statutory damages (although statutory damages may not be pursued if the alleged perpetrator has entered into an undertaking or has been served with a notice of violation).
The case serves as a cautionary tale for companies utilizing third party service providers and emphasizes the importance of ensuring that such partners understand and comply with CASL. Further guidance with respect to CASL can be found in our previous post.
CRTC; anti-spam; CASL