Oh, CASL… Just when we thought that penalties of up to $1 million for individuals and $10 million for businesses were deterrent enough: It seems that not all marketers have heeded the call to clean up their digital MarComm practices. To wit, as of June 2016 (according to CRTC numbers cited by MailerMailer LLC), the Government of Canada’s Spam Reporting Centre has received a total of over 630,000 complaints, at a fairly steady rate of about 22,000 per month or 5,000–6,000 per week—with a noticeable spike each time the CRTC issues an enforcement announcement, like they did for Plenty of Fish, Compu-Finder, and Porter Airlines, and more recent infractions by Rogers Media and Avis Budget Group Inc.
Two recent CASL infractions in focus: Rogers Media and Avis Budget Group
In November 2015, Rogers Media Inc. was found to be in violation of several areas of CASL legislation, including sending commercial electronic messages (CEMs) to email addresses without offering a “readily performable” unsubscribe mechanism, not giving effect to unsubscribe requests within the mandatory 10 days, and not upholding a working electronic unsubscribe mechanism in CEMs for the mandatory 60 days. The resulting undertaking by Rogers Media Inc. and the CRTC necessitated a monetary payment of $200,000, as well as updates to Rogers’ MarComm activities, processes, procedures, and internal training programs, to bring them into alignment with CASL act and regulations.
The most recently publicized big-brand CASL-related infraction occurred with a 2015 marketing snafu from rental car giants Avis and Budget. The Canadian government has cited misleading advertising via a CEM sent by Avis Budget Group Inc. (the parent company of Avis and Budget car rental brands), in what became the first proceedings under the new provisions of the Competition Act that came into force as part of CASL in July 2014. Specifically, the Competition Bureau alleges that the participating companies engaged in false or misleading price representation when they failed to disclose additional fees that could increase the price of their car rentals. The price tag on such an infraction (if the companies are deemed guilty): $30 million in administrative penalties and refunds for consumers.
[Note that the CRTC doesn’t rely solely on public reporting of CASL infractions; indeed, they also employ honeypot data, which the Commission considers to be more representative of real message traffic than complaints, which may reflect selection bias.]
And while about one-third of the complaints involved identification requirements (e.g., under CASL, brands must ensure that all commercial electronic messages (CEMs) contain proper organizational and brand identification, including a mailing address), the vast majority—94%!—involved some form of consent issue (including both being able to prove initial consent as well as managing and processing unsubscribes within the allotted 10-day window).
We can glean two major conclusions from these numbers: On the one hand, it seems that marketers either (a) aren’t taking CASL’s consent requirements seriously, or (b) aren’t set up to handle the depth and complexity of data that’s amassed in the process of gaining and managing audience-member consent. On the other hand, it’s clear that recipients are more than happy to report on brands that they think contravene CASL legislation (with 80% of reports indicating email infractions and 13% and rising relating to SMS messaging).
If some marketers aren’t managing consent now, what’ll happen to their businesses come July 2017? The next phase of CASL legislation—the private right of action (PROA)—will go into force on July 1, 2017, and will allow individuals and organizations to seek actual and statutory damages (i.e., monetary payments) from individuals and organizations whom they believe have violated CASL regulations.
It is still uncertain whether PROA will be applicable retroactively (there is legal precedent suggesting that it’s unlikely, while we’ve heard from other credible sources that PROA may indeed cover retroactive retribution and vicarious liability for a 3-year maturation period—back to when CASL Phase One was put into force on July 1, 2014). But be that as it may, with less than 11 months to go, marketers need to get their data-management houses in order if they’re going to weather the storm that’s approaching from CRTC, Competition Bureau, and Privacy Commissioner offices (among other factions of the Canadian government).
Curious about how your organization stacks up against CASL rules for implied vs. express consent, CEM practices, and more? Check out our in-depth CEM best practices checklists for CASL here.
Don’t forget to read this case study in how not to collect and use e-mail addresses written by the Office of the Privacy Commissioner of Canada to find our more about complying with electronic address-harvesting provisions of the PIPEDA.
Posted September 19, 2017