Yesterday, the federal government issued an Order in Council delaying the introduction of a private right of action under Canada’s Anti-Spam Legislation (“CASL”).
CASL is consumer protection legislation that, among other things, was designed to limit and regulate the ability of businesses and organizations to send commercial electronic messages (“CEMs”) to consumers and prospective clients. This legislation already carries significant regulatory penalties for non-compliance including fines up to $10 million for organizations and $1 million for individuals. However, when CASL was enacted it also contemplated the introduction of a right for individuals to sue organizations for breach of the legislation (referred to as the private right of action) to come into effect July 1, 2017.
The private right of action would have allowed individuals to sue organizations and their officers, directors, and agents for violations of CASL, including for:
The legal and liability effects of the private right of action were anticipated by many to be far reaching given, in particular, the suitability of such claims to be advanced by way of class actions. Class action law suits for breaches of US anti-spam laws have attracted sizeable claims. In October 2015, as one example, LinkedIn Corp. reported a settlement in the order of $13 million for spam emails urging users to join its professional network. Yahoo also faces class action claims in connection with texts sent to approximately 500,000 Sprint customers alleging damages of $1,500 per message. Other organizations facing class action law suits for anti-spam violations in the US include corporate giants like Microsoft as well as, smaller and community-based organizations including, in one case, a charter community school.
Whether the private right of action will come into effect at some point in the future remains to be seen. The government’s decision, however, to delay implementation of the private right of action does not relieve organizations from their existing obligations under CASL. July 1, 2017 continues to mark the end of a transition grace period during which organization were able to rely on certain implied consents for sending CEMs under the legislation.
If your organization has not done so already, it is still prudent to take an opportunity before the end of the three year grace period to review your organization’s practices, including consideration of:
Organizations should also note that CASL provides a defence of due diligence. While it is not explicitly set out what constitutes “due diligence”, implementing written policies and procedures regarding compliance, administering employee training programs, and keeping organized, systematic records which track compliance are useful in demonstrating an organization’s diligence.
Questions relating to this article can be directed to Suzanne Kennedy.
This article may not be republished without the express written permission of Harris and Company LLP