100,000 Reasons to Ensure You're CASL Compliant
Can directors and officers be found personally liable for their corporation’s violations of Canada’s Anti-Spam Legislation (CASL)? They most certainly can; and the CRTC’s ruling against Brian Conley, CEO of nCrowd Inc., shows just how costly it can be.
With a plan to send email advertisements, in September 2014 Brian Conley entered into an Agreement to purchase email distribution lists from a company called Couch Commerce. As part of the Agreement, Couch Commerce represented that the lists, “shall be in compliance with Canada’s Anti-Spam Legislation, to the satisfaction of the Buyer [nCrowd Inc.] in its sole discretion.” The lists were not CASL compliant. Ads were emailed, recipients complained, and the CRTC investigated.
The CRTC’s investigation found that the recipients did not consent to receive commercial electronic messages and that the mechanism recipients used to unsubscribe from the emails was not working correctly.
Section 31 of CASL allows the CRTC to find “an officer, director, agent or mandatary of a corporation that commits a violation [to be] liable if they directed, authorized, assented to, acquiesced in or participated in the commission of the violation, whether or not the corporation is proceeded against.”
This case was about acquiescence. The CRTC found that Mr. Conley’s experience with email distribution platforms, familiarity with the functions of commercial electronic messaging and unsubscribe mechanisms, and his direct involvement with purchasing the distribution lists from Couch Commerce lead to a finding that he passively agreed to commit the violations.
The CRTC rejected Mr. Conley’s defense that it was impossible for a company CEO to have first-hand knowledge of millions of email addresses or the functionality of an opt-out button, that Couch Commerce had represented that its list was CASL-compliant, and that an independent investigation into Couch Commerce’s assets before the sale did not reveal any alleged violations of CASL. Simply put, the CRTC did not buy Mr. Conley’s “I didn’t know” defense.
The fine was $100,000.00 to be personally paid by Mr. Conley.
This case serves as a reminder that a Corporation’s directing minds are not isolated from the wrongdoings of the Corporations they control. This case, in particular, shows that the CRTC is willing to find individuals personally liable even where that person, themselves, has not committed a CASL violation. It is important that corporate players take steps, consistent with the responsibility of their role, to ensure their corporations comply with Canada’s Anti-Spam Legislation.
David is an Associate Lawyer with our Business and Financial Services, Employment and Labour Law and our Technology and Privacy Law Groups. Connect with David on LinkedIn.