Earlier this month, the Canadian Radio-television and Telecommunications Commission’s Chief Compliance and Enforcement Officer issued a Notice of Violation and $1.1 million penalty to Compu-Finder for four violations of the Canadian Anti-Spam Legislation. Although Compu-Finder was apparently engaged in “flagrant” CASL violations, according to the Chief Compliance and Enforcement Officer, the CRTC also confirmed that it is assessing CASL complaints and that “a number of investigations are currently underway.” Therefore, organizations engaging with individuals located in Canada should review their communications and marketing practices for compliance under CASL and other applicable law.
Canada’s new anti-spam law was passed in December 2010, and certain provisions will become effective 1 July 2014 — including new consent requirements for e-mails and certain other electronic messages. As of 1 July 2014, an organization must have consent to send commercial electronic messages to an email account, telephone account or instant messaging account. In addition, CEMs must include certain identification information and an unsubscribe mechanism. The law applies to messages whenever a computer system located in Canada is used to send or access the CEM. Certain exemptions and transition periods also apply.
Privacy law compliance means not only ensuring that compliance gaps are identified and remediated, but also that there is a privacy management infrastructure to ensure that privacy issues are handled on an ongoing basis. Attending to the infrastructure task can be challenging.
To aid in this effort, on April 17th Canada’s privacy commissioner, along with the privacy commissioners of the provinces of Alberta and British, issued a guidance document entitled “Getting Accountability Right with a Privacy Management Program,” along with an “At a Glance” two-page summary. These materials are summarized in this entry.
In a recent case, the Court of Appeal for Ontario, Canada recognized the privacy torts that are widely-recognized in the United States. Many foreign common law jurisdictions, including the United Kingdom and other countries, have steadfastly refused to recognize the privacy torts spawned by the 1890 law review article by Samuel Warren and Louis Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890). These torts – intrusion upon seclusion, public disclosure of private facts, false light, and appropriation of name or likeness – are known collectively as “invasion of privacy.” In the case of Jones v. Tsige, 2012 ONCA 42 (Jan. 18, 2012), the Court of Appeal for Ontario finally recognized the US privacy tort of intrusion upon seclusion – intentionally intruding upon a person’s seclusion or solitude, or into his private affairs.
We are pleased to provide a report on Canada’s new Anti-Spam Law from our friend Mark Hayes, one of Canada’s leading privacy and Internet lawyers.