Enforcing
Canada’s Anti-Spam
Legislation (CASL)

Actions carried out by the CRTC between
April 1, 2019 and September 30, 2019

View previous time period

Enforcement Highlights

Commission upholds vicarious liability for CASL violations

For the first time, the CRTC held an individual liable under CASL for violations committed by a corporation, pursuant to section 31 of the Act. Based on the evidence gathered, the Commission found that nCrowd, Inc.’s emails were sent without the recipient’s consent and without a properly functioning unsubscribe mechanism. Further, the CRTC found that Mr. Brian Conley, as President and CEO, allowed the commission of these violations, and imposed a $100,000 penalty.

Enforcement Advisory

Many Canadian businesses offer free WiFi to enhance customers’ experience in exchange for personal information, consent to receive marketing messages, and demographic and behavioural data. This business model is referred to as Social WiFi.

CRTC staff issued an enforcement advisory directed to consumers, businesses and Social WiFi service providers in Canada in order to: (1) help explain how the Social WiFi business model works; and (2) to explain any responsibilities under CASL when using a Social WiFi model, in particular regarding consent for commercial electronic messages.

Enforcement Measures

Administrative Monetary Penalties

Since CASL came into force in 2014, enforcement efforts have resulted in penalties totalling over $2.1 million. An additional $568,000 have been paid as part of negotiated undertakings.

Complaints to the Spam Reporting Centre

Between April 1, 2019 and September 30, 2019

Over 145,100 complaints to the Spam Reporting Centre

That’s over 5,800 per week.

Approximately 6,700 of these complaints were submitted using the online form, which represents only 4.6% of total complaints. The remainder of complaints were sent by email at spam@fightspam.gc.ca.

The CRTC encourages Canadians to use the Spam Reporting Centre’s online form to provide as much information as possible.


More than 42% of complaints submitted through the online form reported text message spam

Sources of spam (reported through online form)

SRC complaint reasons donut chart
SRC complaint reasons donut chart legend
Long description:
  • Email: 41.1%
  • Text message (SMS): 42.1%
  • Instant message (IM): 2.6%
  • Unspecified: 14.2%

Lack of consent
is still the
#1 complaint

Reasons why Canadians complain

Triggers for complaining donut chart
Triggers for complaining donut chart legend
Long description:
  • Lack of Consent: 41%
  • Identification of Sender: 23%
  • Software and Malware: 4%
  • Deceptive Marketing Practices: 20%
  • Other: 12%
Graphic of the top 5 types of scam emails

Between April and October 2019, more than 40% of emails reported to the SRC were related to affiliate marketing or legitimate businesses selling or promoting the sale of a good or service.

The top five types of scam emails reported to the SRC during this period were associated with: (1) Dating Services, (2) Offers of Money, (3) Nigerian Prince, (4) Personal Finance, and (5) Phishing scams (impersonation of a legitimate entity).

Outreach

The Compliance and Enforcement team participated in 8 engagement activities with companies, associations and organizations to raise awareness about the application of CASL to unsolicited communications. In addition, staff met with the Commissioner of Canada Elections to prepare for the October 2019 Federal election.

With elections on the horizon, many Canadians contacted the CRTC about political calls, text messages and emails that they received. However, the majority of these messages did not appear to be commercial in nature, and as such, CASL’s requirements would not apply. Staff updated the CRTC’s FAQs about CASL to clarify the issue.

Vulnerability Alert

CRTC staff issued information letters to major hosting service providers to alert them to a vulnerability identified by the National Institute for Standards and Technology (NIST). The letters addressed this potential threat, and served to minimize the possibility of CASL violations.

The vulnerability in Exim, a popular email server software, could allow servers to be remotely controlled. The vulnerability was being exploited by a worm which would infect the system, gain administrative privileges, install malware, and begin scanning for new vulnerable servers to spread to.

These interactions help to build awareness of CASL, and protect Canadians from spam and other online threats.

Partnerships

The CRTC has forged partnerships with organizations across the globe in order to better fulfill its mandate.

The CRTC is part of the Unsolicited Communications Enforcement Network (UCENET). Members from over 26 countries work together to promote international spam enforcement cooperation and address problems relating to spam and unsolicited telecommunications.

Collaboration with International Partners

Agreements with International Partners world map
Long description:

Canada (CA)

Memorandum of Understanding:

Enforcement Collaboration:

United States (US)

Memorandum of Understanding:

Enforcement Collaboration:

United Kingdom (UK)

Memorandum of Understanding:
Information Commissioner’s Office (ICO)

Japan (JP)

Memorandum of Understanding:
Ministry of Internal Affairs and Communications

Australia (AU)

Memorandum of Understanding:
Australian Communications and Media Authority (ACMA)

Enforcement Collaboration:
Australian Federal Police (AFP)

New Zealand (NZ)

Memorandum of Understanding:
Department of Internal Affairs (DIA)

Useful Resources

Check out recent fraudulent activities uncovered by the RCMP.

Looking for cyber safety tips?

Competition Bureau Canada

Office of the Privacy Commissioner of Canada

Frequently Asked Questions about CASL

CASL Compliance Tips

Information Bulletin - Guidelines on the Commission's Approach to Section 9 of CASL

Are you still receiving spam?

Report it and we’ll have a look.

Date modified: