Enforcement Highlights
CRTC denies Hydro-Québec’s application to review a notice to produce (NTP)
A person designated by the Commission issued and caused a NTP to be served on Hydro-Québec, which required Hydro-Québec to produce information relating to 10 service addresses and their associated customer accounts.
Hydro-Québec argued that the investigative powers conferred by CASL do not allow the designated person to compel a public body to disclose non-public personal information or confidential information without a court order. Hydro-Québec also argued that some of the information requested in the NTP, specifically the credit history of the account holders of interest, had no rational link with verifying compliance with or determining any contravention of CASL.
The Commission found that the designated person did not require a court order to request non-public personal information or confidential information from Hydro-Québec.
The Commission upheld the requirement to produce the information requested in the NTP, including records relating to credit history, noting that this information can assist the designated person in corroborating information already obtained during the investigation. The responses to the NTP could help the designated person determine whether evidence could be found in relation to potential violations of sections 6 to 9 of CASL at the locations in question, and could also help the designated person identify new addresses not yet known to Commission enforcement staff where such evidence may be found.
More details can be found in Compliance and Enforcement Decision CRTC 2020-196
$100,000 Undertaking with OneClass
The CRTC reached an agreement with Notesolution Inc. (doing business as OneClass) to resolve alleged violations of CASL. OneClass agreed to make a payment of $100,000 and also agreed to develop and implement a CASL compliance program.
The investigation alleged that OneClass sent commercial electronic messages to promote its platform without obtaining the required consent from recipients. OneClass’ platform is used by post-secondary students to access student-created exam study guides, lecture notes and video tutorials.
OneClass also allegedly installed a computer program, namely the “OneClass Easy Invite Chrome Extension,” on the computer systems of post-secondary students between October and November 2016, without their express consent and setting out the purpose for which consent was being sought.
OneClass took corrective action once it became aware of the investigation and voluntarily entered into the agreement.
More details can be found on the CRTC’s Enforcement Actions page.
Staying Vigilant over COVID-19 Scams
CRTC staff continue to monitor scam activity related to the COVID-19 pandemic. In collaboration with Government partners, it is using its social media platforms to remind Canadians to stay vigilant against emerging scams related to COVID-19 and to ensure they have the information needed to report them.
Enforcement Measures
- 1 Decision
- 1 Undertaking
- 2 Warning Letters
- 257 Notices to Produce
- 17 Preservation Demands
- $100,000 payable under an undertaking
Payments and Penalties Under CASL
Since CASL came into force in 2014, enforcement efforts have resulted in nearly $1.4 million payable. Of this amount, approximately $730,000 is from administrative monetary penaltiesFootnote 1 and $668,000 from negotiated undertakings.
Complaints to the Spam Reporting Centre
Between April 1, 2020 and September 30, 2020
That’s over 5,421 per week.
Approximately 4,176 of these complaints were submitted using the online form, which represents only about 3% of total complaints. The remainder of complaints were sent by email at spam@fightspam.gc.ca.
The CRTC encourages Canadians to use the Spam Reporting Centre’s online form to provide as much information as possible about potential CASL violations. The information provided by Canadians is an essential part of the intelligence the Spam Reporting Centre gathers on spam and electronic threats. Each report is valuable and helps us to enforce CASL.
Canadians need to stay vigilant to protect themselves against different sources of spam.
Sources of spam (reported through online form)
Long description:
- Email: 73.7%
- Text message (SMS): 15.2%
- Instant message (IM): 1.4%
- Unspecified: 9.7%
Deceptive marketing practices have been reported in COVID‑19 related scams
Reasons why Canadians complain
Long description:
- Lack of Consent: 47%
- Identification of Sender: 20%
- Software and Malware: 4%
- Deceptive Marketing Practices: 17%
- Other: 12%
Between April 2020 and September 2020, more than 49% of the messages reported to the SRC were related to affiliate marketing or legitimate businesses selling or promoting the sale of a good or service.
The top five types of scam emails reported to the SRC during this period were associated with: (1) Unexpected Money; (2) Dating scams; (3) Impersonation of a Private Entity; (4) Extortion; (5) IT & Computer scams.
Outreach
Outreach and engagement activities are a critical means to help legitimate businesses, including marketers and email senders, with their compliance efforts under CASL.
The CRTC Compliance and Enforcement team participated in 13 virtual engagement activities with companies, associations and organizations to raise awareness about the application of CASL to unsolicited communications. The Chief Compliance & Enforcement Officer participated in a virtual “fireside chat” with email marketers at the Canadian Email Summit, sharing compliance guidance and lessons learned from recent enforcement actions.
The CRTC continues to leverage online platforms such as social media, webinars and podcasts to disseminate compliance information and guidance to support businesses. During this period, CRTC staff updated available guidance on section 8 of CASL, following the OneClass investigation described above.
Partnerships
A collaborative effort is required to have a systemic impact in the Canadian cyber-ecosystem. In Canada, the CRTC cooperates other law enforcement agencies at various levels of government, as well as with the Canadian Centre for Cyber Security, the National Cyber Crime Coordination Unit at the RCMP, the Canadian Anti-Fraud Centre, and other government agencies. In addition, our partners in the private sector provide support to developing a picture of the threat landscape, and contribute directly to the success of complex investigations.
The CRTC has also forged partnerships with organizations across the globe in order to better fulfill its mandate. The CRTC is part of the Unsolicited Communications Enforcement Network (UCENet). Members from over 26 countries work together to promote international spam enforcement cooperation and address problems relating to spam and unsolicited telecommunications.
Collaboration with International Partners
Long description:
Canada (CA)
Memorandum of Understanding:
- Competition Bureau (CB) and Office of the Privacy Commissioner (OPC)
- Consumer Protection Authority of British Columbia
Enforcement Collaboration:
United States (US)
Memorandum of Understanding:
Enforcement Collaboration:
United Kingdom (UK)
Memorandum of Understanding:
Information Commissioner’s Office (ICO)
Japan (JP)
Memorandum of Understanding:
Ministry of Internal Affairs and Communications
Australia (AU)
Memorandum of Understanding:
Australian Communications and Media Authority (ACMA)
Enforcement Collaboration:
Australian Federal Police (AFP)
New Zealand (NZ)
Memorandum of Understanding:
Useful Resources
Check out recent fraudulent activities reported to the Canadian Anti-Fraud Centre.
Looking for cyber safety tips?
Office of the Privacy Commissioner of Canada
Frequently Asked Questions about CASL
Information Bulletin - Guidelines on the Commission's Approach to Section 9 of CASL
- Date modified: