Site icon Sophos News

Canada’s anti-spam law gets first success with $1.1m fine

Canada’s fledgling anti-spam laws have brought their first success, with a $1.1 million fine levied against a Canadian business training firm.

The firm featured in 26% of the complaints in its industry sector, from a grand total of almost 250,000 complaints received under the system since its launch last July.

The Canadian Radio-television and Telecommunications Commission (CRTC), which operates Canada’s spam regulations, found that Quebec-based Compu-Finder had made four violations of the anti-spam regulations, including sending bulk mails to addresses without proper consent and failing to provide functioning unsubscribe systems.

Canada’s anti-spam laws were a long time coming, with repeated postponements, delays and revamps going back well over five years.

When they finally came into force in 2014, there was much debate over whether the new regulations were too strict, or whether a three-year grace period for those with existing relationships with the targets of their spamming was in fact too lenient.

Confusion over the implications of the laws even led Microsoft to blame Canada for changes to the way they issued Patch Tuesday alerts.

The regulations permit companies to continue sending bulk mails to people with whom they have an “existing relationship”, which would include having previously spammed their addresses prior to the start of the enforcement period on 01 July 2014.

This “implied consent” relationship is considered terminated if the spam recipient makes use of an unsubscribe option, or at the end of the grace period in July 2017.

In the case of Compu-Finder, it would appear that several of these requirements have been ignored, with local reports claiming that the company has built up a reputation for aggressive spamming since at least 2008.

A spokesperson for the CRTC said the firm had “flagrantly violated the basic principles of the law” by continuing to send spam to email addresses gathered using web-crawlers.

The $1.1 million fine levied seems relatively lenient given the $10 million maximum under the regulations, but should be seen as a good first step for the CRTC.

As section 20(2) of the CASL states:

The purpose of a penalty is to promote compliance with this Act and not to punish.

Hopefully any other Canadian firms or citizens considering spamming their fellow countrymen will take the $1.1 million message to heart and make sure they send their bulk mails in a responsible and compliant fashion.

Further regulations, covering the installation of software without proper consent, came into force in January, and we look forward to seeing what impact that has on a range of devious and indeed downright malicious online activities.

Exit mobile version