Eric Dolden, founding partner with the Canadian law firm of Dolden Wallace Folick, provided details of Canada’s anti-spam legislation (CASL) that went into effect last year, during an interview with Claims Journal.
One CASL exposure includes mass distribution of electronic emails.
“Several years ago the federal government enacted legislation that regulates all electronic communications in Canada. It addresses a wide range of potential offenses, for example sending out an email to someone without their prior consent to do so,” said Dolden. “Sending out spam to people from whom you don’t have consent can give rise to claim for damages. That’s one practice that’s carefully regulated.”
The legislation also regulates such electronic practices as phishing and botnets, he said.
In mid 2017, the statutory damage provisions will go into effect, said Dolden. If breached, directors and officers will have to pay administrative or criminal penalties. More importantly, it allows claims to be made for damages.
Directors could be held personally liable for up to $1 million in damages, while corporations could be held liable for up to $10 million in damages for offenses under the act.
Another potential exposure could occur if a company becomes victim to a phishing expedition.
“In the sense that you operate a hotel chain and a hacker goes in and tries to simulate your website and uses credit cards of people believing it to be your site. The legislation’s broad terms gives rise to the specter of joint and civil liabilities,” said Dolden.
He added that the hacker that created the phishing site, along with the true organization, could be held jointly liable.
“That can give rise to damage exposure. There is a due diligence defense under the act, but all indications are organizations are going to have a high level of security in order to have a successful defense in the event something like that were to occur,” said Dolden.
The impact of the new regulation thus far has been to curtail mass distribution of electronic emails.
“I think it’s ensured that corporate Canada is more careful in how it handles electronic communications. They report that in the first six months there were some 4,000 complaints, by and large by consumers who felt that many organizations were bombarding them with emails that were unwanted,” said Dolden. “I think that’s curtailed that level of activity. I think that most business organizations in Canada have improved the process for obtaining people’s consent before they send the email to them.”
Several countries have anti-spam laws, including Australia, Singapore and certain countries within the European Union.