Mr. Chair, Canada's anti-spam legislation was never intended to eliminate all spam. Its objective is to deter the most damaging and deceptive forms of spam and other electronic threats such as identity theft, phishing and the spread of spyware and malware.
When it is alleged that a violation has occurred, the Chief Compliance and Enforcement Officer has a number of tools at his disposal to ensure the act is complied with.
Our enforcement tools include a warning letter to bring to the attention of the business a minor violation requiring corrective action, and a notice of violation, which is issued for more serious offences. The enforcement measures may include monetary penalties. Notices are also published on our website. We warn Canadians of illegal online practices so that they are aware and can report any suspected violations.
An undertaking, which is similar to a negotiated settlement or agreement with the other party, is where the company or individual undertakes to come into compliance. For instance, the party might need to implement a corporate compliance program and report on its activities, or it may have to pay a specified amount, although this payment is not considered a monetary penalty as such.
The chief compliance enforcement officer uses his discretion in selecting and applying the most appropriate enforcement response. Our goal is to ensure compliance with the law and to prevent recidivism.
Underpinning these enforcement tools are the CRTC's outreach and education program efforts. Before the law came into force, CRTC delivered information sessions to interested parties across the country to explain the new requirements and encourage compliance. To this day, we continue to undertake an education outreach program and share lessons learned from enforcement actions taken.
It's important to understand that administrative monetary penalties are just one part of our toolbox. Penalties tend to be used as a last resort after all other efforts have failed. While we have issued warning letters, monetary penalties have been reserved for the most egregious cases.
Depending on the nature of the violation, the CRTC has the authority to impose up to $1 million per violation for individuals. And up to $10 million per violation for a corporation or group. There are factors laid out in the legislation that we must take into consideration when determining the appropriate penalty.
The tools provided to us in CASL to protect Canadians are not limited to monetary penalties, of course. The chief compliance and enforcement officer also has the authority to seek a judicial pre-authorized warrant in order to enter a residence or business to verify compliance with the act.
For example, along with national and international partners, the CRTC took down a command and control server disseminating spam and malicious malware located in Toronto in December 2015 as part of a coordinated international effort. This disrupted the Win32/Dorkbot, which was one of the most widely distributed malware families and which had infected more than a million personal computers in over 190 countries.