Good morning.
Thank you, Mr. Chair, for inviting us to appear before your committee to share the Canadian Radio-television and Telecommunications Commission's, the CRTC's, experience with Canada's anti-spam legislation, CASL.
With me today are my colleagues Kelly-Anne Smith, senior legal counsel, and Neil Barratt, the director of electronic commerce enforcement.
This is our first opportunity to discuss the act with you since its introduction, so I think it would be helpful to provide a high-level overview of our responsibilities under CASL.
The legislation gives the CRTC the authority to regulate certain forms of electronic contact to provide Canadians with a secure online environment, while ensuring that businesses can compete in the global marketplace.
The fundamental underlying principle is that activities can only be carried out with consent. CASL is an opt-in regime. This means that consent must be obtained before sending commercial electronic messages, altering transmission data, or installing software. Commercial electronic messages, whether email, text message, or other format, must contain an unsubscribe mechanism that is clearly and prominently set out and readily performed. This allows recipients to withdraw their consent if they no longer wish to receive messages. Messages must also identify the sender or the person on whose behalf the message is being sent and contain contact details such as an email address, mailing address, and website.
Our objective is to promote and ensure compliance with the act. During the past three years, the CRTC has made it a priority to offer information sessions across the country and publish guidance materials for businesses, consumers, and the legal community. For example, my staff and I delivered six information sessions last May in Toronto to more than 1,200 businesses. These presentations help to raise awareness among businesses of their responsibilities when marketing products and services to Canadians and allow us to share lessons learned from investigations. As we do in every seminar, I made it clear that the CRTC is available to offer advice and support to help businesses comply with the act.
We also promote CASL to Canadians through our website, interactions with consumer groups, and on the phone and by email with our client service specialists. Consumer alerts are published on our website to warn Canadians of non-compliant online practices so they are aware and report any suspected violations. We want Canadians to report violations, and they are doing so, in great numbers.
The CRTC acts on the complaints it receives and has a number of tools to bring individuals and businesses into compliance, including the issuance of notices of violation, with accompanying administrative monetary penalties.
We look at a variety of factors to determine what the appropriate enforcement action should be. Our compliance approach includes interventions ranging from education to enforcement.
Our options include a warning letter regarding a minor violation requiring corrective action. We can also issue a notice of violation. This enforcement measure often includes an administrative monetary penalty.
We also enter into undertakings with parties who voluntarily agree to come into compliance. This often means that the party implements a corporate compliance program to prevent future violations. It can also entail paying a specified amount, although this payment is not considered an administrative monetary penalty. This has been a particularly useful tool, as we have reached undertakings with several parties that co-operated with our investigations.
Depending on the nature of the violation, the CRTC can impose up to $1 million per violation in the case of an individual, and up to $10 million per violation in the case of other persons, for example, corporations. We also have the authority to seek a judicially pre-authorized warrant to enter a residence or business to verify compliance with the act or determine if a violation of the act has occurred.
The CRTC has had success enforcing the legislation in the short time that it has been in force. For instance, along with national and international partners, in December 2015 the CRTC took down a command-and-control server disseminating spam and malicious malware, located in Toronto, as part of a coordinated international effort. This disrupted one of the most widely distributed malware families, which had affected more than one million personal computers in over 190 countries.
Of course, in today's interconnected world, spam and other electronic threats are not confined to Canada. One of the tools Parliament provided the CRTC is the ability to share information and seek enforcement assistance from our international counterparts. To date, the CRTC has entered into agreements with enforcement agencies in the United States, the United Kingdom, Australia and New Zealand.
Internationally, we also co-operate with partners through the Unsolicited Communications Enforcement Network, or UCENet. The purpose of this network is to promote international spam enforcement co-operation and address related problems such as online fraud and deception, phishing, and the dissemination of viruses.
Through UCENet, the CRTC has signed a memorandum of understanding with 12 enforcement agencies from eight different countries. We share our knowledge and expertise through training programs and staff exchanges and inform each other of developments in our respective countries' laws.
Domestically, CASL allows us to share information and co-operate on investigations with our partner enforcement agencies, the Competition Bureau and the Office of the Privacy Commissioner. In 2013, the CRTC signed a memorandum of understanding with our partners to facilitate co-operation, coordination, and information sharing. However, there are limited tools within CASL to allow the CRTC to share information with other domestic law enforcement and cybersecurity partners.
Working with our partners, we are better equipped to ensure that people who distribute commercial messages, domestic or foreign, comply with Canada's anti-spam legislation.
Mr. Chair, I'm not suggesting that the act is perfect. I suspect that you will hear a lot of suggestions about what needs fixing from the various witnesses who will address the committee in the months ahead. The CRTC would welcome the opportunity to appear before your members again before you wrap up your review and begin writing your report. We will closely follow the proceedings and can provide feedback on the ideas you may hear and respond to any questions you may have about what will or will not work.
As you and the members of the committee are aware, legislation must be enforceable in order to be effective. As you conduct your review, it is important to keep in mind that CASL has been in force for a relatively short period of time and covers a broad range of activities. The activities and ensuing investigations under the act are complex, and we have yet to fully apply the legislation.
We now welcome any questions you may have.