Yes. Companies heard about the legislation in 2014, before it came into force, because it received extensive media coverage. They even talked about a syndrome similar to the Y2K. Everyone expected to be hit with fines as of July 1 or 2. There was a wave of panic. In reality, not much happened and the syndrome faded away.
In May 2014, the CRTC published a newsletter that outlined specific requirements that had to be met in order to be able to use the due diligence defence, as set out in subsection 33(1) of the legislation. That provision stipulates that any business that establishes that they did what was necessary to comply with the legislation is safe from penalties in case of violation. In that newsletter, the CRTC specifies that, by “necessary measures”, it means a compliance program with eight requirement categories. The problem is that the newsletter was buried deep within the CRTC's website. It took most lawyers who specialize in the area two years to discover it. Fightspam.ca, the website that explains the legislation, makes no mention of that newsletter, and neither do the CRTC's public communications.
People know that they must comply with the legislation, but when they are told that they must have a compliance program, they wonder what that is.