Risk & Business Magazine CMW Spring 2017 | Page 29
CASL
“EVERY TYPE OF ORGANIZATION, FROM CHARITIES AND
NONPROFITS, SMALL BUSINESSES OR MULTINATIONAL
ENTERPRISES, CAN BE SUBJECT TO MILLIONS OF DOLLARS IN
PENALTIES, INCLUDING DIRECTORS, OFFICERS, AND AGENTS.”
type of organization, from charities
and nonprofits, small businesses or
multinational enterprises, can be subject
to millions of dollars in penalties,
including directors, officers, and agents.
Any individual or organization can
report a violation and initiate a CRTC
investigation by filing a submission to
the Spam Reporting Centre online. In
the case that a breach is confirmed, the
party found responsible can be fined $200
for each instance of it (a single e-mail
sent, as an example) up to a maximum
of $1 million per day of violation. In
many cases, a business that is forced to
defend against an action could incur legal
expenses that far exceed any fines that are
imposed. Even a suit that does not result
in a fine can cost the company hundreds
of thousands or even millions of dollars in
legal fees. The potential financial impact
is even higher when you consider the
possibility of class action lawsuits. In one
case, a large corporation voluntarily paid
a penalty up front rather than embark in a
costly fight.
WHAT CAN CANADIAN
ORGANIZATIONS DO TO PREPARE FOR
PRIVATE RIGHT OF ACTION?
The burden of proof lies with the
organization accused of violating CASL
to prove consent, even if there was a
business or nonbusiness relationship
between a sender and recipient prior to
Prepare for the
unexpected
the implementation of CASL in 2014.
Most organizations do not have the record
keeping systems in place to prove consent
in accordance with CASL. Lawyers also
have differing opinions on the legality of
different types of messages and activities.
If your organization hasn’t already
estab lished a formal policy and procedures
for complying with CASL, it will become
even more critical to do so once private
right of action comes into force. The
CRTC has published guidance online for
keeping records of consent and corporate
compliance programs. Visit fightspam.
gc.ca for more details about the legislation
and information on how to properly
comply. +
The perfect
complement to
a Commercial
General Liability
policy
Stolen company laptops, hacked online systems and lost customer
payment records can happen to any business. And, if any confidential
data is released, lost or exposed, you may need to spend resources
resolving the breach and restoring the reputation of your business.
Aviva, in partnership with IDT911, provides insurance that offers
coverage and risk management solutions to help you prepare for and
manage any issues in the event of a privacy breach.
Contact CMW/Capri Insurance today to find out more about Privacy
Breach coverage at www.cmwinsurance.com/www.capri.ca.
avivacanada.com
Insurance – Home | Auto | Leisure & Lifestyle | Business | Surety
29