CASL’s anti-spam sections came into force on July 1, 2014. Every organization that CASL affects should now be complying with it – and their directors and officers need to make sure they do. CASL opens directors and officers up to personal liability for violations of it, so every director and officer must think about limiting her personal exposure. Here are five steps to get that process started.
Director and Officer Liability. CASL expressly extends legal responsibility to both an organization’s directors and its officers. CASL says that an organization’s officers, directors and agents can be personally liable if the organization contravenes CASL, regardless of whether the Canadian Radio and Television Commission (the CRTC, the main agency charged with CASL’s administration) proceeds against the offending organization itself. To be personally liable, the officer, director, or agent must have:
Teeth. CASL gives the CRTC the teeth to back it up. Individuals and organizations that don’t comply with CASL risk significant penalties – any of which can be imposed or brought against an offending organization’s directors or officers personally:
Effective July 1, 2017, a person or corporation affected by a CASL contravention can bring a civil lawsuit against the offending person or entity – and seek remedies including monetary compensation and expenses. The maximum penalties are $200 for each commercial electronic message contravention (to a maximum of $1M/day), and $1M for each day on which a software contravention occurs (CASL’s software sections come into force on January 1, 2015).
Due Diligence Defence. CASL does, however, provide a “due diligence” defence. So, when the CRTC seeks to impose personal liability on an
organization’s directors or officers for a CASL violation, they – or the organization itself – may be able to raise the defence that they exercised due diligence if:
Executive Compliance Program. Every organization that CASL affects needs a CASL compliance program. But directors and officers must ask themselves whether there are sufficient compliance mechanisms at the board and executive levels to avoid running into personal liability issues down the road: have the board and the executive taken all reasonable steps to prevent a CASL violation?
Designing and implementing an executive CASL compliance program specific to its directors and officers is a way to for them to exercise – and prove – due diligence to help protect them from personal liability under CASL. Here are five ideas to start that process:
McInnes Cooper has prepared this article for information only; it is not intended to be legal advice. You should consult McInnes Cooper about your unique circumstances before acting on this article. McInnes Cooper excludes all liability for anything contained in this article and any use you make of it.
© McInnes Cooper, 2014. All rights reserved. McInnes Cooper owns the copyright in this article. You may only reproduce and distribute it with McInnes Cooper’s consent. Email McInnes Cooper at firstname.lastname@example.org to request consent.
About the Authors:
David Fraser is a partner with McInnes Cooper and leads its Privacy Law and CASL Teams. David is recognized as a foremost Canadian technology and privacy lawyer and has extensive experience advising private and public sector clients on implementing compliance programs for Canadian privacy legislation, including CASL. You can reach David at email@example.com.