www.lexpert.ca/usguide | LEXPERT • June 2018 | 67
fertile ground for class-action lawsuits,
especially given the statutory damages al-
lowed for under the law.
"I don't think we're going to see exten-
sive legislative reform," says Molly Reyn-
olds, senior associate at Torys LLP in To-
ronto, who focuses on privacy litigation
and anti-spam.
While many companies get external
advice on CASL, much of the day-to-day
compliance is handled in-house and inter-
preting it has been perplexing for many.
But just because the PRA has been put on
hold doesn't mean it's gone away or that
the government is backing off on CASL
enforcement, say lawyers who advise on
the issue.
"Even though the private right of action
has gone away for the moment, companies
are aware of the regular enforcement by the
CRTC [Canadian Radio-television and
Telecommunications Commission] and
they are working on making sure their
marketing departments comply," says
Steve Szentesi of Szentesi Law Corpora-
tion in Toronto. "However, I'm not seeing
a lot of awareness among US companies."
Reynolds says there are a few lessons
learned from the first three years of CASL
where in-house counsel could be re-focus-
ing their efforts in the regulatory enforce-
ment area. For example, record keeping
can be the easiest problem to solve, but it
takes internal resources and time to create
a proper record-keeping system.
"Organizations really should be keep-
ing a database on when they received the
consent and what the basis for the con-
sent is for every person on their email
list," says Reynolds.
With every enforcement action that
comes out, and there have been nine
so far, Tricia Kuhl of Blake, Cassels &
Graydon LLP in Montréal says there is
"a bit more clarity" as to how the CRTC
is enforcing the law. "We're able to pro-
vide more specific guidance on what is
considered compliance. We also advise
our clients on what might be considered
a best practice and what might be con-
sidered acceptable practice."
Under the CASL regime, it's easy for a
recipient to send a complaint to the spam
reporting center, but for many organiza-
tions, that won't be the first step — the
individual will hit the unsubscribe button
first, so it had better work.
Experts say the regulatory investiga-
tions have been largely fueled by the vol-
ume of complaints the CRTC receives
about an entity. "If organizations spent
a bit more time arming their customer-
facing employees with how to respond
and internally how to fix issues for those
who don't want to receive messages, they
could actually be lowering the complaints
significantly and lower risk of getting an
investigation," says Reynolds.
Another area where CASL is rearing
its ugly head is in mergers and acquisi-
tions and the amount of focus on CASL
compliance during diligence question-
naires and management calls in the
M&A process.
To mitigate that risk, the solution
comes back to the same steps organiza-
tions should be taking for compliance
and to protect themselves against regu-
latory investigations.
"In many cases, the concern isn't that
the organization has been subject to a
CRTC investigation but that they cannot
prove their compliance through sufficient
documentation," says Reynolds.
What she's seeing as a consequence is
buyers asking for specific CASL com-
pliance reps (representations), which is
more specific, and on the seller side more
concerning, than the typical compliance
with applicable law representation or
material compliance.
2. Privacy:
data breach notifications
In September 2017, the federal govern-
ment released proposed text for regula-
