With Canada’s anti-spam law now in effect, many are starting to ask about enforcement of the law. While no one should expect the law to eliminate spam, the goal much more modest: target the bad actors based in Canada and change the privacy culture by making opt-in consent the expected standard for consumer consents. The CRTC, the lead regulatory agency, has made it clear that the fear-mongering of million dollar penalties for inadvertent violations is not going to happen. Chair Jean-Pierre Blais recently stated:
punishment is not our goal. We are not going to go after every indie rock band that’s trying to sell a new release to its fans. We have much bigger fish to fry. The CRTC will focus on the most severe types of violations. This means you may still receive the occasional spam message after July 1st. Our principal targets are abusive spammers and interlopers involved in botnets and, come January, malware and malicious URLs. Our responses to complaints will range from written warnings up to financial penalties or court actions. Our objective is to secure compliance and prevent recidivism. I believe the best enforcement approach should be determined by the facts surrounding each particular case.
How will the CRTC identify abusive spammers? The government has established a Spam Reporting Centre that is currently accepting reports of commercial electronic messages sent without consent or with false or misleading content. Initial reports indicate that hundreds of complaints have been filed daily. The Centre clearly states that it will not investigate all submissions, but rather use the information to identify enforcement targets. The information will be retained for at least three years (or up to ten years if the subject of an investigation). Canadians can use a web-based form to file their report or simply forward their spam email directly to email@example.com.