Kellogg has become the latest big brand to pay for alleged violations of CASL. The notice on the CRTC’s website says very little, other than that messages were sent by Kellogg and/or its providers over the course of a couple of months in 2014 to recipients who had not provided consent. Kellogg agreed to pay $60,000 and update its compliance program.
As with previous undertakings, there is no indication of how many alleged violations occurred. However, the actual undertaking does reveal that the CRTC received six complaints about the emails, which works out to $10,000 per complaint. For now, this is the closest thing to any sort of metric to gauge the cost of violations (yes, this is meaningless).
Clearly a mistake was made. As a large, conservative brand, it is inconceivable that Kellogg would knowingly choose to upset potential consumers of its products by sending email without consent. It appears that the company did have written policies and procedures in place (which they are required to update), though apparently no training programs.
More detailed information about these undertakings would be very helpful helpful. Senders are sufficiently concerned about CASL, and a lot of time and money has been invested in compliance. But it is never as simple as flipping a switch, and questions often arise about how much to invest in policies, procedures, and training, and how detailed they need to be. Mistakes will happen to even the most diligent senders.