After receiving multiple emails from a company that exposed my email address to others and ignored my requests to be removed from the mailing list, I’m making my first complaint for a violation of Canada’s anti-spam legislation (CASL).
It happened for the first time on July 29. Security software vendor AVG Technologies sent me and roughly 499 other people an email. I knew hundreds of other people received the same email because their names and email addresses were clearly visible. I suddenly had access to contact information that never should have been shared.
Beyond AVG’s actions being in direct violation of CASL, which came into effect July 1, I thought the mishap was in extremely poor taste. Many of the people on that list are my competitors in IT services. I assume they didn’t enjoy having AVG reveal their identities either.
CASL regulations forbid the sharing of private information, like names and email addresses.
I sent a reply-all email to the entire mailing list to inform them of the mistake. I also contacted AVG and was assured it wouldn’t happen again and that I would be removed from the list. I asked to speak to a member of the management team, but that request was not granted.
A second violation
It happened again on Sept. 16. I received another email blast as one of roughly 500 people whose names and addresses were again visible. AVG clearly hadn’t removed me from their list and apparently hadn’t learned anything from the first incident. Nowhere in the email was there an unsubscribe button, another CASL requirement.
There’s no excuse for a big company like AVG to be ignorant of CASL regulations, particularly because it claims to specialize in security and privacy. Even if there was some confusion after the new rules came into effect at the beginning of July, three months is plenty of time to review the new rules, consult a lawyer and adjust email marketing tactics.
Thousands of other business have made the shift. I received a flurry of emails from companies in the days before July 1, asking me to confirm my subscriptions to blog posts, newsletters and email blasts. I undertook the same thing with my own IT support blog, and asked my clients and acquaintances to confirm that they wanted to continue receiving email from me.
It meant losing some people from my list. But I know the ones who did resubscribe are engaged by the content I offer and happy to hear from me. Most importantly, I have their consent and I don’t abuse that — ever.
Protection from unwanted communication
CASL regulations are meant to protect Canadians from spam and other unwanted electronic communications. It’s not a perfect system but big companies like AVG should be taking the lead and setting an example. As a global corporation, it has responsibility to know the law in specific countries.
I plan to report AVG because I need help resolving this issue. Thousands of complaints have already been filed with the CRTC over businesses that aren’t complying. The consequences could be huge. Fines could total as much as $10-million for a single violation after the end of the transitional period.
I reached out to AVG to let them know I’d be writing this piece. Here is the response I received:
“Thanks for your time by phone earlier. As we discussed, AVG is definitely committed to online security and we take our obligations seriously. We reviewed our procedures and have put safeguards in place to ensure this will not happen again. We are aware of our obligations under CASL as it applies to businesses and believe we are compliant. Again, I regret the circumstance and appreciate your partnership and your feedback.”