Yuexin International Logo
North America Industry compliance

Canada Tightens Liability for Outsourced Telemarketing

This matters to marketing, compliance, and vendor-management teams running outbound calls, text-led lead generation, and customer contact into North America because Canadian enforcement is continuing to push liability upstream to the brand and outsourcing chain, not only the frontline sender. In March 2026, the CRTC issued a notice of violation against iTalk Global Communications and highlighted internal do-not-call retention and identification obligations. For cross-border messaging and contact programs, outsourcing no longer functions as a practical compliance shield.

Published:05/30/2026 Updated:05/30/2026

1. Regulatory focus

On 11 March 2026, the CRTC issued a Notice of Violation to iTalk Global Communications with a penalty of CAD 56,800, tied to conduct between 19 April and 31 October 2024 under the Unsolicited Telecommunications Rules. The decision did not rely on a vague anti-spam theory; it pointed to concrete obligations in Part III, section 8 on maintaining an internal do-not-call list and section 23 on caller identification and valid contact information. The CRTC’s enforcement process also makes timing operationally relevant: a recipient of a notice typically has 30 days to pay or make representations.

2. Business impact

For teams relying on agencies, BPOs, lead generators, or CPaaS-enabled outbound flows, the operational takeaway is that regulators will test whether you preserve do-not-call requests, expose a valid callable number, and can show ongoing oversight of vendors. Even if your broader program is centered on OTP, billing reminders, or customer care, the moment a flow includes callbacks for upsell, reactivation, or lead conversion, it can fall into telemarketing territory. If internal suppression lists are stale, if DNCL-related controls are not refreshed, or if vendors fail to maintain valid contact points, complaint risk escalates quickly from the supplier layer to the brand.

3. Operating recommendations

A practical control model for Canada should work in three layers. First, classify campaigns strictly between OTP, service messaging, and telemarketing so the same number pool or workflow does not drift across categories. Second, synchronize the internal do-not-call list, DNCL subscription status, and vendor suppression files on at least a daily basis, while retaining do-not-call evidence for the rule-based period of three years and fourteen days. Third, sample scripts, landing pages, and message footers to confirm that the phone number, email address, or mailing address remains valid for at least 60 days after contact. If lead generators are involved, place liability allocation, evidence retention, and complaint-escalation deadlines into the master contract and SLA.

Frequently Asked Questions

If most of our traffic is notification messaging, can a small callback workflow still be treated as telemarketing?
Yes. The decisive factor is the purpose of the contact, not the label on the broader program. If a callback includes solicitation, upsell, lead conversion, or reactivation, treat it as telemarketing. Keep separate records for scripts, triggers, lead source, and offer logic, and apply DNCL, internal do-not-call, and identification controls rather than relying on notification-message governance.
How long should internal do-not-call records be kept, and how frequently should vendor suppression lists be synced?
The CRTC rules require a consumer’s name and telecommunications number to remain on the internal do-not-call list for three years and fourteen days after the request. In practice, daily synchronization is safer than weekly updates. Preserve sync logs, define a single source of truth across CRM and contact platforms, and prevent old campaign files from reintroducing suppressed numbers.
Can we shift complaint and penalty risk to a lead generator or offshore vendor through outsourcing?
No. Outsourcing is not a dependable liability firewall. The CRTC’s compliance guidance expressly warns that a client can face vicarious liability for a lead generator or other third party acting on its behalf. Your contract should cover proof of consent or lead source, do-not-call feedback deadlines, retention of recordings and logs, display of valid contact details, and a short response window for regulator inquiries.

Sources

This article is for informational purposes only and does not constitute legal advice.

Related products

International SMS International Voice

Related articles

Europe · Industry compliance
EU DMA Pushes Device Transfer and eSIM Interoperability

Need compliance guidance?

Contact us for guidance on target markets, message scenarios, and sending routes.

Get in Touch