Review this information about the key email and data protection regulations for organizations that engage in email marketing.
The eec Global email marketing compliance for January 2016
United States federal law: CAN-SPAM compliance
In the United States, the Federal anti-spam law is called Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). Marketers must comply with CAN-SPAM to legally send marketing email. Violators can and have been successfully sued by the FTC.
To be in compliance, marketers must follow the requirements for every email sent:
- The headers of the commercial email, which indicate the source, destination, and routing information, must not contain materially false or materially misleading information.
- The subject line must not contain deceptive information.
- The email must provide clear and conspicuous identification that it is an advertisement or solicitation.
- The email must include some type of return email address that can be used by recipients to indicate that they no longer want to receive email from the sender.
- The email must contain clear and conspicuous notice of the opportunity to opt-out of receiving future emails from the sender.
- The email must not be sent after the sender receives notice that the recipient opted-out.
- The email must contain a valid, physical postal address for the sender.
How does Acoustic Campaign comply with CAN-SPAM regarding wireless device messaging?
- CAN-SPAM required the FCC to create regulations regarding wireless device (such as a cell phone)
- In 2004, the FCC issued regulations that require senders to receive Express Prior Authorization before they send messages to wireless device domains. These regulations make provision for the establishment of a wireless device domain registry.
- Unless senders receive Express Prior Authorization from recipients with email addresses in the designated wireless domains, they must cease all commercial emails to them or risk substantial fines from the FCC.
- Acoustic Campaign added all the wireless device domains in the FCC registry to the
organization-level domain suppression lists for all clients in 2005.
- This action disables all outbound emails to these domains.
- A list of these domains can be found at Domain Name Downloads.
Canadian law: CASL
Canada's Anti-spam Legislation (CASL) is complex and aggressive anti-spam legislation in Canada. Senders must comply with CASL if email is sent to a Canadian domain or user or is transmitted through Canada.
The major difference between CAN-SPAM and CASL is that, under CASL, a sender must have permission from the recipient to send them email.
The following issues are the major highlights of the Canadian anti-spam law:
- Senders must have consent from the recipient to send them email. Consent can be implied in some circumstances, which can be found in the text of the law.
- Senders must clearly identify themselves or their company in the email. If the email is sent on behalf of another entity, that entity also must be identified.
- The email must contain a functional unsubscribe mechanism that does not require payment and must be processed immediately.
Other anti-spam laws
European privacy and anti-spam laws vary by country and most are stricter than CAN-SPAM. European laws often require explicit opt-in and special protections for Personally Identifiable Information (PII). Also, the definition of PII varies by country.
It is prudent for senders to research the laws of any country in which they conduct business because violations of those laws can be expensive. Consult a lawyer if you are in doubt.
For more information about CAN-SPAM, see the following information:
For more information about CASL, see the following websites:
For more information about other anti-spam laws, see the following websites:
- Email Legislation by Country is wiki article that lists spam laws by country, current as of January 2016.
- EU Privacy and Electronic Communications Directive provides access to the full text of Directive 2002/58/EC on data protection and privacy. Article 13(1) deals specifically with the issue of unsolicited commercial email.
- UK Information Commissioner’s Office Regulations 22 & 23 provides information about the United Kingdom’s regarding electronic mail. This office can dispense fines up to 500,000 pounds for serious breaches of privacy.