CAN-SPAM Compliance: Practice Makes Perfect
Applicability. CAN-SPAM applies to all commercial e-mails, not just those that are unsolicited. There is no exception for pre-existing business relationships, common under state laws. But if your e-mails are "transactional or relationship" in nature, compliance with many CAN-SPAM requirements is not necessary. This applies to e-mails that, for example, are sent to complete the sale of goods. The law does not prohibit inclusion of upsell or cross-sell materials as long as the main purpose of the e-mail is a "transaction."
Opt-out requirements.CAN-SPAM requires an opt-out mechanism in any commercial e-mail, and all opt-out requests must be honored within 10 business days. However, if an entity has separate lines of business or divisions and holds itself out in an e-mail as that separate division, then only that division is seen as the "sender" under the law. In such an instance, an opt out applies only to that sender.
For example, BMW handles credit cards, leases, loans, new-car sales and pre-owned car sales. Are these separate lines of business under CAN-SPAM? It is critical that you understand your options in managing opt outs in such circumstances.
Five simple steps toward compliance. Compliance does not have to be difficult in most cases. Here are five easy steps you can take toward compliance:
· Ensure that you, the advertiser, are identified in the from line.
· Do not use misleading subject lines.
· Include an opt-out mechanism and honor opt-out requests within 10 days.
· Include your valid physical, postal address.
· Somewhere in the e-mail, identify it as an ad if it is unsolicited.
The cost of violations. CAN-SPAM provides for penalties of $250 per each non-compliant e-mail with a cap of $2 million. Damages can be tripled for willful violations. But they also may be reduced if the violations occurred where the marketer had implemented practices aimed at compliance - one of many reasons to discuss CAN-SPAM with your attorney or a qualified e-mail privacy expert.
Database issues. Even if you have kept your e-mail system very clean, which is only the case in about 10 percent of e-mail databases out there, you will need to change the methods of handling e-mail opt ins and opt outs. Early on you will need to determine when to drop a customer from contact and how to treat prospects separately.
For example, a customer may wish to receive only certain information from your company, say, a newsletter. Also, it will become imperative to have clearly defined third-party and vendor agreements and procedures. A third party or vendor can get your organization in just as much legal trouble as if you had violated CAN-SPAM yourself.