The 2 Keys to Keeping Your Email Marketing Legal

privacy - Email Marketing & Legal Issues
Email spam.

This isn’t a “sexy” topic and it’s something that’s not on the radar of most small business owners who use email to communicate with their customers.

But doing it right will not only increase your email subscription and open rates, it’ll also eliminate the possibility of a hefty penalty (for example, each violation of the CAN-SPAM Act comes with a fine of up to $16,000, plus the possibility of prison time).

Every country has its own laws around email marketing (if you’re outside of North America, check your local laws) but the two main ones to be aware of (and follow!) have to do with privacy and spam. In both cases, the laws pertain to “commercial email.”

What’s a Commercial Email?

First, let’s get clear on what a “commercial email” is and isn’t.

Here in the USA, the Federal Trade Commission defines it as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites, business-to-business email, and messages to former customers announcing a new product or service. For more details, see the FTC website.

Canada has a similar definition – “a message that encourages participation in a commercial activity, including, but not limited to: offering, advertising or promoting a product, a service or a person.” You can find the details about Canada’s Anti-Spam Legislation (CASL) here.

Basically, any business emails that aren’t purely transactional emails, such as invoices and receipts, could be considered to be commercial emails.

To be safe, think of it this way – ALL email you send out to customers or potential customers (other than transactional emails), must comply with anti-spam and privacy laws.

What Does the Law Say About Email Privacy?

The US doesn’t have one law that applies to everyone. However, the most stringent law is found in California. This law is also similar to the privacy laws in Europe, the UK and Canada so it’s safest (and better for your email subscribers) to follow the California law.

How to Stay Within the Privacy Laws

Whenever you collect ANY information about a person online, including the email address of a subscriber, California law requires that you disclose:

  • The kinds of information you’re gathering about subscribers
  • How the information may be shared with other parties
  • The process the subscriber can follow to review and make changes to the information you have on them
  • The policy’s effective date and a description of any changes since then

Why You Need a Privacy Policy

To comply with the above laws, you’ll need to create a Privacy Policy that is prominently displayed on your website, including when someone signs up to receive your emails.

A Privacy Policy is a legal document that covers how subscriber data is collected, used, managed, and disclosed. The Privacy Policy also sets out how this information will be protected.

Your Privacy Policy should cover:

  • What information you’re collecting
  • Why you’re collecting it
  • What you’ll use the information for
  • How you’ll keep the information secure
  • When you might release the information, and to whom – including whether third parties can collect personally identifiable information on their website
  • How your customers/subscribers can amend or correct the information you hold on them
  • The dispute resolution procedures that are in place if there is a disagreement
  • And, if you’re tracking a subscriber’s online activities, you need to let them know how you’re dealing with “do not track” signals

There are some standard privacy notices that you can customize for your business. If you’re building your site in WordPress, Easy Privacy Policy has an excellent plug-in that can be easily customized for your company. Other good options include:

The best place to put this policy is on a separate page, with links to it in the footer of your site and directly under the opt-in box. Most people will never click on the link to the privacy policy but just knowing that it’s there makes them more likely to give you their email address.

The strongest legal protection (for you and your subscribers) is for you to include a checkbox on the opt-in form asking people to confirm that they agree to the terms of your privacy policy before they subscribe. Another option is to include a statement saying something like “By subscribing to this newsletter, you agree to the privacy policy and terms of use.” That works if the only people on your email list come from an online form but, realistically, that’s not how most of us build our email list.

What Does the Law Say About Email Spam?

It's pretty straightforward - don't send spam!Click To Tweet

But what’s considered to be “spam”?

Spam is any commercial email someone receives to which they have not given “affirmative” or “express” consent – meaning that they haven’t explicitly told you “yes, sure, send me your commercial emails.”

It’s not enough that they’re a customer or that they agreed to have you send them a proposal or a report. If they didn’t know they were agreeing to get other commercial emails from you, then anything of a commercial nature that you send them is a violation of the law (not to mention that you’re probably going to annoy the heck out of your “subscribers” and they’ll quickly unsubscribe!).

The best way to protect yourself is to use a double opt-in process for people who sign up online.

Do not ever, ever, ever add someone to your email list without them knowing. So if you gather business cards at a networking event, don’t add them unless you’ve asked them if they’d like to be on the list (that’s one of my pet peeves). Don’t add acquaintances, vendors or suppliers, old customers, friends without asking them first.

Don’t use a pre-checked opt-in box on your sign up forms (people need to have the option to opt IN, rather than being asked to opt OUT).

And NEVER buy an email list!

How to Stay Within the CAN-SPAM Act and CASL

If you always have the best interests of your subscribers in mind then complying with the law isn’t difficult – most of it is stuff you’d probably do anyway. Here’s what you need to do:

  1. Don’t use false or misleading header information. Make sure the “From,” “To,” “Reply-To,” and routing information clearly identify you.
  2. Don’t use deceptive subject lines. Click bait and subject lines designed to trick people into opening an email just won’t cut it.
  3. Identify the message as an ad. If your message is an advertisement, say so. And make sure people can easily see your disclaimer.
  4. Tell recipients where you’re located. Your message must include your valid physical postal address (a P.O. Box or private mailbox is OK).
  5. Tell recipients how to opt out of receiving future email from you. The best way to do this is to have an easily-visible ‘Unsubscribe’ link or button on every email, but asking people to reply to the email with the word “unsubscribe” is also acceptable. Make it easy for them!
  6. Honor opt-out requests promptly. You must take the person off your list and stop sending them email within 10 business days.
  7. Monitor what others are doing on your behalf. If someone is sending emails on your behalf, you both need to comply with the law.

Can You Use “Forward to a Friend”?

You’ve probably heard the advice to include a “Forward to a Friend” link in your emails. The problem with that is that you have no control over who’s getting your commercial email – and they may not want to receive it. They certainly haven’t given you consent.

It’s still a bit of a grey area in the US but if any of your subscribers are in Canada or if they might forward your email to someone in Canada, you cannot include a “Forward to a Friend” link.

The Bottom Line

It’s not complicated to comply with the CAN-SPAM Act and CASL but it does take some work to ensure that your email is set up correctly, you’re getting affirmative consent, and that you’re covered by a strong Privacy Policy.

Doing it right builds customer/subscriber confidence and goodwill. It protects you and your company from potentially huge fines (and even jail time).

And, best of all, it means that your emails are going to people who actually WANT them so they’re more likely to open your emails and click on links. 

Now over to you – What have you done to comply with the laws around spam and email privacy? Let me know in the comments below!

[activecampaign form=7]

4 Comments

  1. Jack on September 21, 2016 at 5:48 pm

    That is a very paranoid and radical article. You say “Do not ever, ever, ever add someone to your email list without them knowing”. That just doesn’t seem factual. I think it is allowed as long as you adhere to the rules of what information is contained in the email, and you have an unsubscribe option.

    • Monica Hemingway on October 19, 2016 at 11:39 am

      I suppose “paranoid and radical” is a matter of perspective 🙂 I believe that a business is more likely to enjoy long-term success if they treat customers and prospects well. Unsolicited commercial email generally isn’t something prospects want or like. So don’t do it. Pretty simple.

    • Monica Hemingway on October 19, 2016 at 11:37 am

      Technically, that’s true. The law doesn’t require people to opt in before you send them commercial emails – as long as those emails meet the requirements of the law (e.g., conspicuous opt-out link, physical address, etc.). However, I still don’t recommend buying lists or just adding people to your list without their knowledge and consent. While you may be within the law in doing so, many recipients don’t take kindly to receiving that kind of unsolicited email and will quickly hit the “spam” button. The result is that your ESP will shut down your account if you get too many spam complaints, and ISPs won’t deliver the emails. In the end, you wind up hurting yourself in the long run for a potential short-term gain. If you’re trying to be a reputable business that’s in it for the long haul, then I don’t believe it’s worth it.

Leave a Comment