CAN-SPAM

CAN-SPAM, TCPA and CASL – Best Practices for Marketing Teams

Using digital communications to reach customers has never been more popular, especially as the pandemic pushes more businesses to make consumer interactions contactless. From email to SMS, marketing teams have taken business online—but doing so brings a specific set of risks regarding data security and privacy. It is easy to get tripped up if you do not have a good grasp of the basic legal guidelines that govern commercial emails.  

In the U.S., the most relevant law when launching a digital marketing campaign is CAN-SPAM. This law sets the rules that all companies need to follow when sending marketing messages via email. The Telephone Consumer Protection Act of 1991 (TCPA) covers SMS messages and phone calls. Canada’s Anti-Spam Legislation (CASL) covers digital communications originating in that country. If you are wondering why businesses should be paying attention to these regulations, take note: according to the FTC, each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $43,280.

What Kinds of Emails are Regulated?

Under CAN-SPAM, the rules only apply to commercial emails (or Commercial Electronic

Messages (CEM) under CASL). These are messages sent with the purpose of advertising or promoting a product or service. When evaluating the overall purpose of an email, it is important to look at the content of the message, hyperlinks and even contact information. In general, ask if the message:

• Includes offers to purchase, sell, barter or lease a product, goods or a service

• Includes offers to provide a business or investment opportunity

• Promotes a person who can do any of the above things

If the email contains both commercial sales promotion and transactional information (a receipt, a confirmation, notifications about an existing subscription or service, etc.), then the email is regulated if the recipient would regard the primary purpose of the email to be commercial in nature.

What About Social Media and Text Messaging?

Messages transmitted via social networking sites is a bit of a grey area. Some federal courts have ruled that CAN-SPAM’s definition of “electronic mail message” includes messages transmitted to a social network user’s inbox, news feed or wall. It is also important to check the terms and conditions of each social media platform you intend to use – many have limits on how marketers can use them.

And because social media, email and SMS marketing are all intertwined, it is important to note that the TCPA restricts telephone solicitations and the use of automated phone equipment. It lays out very strict solicitation rules that require explicit customer consent for commercial SMS messages.

Basic Guidelines for Sending Commercial Emails

If you are ready to draft commercial email campaign, these 7 basic guidelines outlined by the FTC are a good place to start:

1. Don’t use false or misleading header information in the “From” and “To” lines.

2. Don’t use deceptive subject lines.

3. Identify the message as an ad.

4. Tell recipients where you are located.  

5. Provide a clear way to unsubscribe.  

6. Honor opt-out requests promptly.

7. Monitor contractors or vendors working on your behalf.  

It is important to note that in Canada, marketers must have consent for both commercial email and text messages. If not, you need to send an email requesting express consent or find another way for the recipient to opt in to receive future emails or text messages. Acheck box at checkout or on your website is not sufficient.

Additional Resources For Marketing

Many businesses, regardless of size, leverage some form of marketing on a regular basis to market and communicate with their client population. Whether its regular email marketing newsletters or text messages designed to communicate and market to your customers, there are some best practices that we at Beckage recommend following.  Our attorneys are also technologists and certified privacy professionals.

Additionally, our experienced team at Beckage helps client navigate those rules and any other similar regulations as your organization’s data security and privacy program is evaluated from a compliance standpoint. There are many low-cost, high-impact protective measures that can be implemented with the assistance of counsel to make sure your business has a legally defensible compliance posture.

*Attorney Advertising: Prior results do not guarantee a similar outcome.

Subscribe to our newsletter.