Welcome to Sixty Seconds of Privacy™, an e-newsletter brought to you by the Privacy and Data Security practice group at Thelen Reid Brown Raysman & Steiner LLP. Each edition of this e-newsletter addresses one interesting legal development in the area of privacy and data security, in a brief "question and answer" format. Each edition is intended to be read in about a minute, yet will update you on an important development.
We pick the topics for this e-newsletter based on what our clients are concerned about. You are welcome to submit your questions or suggestions to us, and you may find your sixty second answer in an upcoming edition.
Question: I feel I know the basics of complying with the federal CAN-SPAM Act, but are there any compliance pitfalls of which I should be aware?
Answer:
Yes, in fact, a few different companies recently stumbled upon CAN-SPAM compliance pitfalls that seemingly could have happened to any well-intentioned company.In November, the Federal Trade Commission reported that it settled a CAN-SPAM action with Yesmail, Inc. (d/b/a @Once Corp.), an e-mail services provider that, among other things, transmits promotional e-mails on behalf of its clients. Unfortunately, Yesmail neglected to turn the spam filter off on the e-mail accounts it used to receive opt-out requests, and therefore failed to honor opt-out requests as required by the CAN-SPAM Act. Yesmail agreed to pay a civil penalty of $50,000. ( U.S. v. Yesmail, Inc. , N.D. Cal., No. C-06-6611, 10/24/06.)
In another recent CAN-SPAM enforcement action, a group of mortgage brokerage companies lost their motion to dismiss CAN-SPAM claims that were brought against them by an internet service provider whose subscribers received mass e-mails advertising the brokerage companies' services. The allegedly unlawful spam had been sent, not by the brokers themselves (the advertisers), but by third parties who had been retained by "middle-men" (or "lead generators") who were retained by the mortgage brokers to cause e-mail ads to be disseminated containing the brokers' advertisements. The court held that the facts supported a finding that the mortgage brokers, through their contracts with the lead generators, knowingly induced the spammers to send the unlawful e-mails, despite the fact that such contracts required compliance with the CAN-SPAM Act. (Asis Internet Services v. Optin Global, Inc., N.D. Cal., No. C-05-5124-CW, 9/27/06.)
So what is the take-away? The take-way from the Yesmail case is easy: make sure your spam filtering software is not set to filter out incoming opt-out requests. The take-away from the Asis case is more difficult, since the court essentially found that an advertiser is responsible for its contractors' unlawful e-mails even though the contract required the contractors to comply with the law. So, performing due diligence on your e-mail partners, and retaining oversight as to their practices and subcontracting, can be an important step in protecting your company from exposure to this type of liability. Additionally, to mitigate your exposure as an e-mail advertiser, you must not only have contracts that allocate responsibility for CAN-SPAM compliance appropriately, but they should also contain strong indemnification obligations and other remedies for violation of the CAN-SPAM Act.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.