CAN-SPAM: It’s Not Phat!

Federal Commercial E-Mail Legislation Takes Effect A major change in the law that affects privacy and commercial e-mail on the Internet took effect on January 1, 2004. The CAN-SPAM Act of 2003 doesn’t simply establish an “opt-out” framework for commercial e-mail, it completely pre-empts state law. Although an individual consumer doesn’t have the right to sue an offender under the Act, the Federal Trade Commission, along with the Attorneys General of each state, do. So what should you know?

First, the Act only applies to commercial e-mail—an e-mail whose primary purpose is promoting a commercial product or service. Although the FTC has not yet promulgated any regulations under the Act, simply because an e-mail has a URL link to a commercial website or refers to product or service doesn’t make it commercial e-mail. There are, of course, certain obvious exemptions built into the law. Product safety recall information or e-mails notifying you about changes or important notices concerning your subscriptions, memberships, purchase confirmations, accounts or e-mail related to your employment—all of these are so-called “transactional relationship messages” where the main purpose is communication related to a commercial transaction, rather than promotion or advertising.

Second, what does the law require. Starting January 1, 2004, all commercial e-mail (even if an existing business relationship exists and whether or not the e-mail was solicited or not) must contain a clear and conspicuous notice that a consumer can opt out of future e-mails and provide a web-based means to do so. A consumer’s request to opt out must be honored within 10 business days and marketers can’t sell or share the e-mail addresses of those who have opted out. The e-mail must also clearly identify itself as an advertisement—unless a consumer has specifically asked to receive commercial e-mail from a particular commercial entity. Third, the e-mail must contain a postal, physical address of the sender. Although it is not yet clear if a post office box is enough, the less-risky approach is to have a street address.

The Act has a number of other requirements related to labeling—for example, the subject (header) must accurately reflect the body or content of the message and the sender (the sponsor of the promotion) must be identified. Although the Act preempts state commercial e-mail laws, beware of the fact that state fraud, trespass and certain consumer protection laws can still apply.

Violations of the CAN-SPAM Act are criminal offenses and involve both fines and potential jail time upon conviction. As with most Federal crimes, aggravating factors increase the penalties and implementing good faith and reasonable measures to attempt to comply with the Act can lessen them. These penalties can be serious—jail-time of up to five years, $250 per e-mail up to $2 million in fines (which can be tripled up to $6 million if aggravating factors are present) and all computers and software used in the commission of the crime can be forfeit.

Although the primary purpose of Legal Bytes is to enlighten and inform you, it obviously does promote Rimon and encourages you to call us when you need legal support. Accordingly we will always give you the opportunity to opt out of receiving our publication by email and when we send you an e-mail, it will be clear as to what it is and who is sending it. This is not just the law, it’s good practice.

Instant Messaging – SEC Regulations Likely

According to the TowerGroup (Bank Technology News, January 2004), an estimated 15 percent of the securities industry in North America uses Instant Messaging for sharing market-related data with client. As we mentioned in our July 2003 issue, the NASD is already requiring member firms to retain records of instant messages for at least three years, and is requiring them to supervise the use of instant messaging technology by their employees. It is likely that
SEC regulations will emerge specifically on the subject this year or next year at the latest.

In the meantime, most securities dealers are choosing to be safe rather than sorry, and are attempting to apply the same rules they have for e-mails to instant messages as well—although the technology isn’t going to make that chore easy. Stay tuned.