Stefan Vucicevic is a tech writer for Jatheon Technologies, enterprise information archiving company that specializes in archiving solutions for email and social media to organizations in regulated industries globally.
Email compliance is not just about sticking to the law. Know the recent legislation relating to email compliance and how to build a compliant email system.
The continuous improvement of email marketing tools has allowed marketers to create more diversified email campaigns, with personalized content, advanced analytics, automated processes, and more sophisticated segmentation. We can now deliver perfectly crafted personalized email campaigns to varied audiences while removing the majority of manual work.
But while email marketing has been advancing, so has the regulatory landscape that governs what we can do through emails.
In recent years, with the adoption of GDPR as the turning point, several laws have entered into force that limits the reach of our marketing efforts and gives customers more control over how we collect and store their data.
And while it might seem like a daunting task to dissect the comprehensive and often vague regulatory landscape, it matters more than ever to understand the legal requirements we need to meet. This holds true particularly for marketing teams who target international audiences and thus have an added layer of laws to meet.
1. Email Retention Laws
Privacy laws that we’ll mention later are only one part of the equation when it comes to ensuring your email marketing compliance.
The second part is data retention laws that dictate how long companies need to preserve their business records.
Depending on the industry you’re in, this can range anywhere from three to seven years, and each industry, and each state for that matter, might have a subset of their own regulations that you need to follow.
The point is that once marketing teams collect consumer personal data (e.g. email), such data becomes an official business record. Business records can include anything from client and customer lists to advertising and creative materials.
To make sure you navigate safely through email compliance, here’s a handful of steps to help you get started:
- create a clear policy that would define how you collect customer information
- define who on your team is involved in the process
- determine how you will preserve this information, whether in a cloud archive or on-prem archive
- identify tools/channels through which you will collect this information, whether it’s proprietary tools or third-party solutions
- determine who will have access to this information
- consult your legal team to check which laws you need to follow
- involve your data team, IT team, and legal teams to help understand the full perspective
Still, think of the information here as a guiding point only and always consult your legal team.
2. Email Marketing Regulations: US and EU
Here is a rundown of key pieces of legislation that regulate email marketing.
i. California Consumer Privacy Act
The CCPA has become effective as of this year and it has granted significant rights to consumers with respect to their personal information, email included. Essentially, CCPA has similar goals and rules as the GDPR, but it primarily protects consumers who are California residents.
When it comes to email marketing, here’s what you need to know to be compliant with CCPA:
- you can’t collect anyone’s email address unless they specifically give consent that you can collect their email address, so this essentially removes the possibility of cold emailing to Californian citizens
- in your emails, you need to make it easy for the recipient to unsubscribe from further emails, by making the unsubscribe option visible to them
- in case a subscriber requires it, you need to delete their information (aka ‘the right to be forgotten’)
- you need to let your subscribers know how you plan to collect, process, and store their information, and who will have access to their personal information (which includes email addresses), as well as whether you plan to share or sell their data
- you need to provide the same service to customers/subscribers who do not want you storing their information
ii. CAN-SPAM Act
The CAN-SPAM Act is a piece of legislation that governs commercial electronic communication between a business and customers.
So we’re not talking about bulk emails only, but any email that is commercial in nature, it could be an email you send to former customers to inform them about your new product line.
The law helps protect customer rights throughout their interaction with your brand, and introduces lofty fines: each non-compliant email is subject to fines up to $43,280, so it pays off multiple times to meet a handful of requirements it introduces.
Luckily, the rules are pretty straightforward:
Refrain from using deceptive subject lines
Crafting an email subject can be a real stretch, especially if you are running long campaigns and you want to try out a fresh approach. And in an effort to re-invent our subject lines and push the open rate up, we might go for less mainstream ways. But we shouldn’t. Not only do we irk the already overwhelmed customers, but also because the CAN-SPAM Act says orders us not to.
Under this law, we need to make sure that the subject line accurately reflects the content of our emails. So we shouldn’t go deceptive email subject lines, teasing our prospects about alleged unusual activities on their PayPal or Facebook accounts. Instead, we should keep the information in the subject line real and relevant to the message.
Give recipients a chance to opt-out
You need to make it obvious for an average reader to understand and easily grasp how to opt-out of your emails. Hidden, inconspicuous ‘unsubscribe’ options can lead to no good, and can earn you fines for non-compliance with the legislation.
Honor opt-out requests promptly
Under the CAN-SPAM Act, once you receive an opt-out request, you have 10 business days to grant it, and of course, you can’t ask for anything in return, including charging a fee or seeking other personally identifiable information from the email recipient.
Use correct header information
You need to make sure that all the information in the email header is correct. No fake personas or email addresses can be used, and you need to make sure that the information about the business sending the message is clear.
Provide information about your physical address
Your emails need to include information about your physical address, whether that’s a PO box, or a private mailbox, or the street address your business currently uses.
The company is always held responsible
Even if a company outsources email marketing to an agency, they’re still held accountable for any non-compliance with this legislation.
It’s been over two years since GDPR came into effect and paved the way for a number of privacy protection laws that have been and are being introduced globally.
When it comes to email marketing, GDPR regulates how promotional emails are sent to potential and existing customers.
Essentially, the key question that your marketing team needs to answer is whether or not a person gave consent for you to send them emails. If not, you might be in breach of GDPR.
So, always double-check that you have the proof a person opted in to receive your emails. If not, it might be good to send out re-permission emails, but again you can’t send these emails to people who have explicitly opted out of communication from you.
Here’s just a quick recap of what your marketing teams need to bear in mind when running email campaigns:
- you are not allowed to market to prospects who have not opted-in for your ads
- you need to make sure that opt-in is straightforward
- you are not allowed to pre-select or pre-tick a box that confirms opt-in; instead, prospects need to be the ones to fully decide they want to receive your emails
- your web forms need to explicitly make it clear what the customer is agreeing to
Subscribe to weekly updates
You’ll also receive some of our best posts today