Don’t Fear CAN-SPAM or PIPEDA With Targeted E-Mail

Due to spam, a great deal of misunderstanding surrounds the whole idea of commercial email.  Most businesses are too worried about being labeled as spammers to even consider the idea of doing mass email campaigns.

Their fears are not without substance.  Some US spammers have been prosecuted BIG TIME.  In January, 2006, James McCalla was ordered to pay $11.2 Billion to an ISP in Iowa and barred from using the Internet for 3 years for sending 280 million e-mail messages.  In May, 2004, Howard Carmack of Buffalo, New York was sentenced to 3 1/2 to 7 years for sending 800 million messages using stolen identities.

The reason spammers get prosecuted is not for sending unsolicited commercial email in itself.  They primarily get prosecuted for sending huge numbers of these emails and taxing other people’s or companies computer resources.  Major internet providers like AOL really don’t like it when millions of their customers receive millions of spam emails because it costs them a lot of money in the bandwidth and storage these emails use.

The way spammers now avoid pissing off internet providers like AOL is by using individual people’s PCs.  Nowadays, botnets, networks of virus-infected computers, are used to send about 80% of spam.  Does your PC ever run much slower than normal?  It may be because your PC is sending thousands of spam emails.  A prime way PCs get these viruses and become zombie computers is through file sharing networks.  That free song or movie you downloaded through BitTorrent often comes with a price.  (By the way, a great way of preventing these viruses is eliminating your screen saver.  These viruses often wait until you’re away from your computer for a while and then start sending spam like crazy.  When your screen saver comes on, that’s the virus’ cue to start spamming.  So eliminate your screen saver.)

CAN SPAM Act

The US law governing commercial email is the CAN-SPAM act of 2003.  Considering Bush signed it into law it’s no surprise it has an overblown, war monger overtone: CAN-SPAM is an acronym for Controlling the Assault of Non-Solicited Pornography And Marketing Act.  No direct equivalent of this law exists in Canada; the closest thing is PIPEDA which I’ll discuss shortly.  CAN-SPAM states that businesses or individuals may send unsolicited commercial email provided they do all of the following:

-    Emails Sent From A Real Email Address: you must send commercial email from a real, existing email address.  The tell-tale sign of a spammer is they use a fake, non-existing return email address to avoid detection.

-    Accurate Subject Lines: your subject line must accurately describe what the email is about.  We’ve all seen spammers trying every sort of deceptive wording in subject lines to get you to read their emails.  What a bad way of making a first impression!

-    Statement of Type of Email in Message Body: the latest addition to CAN-SPAM is you must state “This is a commercial email solicitation” somewhere in the body of the e-mail.

-    Opt-Outs/Unsubscribes:  you must remove anyone who doesn’t want to be on your mailing list (opt-outs) within 10 days of receiving the request

-    Mailing Address:  the email must contain a physical mailing address for your business

-    Warning Of Adult Material: recipients must be warned if you’re offeringsexually explicit material.  For such messages the warning “SEXUALLY-EXPLICIT” must be contained in the subject line.

Note that CAN-SPAM does NOT say you must obtain a person’s consent before emailing them.  But that doesn’t mean you should go hog wild and email millions of people about your business.

PIPEDA

The Personal Information Protection and Electronic Documents Act or PIPEDA is Canada’s law relating to commercial e-mail. It addresses data privacy and governs how private-sector organizations collect, use and disclose personal information in the course of commercial business.  “Personal Information”, as specified in PIPEDA, is as follows: information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.  So PIPEDA only relates to business information, not personal information.  Therefore, B2B companies don’t need to abide by PIPEDA, only B2C companies.  PIPEDA requires B2C organizations to obtain a person’s consent when they collect, use or disclose their personal information.  In other words, PIPEDA is saying permission based, opt-in mailing lists are the only way you can send e-mails to people’s personal addresses.

What I think muddies the waters is this: most people engage in commercially related activities in their personal email accounts.  Who can say they’ve never opt-ed in to receive something of a commercial nature in their personal email account?  In fact, when you register a personal email account, in the fine print of the user agreement there is usually some part where you agree to periodically receive commercial advertisements with your email account from the email provider’s partners.  For instance, my Yahoo email account always has a banner ad at the top of the screen.  By the same token, who hasn’t ever received a personal email in their business email account?  You simply cannot make a clean distinction between personal and business affairs in any email account you use.

At any rate, unlike CAN-SPAM, violating PIPEDA seems like it will get you in less trouble than jaywalking.  According to the Wikipedia page on PIPEDA:

“PIPEDA does not create an automatic right to sue for violations of the law’s obligations. Instead, PIPEDA follows an ombudsman model in which complaints are taken to the Office of the Privacy Commissioner of Canada. The Commissioner is required to investigate the complaint and to produce a report at its conclusion. The report is not binding on the parties, but is more of a recommendation. The Commissioner does not have any powers to order compliance, award damages or levy penalties. The organization complained about does not have to follow the recommendations. The complainant, with the report in hand, can then take the matter to the Federal Court of Canada. The responding organization cannot take the matter to the Courts, because the report is not a decision and PIPEDA does not explicitly grant the responding organization the right to do so.

PIPEDA provides, at section 14, the complainant the right to apply to the Federal Court of Canada for a hearing with respect to the subject matter of the complaint. The Court has the power to order the organization to correct its practices, to publicize the steps it will take to correct its practices and to award damages.”

It is highly unlikely any business or individual would take a privacy matter all the way to federal court unless (as in the US) they wanted to use it for fighting a spammer whose activities had caused them considerable financial loss by using up their computer resources.

It all comes down to what is considered spam.  There’s a simple equation at work with commercial email in most people’s minds:

SPAM = UNINTERESTING

When you target your emails to specific types of people who you know are likely prospects, your emails won’t be uninteresting.  In fact, many will welcome your emails.  If your emails are uninteresting they’ll call you a spammer.