While much attention has been paid to federal regulators’ ongoing crusade against illegal robocalls and those responsible for them, it is all too easy to overlook the fact that the FTC is also charged with enforcing other marketing regulations besides the Telephone Consumer Protection Act (TCPA) and the Telemarketing Sales Rule (TSR). One such regulation is the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, more commonly known as CAN-SPAM.
On August 14th, 2023, Experian Consumer Services received a brutal reminder of the FTC’s CAN-SPAM enforcement powers in the form of a lawsuit filed in the Central District of California stemming from alleged CAN-SPAM violations.
What is CAN-SPAM?
Enacted to tackle a mounting deluge of unsolicited email advertisements filling inboxes in the early 2000’s, Congress authorized the FTC to draft regulations governing the transmission of “commercial electronic mail messages,” which are emails (and some text messages) whose primary purposes is the advertisement or promotion of a commercial product or service.
Basically, the CAN-SPAM Act governs all commercial emails, including B2B communications and announcements of new products and services. Violations can incur penalties of up to $50,120 per email, but compliance is relatively straightforward. Key CAN-SPAM requirements include:
- Ensuring header information is accurate and representative.
- Avoiding misleading subject lines.
- Clearly indicating the message as an advertisement.
- Including a valid physical postal address.
- Providing a clear opt-out mechanism and maintain it for at least 30 days after sending.
- Adhere to opt-out requests within 10 days.
- Consumers retain their opt-out rights, regardless of membership or subscription status.
- Opted out email addresses can't be sold or transferred, except for compliance purposes.
Even companies that outsource their email marketing remain accountable for CAN-SPAM violations, along with the actual sender.
United States vs. Experian Consumer Services
The complaint against Experian was filed by the Department of Justice on behalf of the FTC and accuses the consumer credit agency of spamming consumers with marketing offers after they signed up for an account to monitor their Experian credit report information.
According to the complaint, consumers who wanted to freeze or otherwise manage their Experian credit information online were required to create a free Experian account. Consumers who did so were then sent emails promoting various Experian products and services, which did not contain an unsubscribe link consumers could use to keep from receiving even more marketing emails.
Instead of the required out-out instructions, Experian included a notice at the bottom of the emails informing recipients that they were sent because they contained “important information” about their account. According to the FTC, however, the emails did not concern consumers’ accounts and instead promoted various products and services, and Experian was therefore required to provide recipients with a way to unsubscribe from future emails.
To resolve the CAN-SPAM violation, Experian agreed to a $650,000 civil penalty and committed to adhering to the requirements of CAN-SPAM, including providing clear opt-out options in marketing emails.
The Experian case isn't just a cautionary tale for one company, but a lesson for all. Respecting user preferences isn't a mere courtesy; it's a legal obligation. For individuals and businesses intent on mastering marketing compliance and maintaining the highest standards, the Blacklist Academy provides an array of meticulously crafted courses that empower participants with the knowledge and tools to navigate the constantly evolving legal landscape of the marketing domain with confidence.