CAN-SPAM

Question 1

Sector

Answer 1

Marketing

Question 2

Year passed/amended

Answer 2

2003

Question 3

Original purpose

Answer 3

Provide a mechanism for legitimate email solicitations, while allowing consumers to opt out of unwanted solicitations

Question 4

Primary requirements

Answer 4

Email solicitations must identify the sender, including a return address; not be misleading; and provide a conspicuous, free way to opt out.

Specifically, must:

(a) not use misleading headers or subject lines;
(b) contain a functioning, conspicuous return email address, and a valid physical postal address;
(c) contain a conspicuous, free mechanism to opt out;
(d) state clearly and conspicuously that the email is commercial;
(e) not use address-harvesting, automated creation of multiple email accounts, or retransmission through multiple accounts;
(f) if message is sexually explicit, contain a warning label

Question 5

Entities subject to the law

Answer 5

Anyone who advertises products or services by email originating in the U.S.

Covers commercial email whose primary purpose is advertising or promoting a product or service.

Question 6

Term for relevant PII or regulated data

Answer 6

Commercial email messages and text messages

Question 7

Definition of relevant PII or regulated data

Answer 7

“Commercial” is not defined, but the law does not apply to commercial messages which primary purpose is to:

(a) facilitate or confirm an agreed-upon commercial transaction, or deliver goods or services pursuant to an agreed-upon commercial transaction;
(b) provide warranty or safety information about a product purchased or used by the recipient;
(c) provide certain information regarding an ongoing commercial relationship;
(d) provide information related to employment or a related benefit plan

Question 8

Civil or criminal?

Answer 8

Both

Question 9

Enforcing authority - civil

Answer 9

FTC, FCC (for texts), state attorneys general, ISPs

Question 10

Penalties - civil

Answer 10

Injunctive relief; up to $250 per violation to a max of $2 million. Triple for willful or aggravated violations

Question 11

Enforcing authority - criminal

Answer 11

DOJ?

Question 12

Penalties - criminal

Answer 12

Egregious conduct punishable by up to 5 years imprisonment

Question 13

Preemption?

Answer 13

Yes, except to the extent state anti-spam laws prohibit false or deceptive activity

Question 14

Private right of action?

Answer 14

No

Question 15

FIP Individual Rights addressed

Answer 15

Choice and consent (not notice or access, whatever those would mean in this context)

Question 16

Choice and consent provisions

Answer 16

Text messages are totally disallowed, except with express prior authorization (opt-in, must take affirmative action to authorize)

Question 17

FIP Information Control principles addressed

Answer 17

None

Question 18

FIP Information Lifecycle principles addressed

Answer 18

None

Question 19

FIP Information Management principles addressed

Answer 19

Monitoring and enforcement (not administration)

Question 20

Monitoring and enforcement provisions

Answer 20

Must keep records of opt-outs for two years