CAN-SPAM Compliance

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003) supercedes the various conflicting state laws for the regulation of email. We are completely permission-based. All of our services are in full compliance with CAN SPAM laws. We supply a CAN-SPAM compliance guarantee on all orders. We can help you maintain comprehensive opt-out lists, properly identify and clean bounce-back e-mail addresses, as well as implement and manage permission and frequency rules for your e-mail database. Nevertheless, the CAN-Spam Act contains requirements that must be met by all mailers regardless of existence of a prior business relationship with the recipient.

All of the above apply to both solicited and unsolicited commercial mailings with one exception. Mail sent to recipients at their consent (opt-in newsletters, alerts, etc.) does not need to contain the disclaimer labeling the message as an advertisement or solicitation. Damages under this Act can be reduced if policies and procedures designed to prevent such violations have been established and implemented, and a violation occurred despite reasonable effort intended to maintain compliance with the aforementioned policies.

Since most legitimate email marketers honor removal requests and do not send mailings by hijacking open relay servers or write misleading subject lines, the two key issues to address before the New Year are the inclusion of a physical postal address in the message, and the inclusion of a disclaimer identifying the message as a solicitation or advertisement, should one be required.

UK Data Protection Act

The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use,[1] for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves.

Data Protection Principles

Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 is met, an in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Personal data shall be accurate and, where necessary, kept up to date.

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. About the rights of individuals personal data shall be processed in accordance with the rights of data subjects (individuals).

Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.