New Legislation Raises Host Of Bulk E-mail Issues for Banks State laws will be preempted by the CAN-SPAM Act of 2003. By: W. David Gardner, TechWeb News
Legitimate businesses face new state and federal anti-spam laws that took effect on New Year's Day, and they raise new issues for businesses trying to use e-mail within the letter of the law. The CAN-SPAM Act of 2003 may not have much impact on offshore operations-those beyond the reach of U.S. law enforcement-but it will affect some respectable companies, says Charles Kennedy, a lawyer specializing in computer and communications law, in the Washington, D. C., office of Morrison & Foerster.
"A guy with a server in Antigua sending porn won't comply. But a U.S. bank offering credit cards will have to comply," Kennedy says.
The legislation, signed by President Bush on Dec. 16, 2003, was aimed to eliminate the patchwork of states' anti-spam regulations. Kennedy says he has advised more than 200 clients-all legitimate users and would-be users of e-mail messages-to focus on two main issues regarding the new law. First, they must provide an "opt-out"-an e-mail or URL address users can utilize to stop the sender from sending future unsolicited messages. Second, there must be a label in the message specifying that the message is an ad or a solicitation.
"Everything is a little less confusing because of the federal law," Kennedy says. "A big reason for the federal law was the confusion caused by the state laws. The states can still enforce some anti-spam [provisions], and state prosecutors can even use some parts of the federal law."
Kennedy recommends that respectable operations sending legitimate e-mail should also acquaint themselves with European anti-spam regulations. "The Europeans," he says, "are generally more aggressive about e-mail. If you are an American company, you have to be careful if you have an office or a server in Europe."
This article originally appeared on Internetweek.com, a sister property of BS&T, Jan. 1.
The Controlling the Assault of Non-Solicited Pornography and Marketing Act requires unsolicited commercial e-mail messages to be labeled (though not by a standard method) and to include opt-out instructions and the sender's physical address. It prohibits the use of deceptive subject lines and false headers in such messages. The FTC is authorized (but not required) to establish a "do-not-email" registry. State laws that require labels on unsolicited commercial e-mail or prohibit such messages entirely are preempted, although provisions merely addressing falsity and deception would remain in place.