CAN-SPAM, TCPA, and CASL – Best Practices for Marketing Teams

CAN-SPAM and Digital Marketing vs. TCPA and SMS Messages and Phone Calls

Using digital communications to reach customers has never been more popular, especially as the pandemic pushes more businesses to make consumer interactions contactless. From email to SMS, marketing teams have taken business online—but doing so brings a specific set of risks regarding data security and privacy. It is easy to get tripped up if you do not have a good grasp of the basic legal guidelines that govern commercial emails.  

In the U.S., CAN-SPAM is the most relevant law when launching a digital marketing campaign. This law sets the rules that all companies need to follow when sending marketing messages via email. The Telephone Consumer Protection Act of 1991 (TCPA) covers SMS messages and phone calls. Canada’s Anti-Spam Legislation (CASL) covers digital communications originating in that country. If you are wondering why businesses should be paying attention to these regulations, take note: according to the FTC, each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $43,280.

What Kinds of Emails Are Regulated Under CAN-SPAM?

Under CAN-SPAM, the rules only apply to commercial emails (or Commercial Electronic Messages (CEM) under CASL). These are messages sent with the purpose of advertising or promoting a product or service. When evaluating the overall purpose of an email, it is important to look at the content of the message, hyperlinks, and contact information. In general, ask if the message:

• Includes offers to purchase, sell, barter or lease a product, goods, or a service
• Includes offers to provide a business or investment opportunity
• Promotes a person who can do any of the above things

Suppose the email contains both commercial sales promotion and transactional information (a receipt, a confirmation, notifications about an existing subscription or service, etc.), In that case, the email is regulated if the recipient would regard the primary purpose of the email to be commercial in nature.

What About Social Media and Text Messaging?

Messages transmitted via social networking sites are a bit of a grey area. Some federal courts have ruled that CAN-SPAM’s definition of “electronic mail message” includes messages transmitted to a social network user’s inbox, news feed, or wall. It is also important to check the terms and conditions of each social media platform you intend to use as many have limits on how marketers can use them.

And because social media, email, and SMS marketing are all intertwined, it is important to note that the TCPA restricts telephone solicitations and the use of automated phone equipment. It lays out very strict solicitation rules that require explicit customer consent for commercial SMS messages.

Basic Guidelines for Sending Commercial Emails

If you are ready to draft a commercial email campaign, these 7 basic guidelines outlined by the FTC are a good place to start:

1. Don’t use false or misleading header information in the “From” and “To” lines.
2. Don’t use deceptive subject lines.
3. Identify the message as an ad.
4. Tell recipients where you are located.  
5. Provide a clear way to unsubscribe.  
6. Honor opt-out requests promptly.
7. Monitor contractors or vendors working on your behalf.  

It is important to note that in Canada, marketers must have consent for both commercial email and text messages. If not, you need to send an email requesting express consent or find another way for the recipient to opt-in to receive future emails or text messages. A check box at checkout or on your website is not sufficient.

Additional Resources For Marketing

Many businesses, regardless of size, leverage some form of marketing on a regular basis to market and communicate with their client population. Whether it's regular email marketing newsletters or text messages designed to communicate and market to your customers, there are some best practices that we at Octillo recommend following.  Our attorneys are also technologists and certified privacy professionals.

Additionally, our experienced Compliance Advisory Team helps clients navigate CAN-SPAM, TCPA, CASL, and any other similar regulations as your organization’s data security and privacy program evolves from a compliance standpoint. Many low-cost, high-impact protective measures can be implemented with the assistance of counsel to address the key requirements of state, federal, and global regulations. We would be happy to help your organization prioritize security and privacy and adapt to this evolving legal landscape.

*Attorney Advertising: Prior results do not guarantee a similar outcome.