June 30, 2005

Alert: How New Michigan & Utah Email Laws Affect You (Perhaps More Than You Think)

SUMMARY: Blech! Two new state laws come into effect Friday, July 1st, 2005. both:

-> Directly impact permission mailers

-> Carry nasty penalties

-> Launch new state Do Not Email registries

-> Are *not* circumvented by CAN-SPAM compliance.

Types of marketers affected include: financial services, matchmaking services, alcohol and tobacco, adult content, etc. Plus, individuals can bring lawsuits if they think you're breaking the new laws, so you're not protected by possibly sluggish state enforcement. Here's our practical FAQ for permission emailers, including links to the text of both laws.
Please note: We at MarketingSherpa are not lawyers. We're doing our best to comment on the new laws as journalists, but if you need formal legal advice, please contact an actual legal professional.

One of the few benefits of CAN-SPAM was that it superseded the burgeoning state email laws that were making legitimate emailers' jobs a nightmare.

A minefield of well-meant but badly written local laws was circumvented.

However, on Friday, July 1, 2005, two new state laws come into effect. Apparently CAN-SPAM can't supersede them because these laws are *not* worded as anti-spam laws. They're child protection laws.

That world of difference is going to cause headaches and extra costs for many permission mailers. Here's our take on what you need to know, plus handy links to the full text of both laws and more info on the topic.

Quick outline of both laws

Although they have slight differences, these laws boil down to the same facts. (Link below to text of both laws.) Roughly summarized:

o Both set up a Do Not Contact list where kids (under 18), parents/guardians, and institutions that serve kids can register email addresses (and later phone, cell, IM, etc.).

o Even if it's not the kid's email, the address can still be registered if a kid has routine access to it. (So you can bet folks with kids hoping to prevent spam will register in scads.)

o If you email anything to an address that's been registered for 30 days or more that contains *or links to* content and/or promo offers that kids can't legally see or respond to, then you've probably broken the law.

o Purge files will be available for list owners to start running their lists against shortly, so you can eliminate registered names from your possibly-illegal mailings. There's a basic fee for this and to stay safe, you must do it every 30 days starting July 31, 2005.

o Opt-in status and "existing business relationships" have zero bearing on the matter.

o Penalties include fines, jail time, and felony charges.

o Funds are being set aside to prosecute offenders, plus individual email recipients (such as parents) are encouraged to bring civil action against even one-time offenses.

o Yes, experts tell us to expect similar laws in other states shortly.

What types of emailers are affected by these laws (surprisingly many)

As noted above, being an opt-in mailer does not protect you. Even if a recipient has paid to receive your email (perhaps they subscribe to your service), you must cease emailing any problematic content to their address if it's on the registered Do Not Contact list.

The whole key to being safe if you mail into Utah and/or Michigan without running your list against the suppression file every 30 days is never ever email any content or anything that links to content that might be illegal.

Unfortunately no one's defined precisely what "illegal content" is. However, based on our reading of the law, plus advice from Anne Mitchell, President ISIPP (a for-profit company that helps emailers with legislative info), illegal could be pretty darn broadly interpreted to include:

o Obvious stuff -- porn, gambling, pharmaceutical offers, phishing, Nigerian scams, alcohol, tobacco, etc.

o Less obvious stuff -- financial services (credit card, banking, and mortgage offers), automotive marketing, dating and matchmaking services, etc.

"It is foolhardy to think they will only be going after Viagra spam," notes Mitchell. "This is not an anti-spam law, it's a we-don't-want-our-kids-looking-at-forbidden-content law. If you send something a parent might consider offensive. ..."

Given that parents can file lawsuits about this, and given that every parent has a different idea about what's offensive, you can see why Mitchell's concerned.

Plus there's the Web advertising angle: If you send out messages that link to Web sites (even common news sites and portals) that then contain ads for things that minors can't buy, you may not be safe. Example: you link to iVillage and the page has an ad for a credit card offer or a new lite beer or a matchmaking service; you could be breaking the law because your email directly led a minor to a Web page containing forbidden content.

Yes, that's stretching things a bit, but Mitchell argues a lawsuit could happen.

On the other hand, the mailer does get one safety net by claiming they made an honest mistake. For example, perhaps the ads on the page are behaviorally-served so you could never have predicted they'd be there.

Which mailers are fairly safe

If you mail content that you control such as your own email newsletter or sales alerts, and the links all go back to sites where you also control content, and you're not on the even slightly-illegal list, then you're probably safe.

So, a B-to-B tech emailer who sends out a white paper invite, or an eretailer who offers new baskets for July 4th picnics, are both probably safe-as-houses.

Even then, however, if you have a bad-publicity-shy corporate parent, you may want to consider running your list against the registries because any parent can file a lawsuit and blab to the world about you being a potentially nasty spammer even if you ultimately win the case. (Welcome to America.)

How about affiliates, list rentals, ISPs, ESPs, etc?

The laws do protect ISPs and ESPs because they are recognized as folks who just pass mail on without regard to whether the recipient is a minor or not.

Affiliates and list rentals are a bit of a gray area. If you own the list, you're probably going to be held responsible for what's mailed to it by a third party. If you're the promoter, you may be held responsible for where third parties mail your marketing campaigns.

We hope affiliate program managers for financial services and dating/matchmaking services have gone into high alert.

Quick facts on compliance

On Friday, July 1st, 2005, both Michigan and Utah are required by law to have set up a way for folks in both states to register their email addresses.

If you decide your email content or the places your content links to are risky enough to warrant using the registries, you'll need to upload your list to the designated vendor (we've heard through the grapevine this may be the folks at UnSpam.org, who are not to our knowledge a nonprofit) and have all registered names removed.

o Start doing so by July 31st, and then every 30 days thereafter.

o In Michigan the cost currently will be .007 cents per name on your total list. This can be raised in future to as high as .03 cents per name.

o In Utah the cost currently will be .005 cents per name, and there's no word yet on potential hikes.

Why we think these laws are BAD

We love the idea of getting porn, Viagra offers, etc., out of kids' email boxes. Heck, we love the idea of stopping them from our own boxes! However, traditional spammers won't be stopped by these laws because they are often shielded by being (a) hard to track down and (b) tough to extradite.

The folks who will do all the work to comply will be the law-abiding folks who make up the rank and file of permission emailers: companies with easy-to-find offices who don't want to risk lawsuits for either financial and/or PR reasons.

There's a chance that some parents may take advantage of the new laws to trip an otherwise legitimate company up, either for fame, financial gain, or because they bear that company a grudge. But it's not like that possibility doesn't already exist with other laws.

The reason why we don't like these laws is twofold:

#1. These laws are well-intentioned but won't do much good against virulent spammers, and they could penalize permission-based businesses. The extra cost and workload of running your lists monthly against various state Do Not Email lists could be high ... especially if more states join the wagon train.

#2. Even supposedly-secure files of minors' contact data are fairly easy to hack. All you have to do is run your list against the registrant file and keep track of which names are taken off! Kids' security could be compromised by collecting their email, IM and cell phone info in one-easy-to-hack place. And we don't want to think about the slimy folks who might try to reach them next.

Which is precisely why the federal government said NO to a national Do Not Email registry last year (link to more info below).

If you hear your own state legislators are considering following in Utah and Michigan's footsteps, we suggest you lobby them.

... and thanks for lending your ear to this semi-rant.

Six Useful links related to this article

#1. Texts of both new state laws so you can read them for yourself (not enormously long): http://www.marketingsherpa.com/usscp/study.html

#2. Enrollment form for ISIPP's July 7th teleseminar on the new laws, where you can ask lawyers and insiders questions (Note: This event is not associated with MarketingSherpa. There will be an fee for attending to be announced at the event site): http://www.isipp.com/child-protection-email-address-registry-compliance-seminar.php

#3. Michigan Registry home page: https://www.protectmichild.com/

#4. Great article from CNET's News.com on the reasons why the FTC refused to enact a US national Do Not Email list: http://news.com.com/FTC+Thumbs-down+on+do+not+e-mail+list/2100-1024_3-5234480.html?tag=nl

#5. Federal Trade Commission's handy memo on: How to Comply With The Children's Online Privacy Protection Rule: (Note: this compliance does not keep you protected from state laws, you have to comply with them separately.): http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm

#6. UnSpam.org: the vendor we've heard may be running the Do Not Email registries for both states http://www.unspam.org

Improve Your Marketing

Join our thousands of weekly case study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions