Deliverability.com

REPOSTED from E-Mail Precisley

You are in complete control of how long customers should and will maintain their online relationship with you.

 

Some marketers stack the deck by pre-checking fields that sign a customer up to receive e-mail, such as during the purchase process. Some prefer to make customers check a box to opt-in.  Others acquire names and just add them to their mailing list with without any advance notice or consent from the consumer.  So what's the right thing to do?

 

The first thing to consider is legal compliance.  Remember though, just because it’s legal doesn’t mean it's right.  Think about this for a moment, would you stand in the middle of Times Square and yell insults at people?  Expressing your opinion in that way is legal, but it won't garner you any friends.  In the US opt-in is not required.  It is legal to make people opt out, but is it the right thing to do? 

 

The answer to that question is philosophically steeped in the definition of the relationship the marketer wants to have with their customers.  The relationship needs to be about mutual respect and a reciprocal value proposition. For example:

• IF, the marker clearly and conspicuously discloses that by entering an e-mail address the customer will begin to get relevant and targeted information about their respective services, opt-out might be fair.
• IF, the marketer does a good job explaining what the benefits are of the e-mail and then honors them, opt-out might be fair.
• IF, the registration form clearly states that the customer needs to uncheck a box, opt-out might be fair. 
• IF, there is a link to the privacy policy that explains what happens to their PII and how they can change that information or limit who it is shared with is next to the registration form, opt-out might be fair.

On the other hand, in the EU and many other countries, opt-out is not legal.  Permission is required to send commercial e-mail.  But, if the marketer doesn’t adhere to the principles above, their customers will probably opt-out or stop responding anyway.

  

Whether names are acquired via opt-out, opt-in, or double opt-in really don’t matter (assuming you are legally compliant).  Regardless of what type of permission you have the responsibility to maintain the trust and respect of your customers ultimately falls on your shoulders.  It is critical to be:

• Transparent about your data collection/use
• Respectful of your customers’ preferences
• Timely and relevant with the content you send them

The fallacy of the opt-out strategy is that it will yield a larger customer database.  The myth of an opt-in policy is that the customer is willingly expecting your next e-mail.  The reality is that the customer gets the final say.  They will flourish, become dormant, complain or just leave if you don’t live up to your end of the bargain.

 

Rick Buck

VP privacy and ISP relations, CIPP

e-Dialog

Wow! being last week in Washington, D.C. was a head-turner. This post might sound like a bore to read, but stick with it and begin to apply it to your email and other online marketing programs.

First, The United States Department of Commerce with the participation and cooperation of the European Commission and the Article 29 Working Party on Data Protection (those entrusted with privacy in the EU) held the "Across the Divide: Successfully Navigating Safe Harbor --
The 2009 Conference on Cross Border Data Flows, Data Protection and Privacy"

In this, participants examined the progress that the Framework has made, reviewed any changes made to the process for approving binding corporate rules, looked at new paradigms for privacy compliance, and address the role information security plays in data protection and privacy. Other topics considered included:

• Cross border data sharing during pandemics
• privacy by design
• strategic information management for the enterprise
• social network service providers and behavioral advertising in cloud computing
• global privacy standards
• electronic discovery in civil litigation

Second, the U.S. House Committee on Energy & Commerce held another joint hearing to examine consumer data collection & use. Witnesses testified before a joint hearing of the House Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection (CTCP) and Subcommittee on Communications, Technology, and the Internet (CTI) last week in which they discussed collection and commercial use of consumer data in the offline and online marketplace.

Members of the committee's expressed interest in learning what controls would instill confidence in consumers about data collection and use, questioning whether concerns about targeted marketing would be allayed by providing thorough disclosures of what and how information is collected and offering consumers the choice of opt-in or opt-out depending on the nature of the information.

As you may already know, the chairmen and ranking members of both subcommittees are working on draft legislation to address a range of privacy issues at the federal level. A draft bill is expected to be circulated in the next several weeks.

Folks, you've heard it from me once , if not twice, or three times. Privacy and compliance should be an integral part of your online marketing activities and daily decisions when creating campaigns. As it is today, the Internet knows no bounds when it comes to states and country borders. Many of these countries already have stringent privacy regulations that you might have to comply with when it comes to opt-in for email and or tracking cookies.

• Who Cares About Privacy Policies?
• Privacy policy isn't enough anymore
• Privacy in marketing/advertising

What we are seeing today in these sessions all applies to online and possibly offline marketing. Will we see a U.S. privacy federal rule like Canada and the EU? have today. Very possible in my opinion, but will not be without major discussions as you see above. You need to ensure your companies are involved in these discussions or at a minimum monitoring these changes.

More reading: FTC Urged To Clamp Down On Data Collection Online

-Dennis
Eloqua

Don't Just Send, Deliver!

Well I'm not sure how the cookie monster will take this news, but if you haven't heard online advertising and tracking is threatened by Europe's new cookie law.

If the new law is passed within the next few weeks, websites in the EU will be required to seek consent from users before serving cookies which will ensure more pop-ups for customers to click on for consent. This requirement will go into effect eighteen (18) months after the bill is signed somewhere around December 14th.

Now of course your asking yourself, why didn't I heard about this? Well don't worry, your not disconnected... this cookie requirement, similar to German cookie law, is attached/hidden in a new telecom package which seeks clauses that requires a court's authority before an individual can be disconnected from the internet for illegal downloading. EU's Council of Ministers and Parliament are in disagreement over that single clause in the package of laws. The rest of the package which includes the cookie plan is closed and agreed to, but for the cookie plan to go into effect the ENTIRE package has to pass. So if we are lucky and they can't agree to the rest of the package by December 14th, then we are safe. If they do agree, then cookies will be opt-in in the EU.

The law does however make an exception for cookies that are "strictly necessary" to provide a service. So anything requiring a cookie that helps a shopper get from a product page to a checkout doesn't require a consent notice. A consent notice through will be still required for cookies that are used in traffic analysis or advertising. For most of us we might have some issues here.

The current law says that sites using cookies must give visitors "clear and comprehensive information" about the purpose of the cookies and must offer visitors "the right to refuse" the use of cookies.

What's happening here is that many websites don't seem to offer the clear and comprehensive information and the right to refuse mentioned in the current law. An example of choice can be seen on Eloqua's website here. So what we see happening here is they are making it a requirement; short, sweet, and clear.

Stayed tuned, hopeful our cookies won't go stale on us.

-Dennis
Eloqua

Don't Just Send, Deliver!

Blogged from 37,000 feet using GoGo InFlight

A quick Wiki on the world's laws governing email suggests that four of the largest, fastest growing national economies and much buzzed about 'BRIC' countries have one thing in common: a lacuna of legislation or enforcement to regulate commercial email. Brazil has a short section in its Empresa Brasileira de Telecomunicações (Portuguese) on email published in 1999, but it is quite vague and lacks enforcement capabilities. Russia loosely addresses advertising email in Russian Civil Code 309. China has actually passed the most clear legislation on email with its 2006 "Regulations on Internet Email Services", which holds ESPs responsible and requires opt-in, as well as the placement of the word "AD" at the beginning of subject lines. However, India has recently passed an amendment to its IT Act of 2000, without addressing commercial email. Below is an overview of IT regulation so far in India.

Overview: The closest legislation relating to email in India is the newly amended Information Technology Act of 2000. It was previously ammended in 2006, and Indian lawmakers amended the IT Act again in December of 2008. However, the 2008 amendments have yet to be published in the Gazette of India and still do not address email. The law addresses the following, summarized by Justice Rajesh Tandon of the Indian Cyber-Regulations Appellate Tribunal:

-Tampering computer source documents

-Hacking with Computer system

-Loss/damage to computer resource/utility

-Hacking

-Obscene publication/transmission in electronic form.

-Failure of compliance/orders of Certifying Authority.

-Failure to assist in decrypting the information intercepted by Govt. Agency.

-Un-authorized access/attempt to access to protected computer system.

-Obtaining license or Digital Signature Certificate by misrepresentation/suppression of fact.

-Publishing false Digital Signature Certificate.

-Fraud Digital Signature Certificate.

-Breach of confidentiality/privacy.

Enforcement Effects: Interestingly enough, India's 2008 amendment to its IT Act has reduced the punishment for "cyber crime" from 5 years to 2-3 years and has made violations of the act bailable offenses. However, the amendment has apparently closed a lot of loopholes in the existing law. As India's economy develops, a stronger IT infrastructure and a greater presence in the online marketplace will come to fruition. Without enforceable email laws specific to India, the online reputations of companies with a global reach could potentially suffer.

Industry Self-Regulation: CAUCE India was founded in 1999 and later merged with CAUCE Australia to form APCAUCE (Asia-Pacific), a volunteer organization lobbying against unsolicted comercial email. APCAUCE is a division of iCAUCE. In a growing economy, Indian companies with a global reach are in the right position to develop functioning rulesets that are fair to both marketers and consumers. Many email marketing laws around the globe find their roots in industry-developed best practices.

Relevant Resources:

Department of Information Technology (IT Act 2000)

iCAUCE - International Coalition Against Unsolicited Commercial Email

Cyberlaw India- Information on the IT Act, amendments, opinions, articles and resources from Mr. Pavan Duggal, a prominent India IT legislation advocate. 

IT Act 2008 (.pdf Actual Legislation in English)

As a Director with CAUCE I'm happy to share this news - Original source CAUCE NA

Cauce North America Inc.--The Coalition Against Unsolicited Commercial Email (http://www.CAUCE.org)--Today announced at The Messaging Anti-Abuse Working Group meeting (MAAWG) that it has received additional financial support from Return Path Inc.

The viewpoint of computer end-users is often one missing from the anti-abuse discussions, CAUCE works to ensure they have a place at the table and these stakeholders' unique and vital perspective is considered when formulating policy to help stop Internet abuse. As well, CAUCE actively works to assist training law enforcement agents in the investigation of illegal spamming.

CAUCE, after a decade of purely volunteer ad-hoc operations, officially incorporated in 2007 and began to accept paid memberships from individuals and sponsoring companies and organizations to help defray operating costs.

"The ongoing, and generous financial support of Return Path by way of their renewed corporate membership in CAUCE will help us to continue to advance the interests of the true victims of Spam 2.0 (the blended threat of spyware, spam and viruses), the computer end-users" said CAUCE president Dr. John Levine

Matt Blumberg, CEO of Return Path inc. said, "Supporting the interests of consumers is vital to the health of the email ecosystem, and CAUCE is uniquely suited to work in this area. Return Path is delighted to support CAUCE in its ongoing efforts to create a clean, well-lighted place where consumers can feel safe and confident interacting through email."

"This renewed corporate membership will allow CAUCE to maintain a demanding travel and conference schedule in the coming months, including ongoing discussions with lawmakers and governments, The London Action Plan/EU Contact Network of Spam Authorities conference in Portugal, and of course, having representation at MAAWG" explained John Levine

Levine continued "CAUCE was actively involved in the Canadian government's Task Force on Spam in 2004-2005, the end-result of which was the recent tabling of Bill C-27 in the parliament of Canada; memberships such as that of Return Path Inc. allow us to continue to directly involve ourselves in the legislative process".

About CAUCE

It is reported today that Hotmail usage is being blocked by the Chinese government. Chinese censors blocked access to Twitter and other popular online services on today, two (2) days before the twentieth anniversary of the crackdown on democracy protests in Tiananmen Square which cost hundreds of lives.

NOTE: This is NOT LEGAL ADVICE - just my own personal interpretation and understanding of the proposed law. Please read this law yourself and also have your council review it for your protection. Reposted with permission from EmailKarma.net

Recently the Canadian Government introduced the Electronic Commerce Protection Act [ECPA] (aka: Bill C-27), an Anti-spam act that covers; email communications, unauthorized installed applications and the alteration of data during transmission between senders and recipients. This post will only deal with the Email portions of the Electronic Commerce Protection Act, and does not include information on installed software or data alteration.

What is the Purpose of the ECPA?

The ECPA is a law designed to promote and protect electronic communications while discouraging the abuse of these resources that threaten to; impair the reliability, efficiency of electronic activities, prevent additional costs to businesses and consumers, protect the privacy and the security of confidential information and strengthen the confidence of Canadians in the use of electronic means of communication and commercial activities. This enactment also makes several amendments to related laws; the Competition Act, Personal Information Protection and Electronic Documents Act (PIPEDA), the Canadian Radiotelevision and Telecommunications Commission Act and the Telecommunications Act.

What is considered a Commercial Electronic Message under ECPA?

The ECPA defines a commercial electronic message as an electronic messages that consists of: the content, the hyperlinks, the contact information, where the purpose is to encourage participation in a commercial activity that;

(a) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
(b) offers to provide a business, investment or gaming opportunity;
(c) advertises or promotes anything referred to in (a) or (b);
(d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of (a) to (c), or who intends to do so.

Also the ECPA clearly states that An electronic message that contains a request for consent (READ: Confirmed opt-in notices) are also considered to be a commercial electronic message. The ECPA also lists several types of excluded communications like; responses to customers service enquiries and applications, law enforcement, public safety, the protection of Canada, the conduct of international affairs or the defence of Canada and personal communications.

Who is governed by the ECPA?

After reading through the act, it looks like every corporation registered under a Federal or Provincial licence for the purposes of Commercial Activity are going to be effected by this law. I also understand this covers Non-profits, co-ops, sole proprietors and partnerships.

What are the Requirements for Marketers under the ECPA?

When sending commercial email you can only send to a recipient has consented to receiving it (express or implied - def'n below) and the message complies with the purpose of the ECPA described above. All messages being sent must;

• Clearly identify the person who sent the message and the person (if different) on whose behalf it is sent - Add your physical postal address and company name to all emails
• The messages must provide a method where the recipient can readily contact the person(s) responsible for sending the message (MUST be active for 60 days after the messages was sent) - Enable replies to go to your customer service and stop using No-Reply
• Provide a working unsubscribe mechanism (more below) that removes an address within 10 days - the faster the better.

An important thing to note is that the ECPA states that an electronic message is considered to have been sent once its transmission has been initiated (by the sender) and that it is irrelevant if the intended recipient address exists or if message reaches its intended destination. This reference makes bounce management even more important for mailers to monitor and clean from your list. When your working with your clients/members/subscribers and asking for their consent there are several things you should remember and incorporate into the process (I've talked about these types of things before);

(a) Clearly state the purpose(s) for which the consent is being sought
(b) Clearly identify the person(s) seeking consent
(c) Clearly define any other prescribed information about how data is collected and plans to be used.

How are express or implied consent different under the ECPA?

The definition of Implied Consent when the person(s) responsible for sending the messages has an existing business relationship or an existing non-business (def'n below) relationship with the recipient. While the “existing business relationship” means a business relationship (within the 18-month period preceding the day on which the message was sent) between the person to whom the message is sent arising from;

(a) the purchase or lease of a product, goods, a service, land or an interest or right in land
(b) the acceptance by the person to whom the message is sent of a business, investment or gaming opportunity
(c) the bartering of anything mentioned in paragraph (a) between the person to whom the message is sent
(d) a written contract entered into between the person to whom the message is sent and any of those other persons in respect of a matter not referred to in any of paragraphs (a) to (c), if the contract is currently in existence or expired within the 18 month period
(e) an inquiry or application, within the six-month period immediately, made by the person to whom the message is sent

A non-business relation is clarified to include a person that made a donation, a gift or performed volunteer work with; a registered charity, a political party or organization, or a person who is a candidate for publicly elected office. This Non-business relationship also covers membership in a club, association or voluntary organization. These relationships must have occurred within an 18-month period preceding the day on which the message was sent.

What do I need to know about managing unsubscribes?

The unsubscribe mechanism must specify an electronic address to which the unsubscribe notice may be sent or provide a hyperlink by means of which the recipient can provide their opt-out notice. Providing both options an email unsubscribe and a landing page unsubscribe is highly recommended.

Are there penalties for Violating the ECPA?

Yes, significant monetary penalties have been set out within the act. The maximum penalty for a violation is $1,000,000 in the case of an individual, and $10,000,000 in the case of any other person.

Where can I get a copy of the Bill C-27?

You can find Bill C-27 here (pdf - I recommend you download the document - right click and save link as)

Overview: Austria's email laws are based around the EU Directive 2002/58/EC, which requires consumer permission or opt-in except for under the following circumstances: consumer information was obtained during a sale of a good or service, and the direct marketing message is for a similar good or service. So basically, a prior relationship with the consumer must exist. Also, a clear and free opt-out mechanism and an opportunity to object to messages at the time of data collection must be provided, the sender must be identified, and the message has to be labeled an electronic advertisement.

The specific law in Austria that implements the EU directives is the TKG 2003 Telecommunications Act, specifically section 107. The government body responsible for enforcement is the Austrian Data Protection Authority.  The Austrian law specifies that opt-in applies to both natural and legal persons; therefore, b2b communication must be opt-in unless it meets the other EU directive requirements. Violators of the law can be fined up to €37,000 in Austrian courts.  Austria's Data Protection Act deals with general privacy issues, and their e-Commerce Act includes sections concerning unsolicited communication and plans for a "Do Not Spam" list.

Enforcement Effects: Because the EU directive leaves it up to individual countries to define the terms- 'preexisting relationship,' 'similar goods and services' and 'natural or legal persons', all of the European countries with individual laws tend to vary slightly.  Therefore, marketers in the EU, to avoid the risk of getting in trouble in a specific country, have largely adopted opt-in only sending practices.   

Relevant Resources:

2003 Telecommunications Act (translated pdf-English)

Austrian Data Protection Commission (English)

OECD Austria Page- includes Austrian goverment contact information

Anti-Spam Laws in the EU Resources from Email Marketing Reports

Email Rules in the EU Marketing Profs article

Overview:

Commencing April 11, 2004, Australia's Spam Act 2003 is one of the earliest opt-in laws surrounding commercial email. The law bans the sending of unsolicited commercial emails containing an Australian link. The act also pertains to instant messaging and telephone accounts. It states that the advertiser in a commercial message must provide identifying contact information as well as a working unsubscribe mechanism. In addition, address-harvesting software, as well as lists compiled using address-harvesting software are banned. The governing body in Australia responsible for enforcement is the Australian Communications and Media Authority (ACMA). Violators of Australia's Spam Act typically incur civil penalties and injunctions, the severity of which are based on previous offenses and damages incurred by victims.  Government bodies, registered political parties, charities, religious organizations and educational institutions are exempt. The law underwent a mandatory two-year review in 2005, where few amendments were made.

Enforcement Effects:

According to the ACMA, as a result of Spam Act 2003, 200 businesses have since been required to amend their email practices, five businesses have been fined over civil penalties totaling $20,000, and three businesses have provided enforceable undertakings. The ACMA has recently begun a federal case under the act against three companies for allegedly sending mobile users unsolicited SMS messages concerning Australian dating sites, seeking fines of up to $1.1 million per day. A hearing has been set for February 6.

Industry Self-Regulation:

The Australian eMarketing Code of Practice, coordinated by the Australian DMA outlines best practices for Australian businesses sending commercial email. It applies to all companies who use email or mobile as their main form of marketing, as well as third parties and affiliates who send on their behalf.

The Internet Industry Association's Spam Code of Practice outlines regulations for ISPs and email service providers which are enforceable by the ACMA under the Spam Act. Compliance with this code provides ISPs and ESPs legal protection under certain statutes. 

Relevant Sources and Resources:

Current Spam Act 2003 (pdf): Full text of the legislation.

ACMA: Spam and e-Security page.

EFA Australian Spam Laws: Includes EFA 2006 Review and Analysis of the Spam Act 2003.

OECD Task Force on Spam: Includes links to the laws, government enforcement contacts, organization pages and education and awareness initiatives. 

White SW Computer Law: Updates and an informative history the Spam Act and its enforcement from an Australian law office specializing in IT and intellectual property.

Email Marketing Reports: Outlines links, reviews, and relevant documents pertaining to Australian anti-spam legislation.

Starting in March, all ISPs in the UK are required to keep track of every email sent and received for a year and to provide that information to the government to help fight terrorists. Not only that, but they are going to pay the ISPs to do it. What colossal waste of money and invasion of privacy!

"Tough new Irish laws will see businesses face fines up to €250,000 if they are found guilty of sending unsolicited email.

Communications Minister Eamon Ryan has signed new legislation to tackle spamming and other unsolicited communications.

Under the new regulations, unsolicited mail for direct marketing purposes will be an indictable offence.

The Data Protection Commissioner can refer serious breaches of the legislation for prosecution through the Circuit Court where fines of up to €250,000 or 10pc of the company’s turnover, whichever is greater, can be imposed.

Fines for less serious offences will increase from €3,000 to €5,000.