best-practice
Address acquisition – know the legalities around personally identifiable information
Here’s a quick review of the legalities involved with collecting Personally Identifiable Information (PII).
In this Best Practice
Jump to
Here’s a quick review of the legalities involved with collecting Personally Identifiable Information (PII). At one time, having solid records of informed consent to send commercial email to people was not required by law. However, in many cases, it is now.
There are email and data protection regulations across at least 77 different countries, and they are all different. **We strongly recommend consulting legal counsel before undertaking any data collection.**The following four data protection laws are the best known at this time.
CAN-SPAM, United States
Marketers MUST comply with this federal regulation to legally send marketing email: violators can and have been successfully sued by the FTC. For more information about CAN-SPAM, see these links:
- US Federal Law CAN-SPAM
- The legal text of CAN-SPAM
Canada’s Anti-Spam Legislation (CASL), Canada
See the CASL Guide for more information or read the text of the law. Senders MUST comply with CASL if you send email to:
- a Canadian domain
- a Canadian user
- or is transmitted through Canada
General Data Protection Regulation (GDPR), Europe
The General Data Protection Regulation 2016/679 is a regulation in EU law regarding data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. Enacted on May 25, 2018, it is a very complex regulation; violations of this regulation can carry some severe fines. When building an email marketing campaign involving anyone residing in the EU, you should always consider it. For more information, please consult:
- Qualified legal counsel.
- The Wikipedia article about GDPR.
- The EU legal lexicon.
The California Consumer Privacy Act (CCPA)
This was enacted in 2018 and took effect on January 1, 2020, and applied to Californian consumers. This legislation gives CA consumers the following rights:
- The right to know what personal information is collected, used, shared, or sold, both as to the categories and specific pieces of personal information;
- The right to delete personal information held by businesses and by extension, a business’s service provider;
- The right to opt-out of the sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt-in consent, with a parent or guardian consenting for children under 13.
- The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.
For more in-depth information please visit State of California – Department of Justice – Office of the Attorney General.
The final word on laws around PII: CONSULT A QUALIFIED LAWYER.
Now it’s time to take a look at how to set up and configure your email program, starting with the necessary steps to take to avoid looking like a spammer!