IAPP-GDPR Web Banners-300x250-FINAL

By Dennis Dayman, CIPP

If you hear "CAN-SPAM" and think of spiced ham or think "C-28" is a Chinese restaurant combo platter, you're either really hungry or--more likely--you're in need of a refresher on the rules for e-mail regulations.

Recently, there has been an increase in e-mail regulations. The CAN-SPAM Act, passed in 2003 and amended in 2008, was one of the earliest legislative efforts to rein in spam and ensure e-mail regulations. Just this past year, on December 15, 2010, Canada passed the C-28 Anti-Spam Act, making the sending of unsolicited commercial e-mails to or from Canada a prosecutable offense. Another bill--H.R. 5777, the Best Practices Act--is being discussed in the U.S. If passed, that bill will require transparency and disclosure when organizations collect personal data about online users' behavior and will only allow data recording from users who opt in.

As important as these laws are for e-mail marketers, the trend they represent is even more critical. With the increasing number of data breaches, for every attempt to bend the rules or profit at the expense of consumers, new legislation is created to prevent future offenses and punish the offenders. In this environment, noncompliance is not an option--marketers must understand and comply with privacy rules and regulations.

Knowing every letter of every law, however, is excessive. What marketers need to know are the guidelines common to most privacy laws. Here are five best practices:

  • Transparency: Telling people how you are collecting their data and what you're going to do with it are two things that marketers should have been doing all along. They are also major components of current and upcoming legislation--C-28 and H.R.5777. Informing people how their data will be used to cater to their specific interests is a much more successful and sustainable policy than withholding information from prospects.
  • Consensual activity: Marketers must realize if they are engaging in cross-border marketing, they now need approval from the recipient. The change isn't drastic; it requires little more than a Web page field that asks, "Can I send you something, yes or no?" For marketers, this is actually good news because e-mails won't be wasted on people who don't have a genuine interest.
  • Relevancy: Contacting only the people who want to be contacted and sending only the information they want is the heart of relevancy. It's also a major component of privacy. Avoiding the "I didn't want this" spam-button click reaction was once key to staying off blacklists; soon it may be part of staying out of the courtroom. The requirement for consent is a foundation for relevancy, but even after gaining a recipient's consent, the burden lies on marketers to send relevant content.
  • Adaptability of privacy policies: Laws can go only so far in defining acceptable privacy policies. To truly serve and protect people, organizations should be able to address privacy concerns at any point in a marketing process. The concept known as Privacy by Design asserts that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must become an organization's default mode of operation, ideally. Privacy by Design presents a set of "foundational principles" that can help companies innovate in ways that are consistent with Fair Information Practice Principles (FIPPs). With ever-changing privacy requirements, the ability to revise one's settings is not only an advantage but also a necessity.
  • Clarity: Small print and legalese should be a dead practice for marketers. The need for transparency, consent and relevancy can be undermined by unclear terms, confusing jargon or complicated clauses. People are much more apt to share data and continue receiving e-mails and other marketing messages when they understand what is going on. Already, draft bills and self-regulatory practices emphasize clarity, and, whether ratified or not, it makes sense to strive for clear messaging. A privacy policy just isn't enough anymore. This means that you will need to be "hyper transparent" when you're collecting, transferring and processing PII. You can NO LONGER think that posting in your privacy policy what you are doing with a person's information is sufficient. You need to become "hyper transparent."

These five points are compelling, but what else do marketers have to gain by complying with privacy laws and best practices? Efficiency.

A study conducted by Return Path found that more than four-fifths of e-mail delivery problems result from a sender having a poor reputation. A poor sender reputation stems from the regular bending or breaking of privacy rules and dissatisfied prospects reporting spam or noncompliant behavior. This means that noncompliant marketers attempting to reach a wider audience or build a bigger database--those valuing quantity over quality--are shooting themselves in the foot. Though an organization with a bad sender reputation may send out a greater volume of e-mails, the likelihood of those e-mails actually being effective or even being read is much lower than a reputable and compliant company.

Fear of sanctions and avoiding inefficiency shouldn't be the only motivators for organizations. As fundamental as it sounds, keeping prospects and consumers happy should always be top of mind for marketers.

According to Todd Defren, a principal of SHIFT Communications, "A happy customer tells three friends. An unhappy customer tells Google." What this translates to is for every one e-mail sent to a happy and well-informed recipient, there exists the possibility of additional word-of-mouth referrals. Or, in other words, it can literally pay to respect the privacy, consent and intelligence of a client or prospect.


Today, there is no reason not to comply with privacy rules and regulations. The laws and best practices are designed to satisfy and protect the people involved, while also affording organizations the potential to grow revenue and client base. If compliance is a question of capability as opposed to intent, third-party privacy monitoring and auditing services such as TRUSTe are available to ensure everything is as it should be. With all the information available, it makes sense for marketers to keep SPAM canned and have C-28 on the menu.

Compliance drives demand, leads and revenue.

Dennis Dayman, CIPP, is the chief privacy and security officer for Eloqua.


If you want to comment on this post, you need to login.


Related Posts


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»