Address acquisition – know the legalities around personally identifiable information

There are email and data protection regulations across at least 77 different countries, and they are all different. We strongly recommend consulting legal counsel before undertaking any data collection. The following four data protection laws are the best known at this time.

CAN-SPAM, United States

Marketers MUST comply with this federal regulation to legally send marketing email: violators can and have been successfully sued by the FTC. For more information about CAN-SPAM, see these links:

• US Federal Law CAN-SPAM
• The legal text of CAN-SPAM

Canada’s Anti-Spam Legislation (CASL), Canada

See the CASL Guide for more information or read the text of the law. Senders MUST comply with CASL if you send email to:

• a Canadian domain
• a Canadian user
• or is transmitted through Canada

General Data Protection Regulation (GDPR), Europe

The General Data Protection Regulation 2016/679 is a regulation in EU law regarding data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. Enacted on May 25, 2018, it is a very complex regulation; violations of this regulation can carry some severe fines. When building an email marketing campaign involving anyone residing in the EU, you should always consider it. For more information, please consult:

• Qualified legal counsel.
• The Wikipedia article about GDPR.
• The EU legal lexicon.

The California Consumer Privacy Act (CCPA)

This was enacted in 2018 and took effect on January 1, 2020, and applied to Californian consumers. This legislation gives CA consumers the following rights:

• The right to know what personal information is collected, used, shared, or sold, both as to the categories and specific pieces of personal information;
• The right to delete personal information held by businesses and by extension, a business’s service provider;
• The right to opt-out of the sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt-in consent, with a parent or guardian consenting for children under 13.
• The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.

For more in-depth information please visit State of California – Department of Justice – Office of the Attorney General.

 The final word on laws around PII: CONSULT A QUALIFIED LAWYER.

Now it’s time to take a look at how to set up and configure your email program, starting with the necessary steps to take to avoid looking like a spammer!