On December 8, 2003, the Controlling the Assault of Non-Solicited Pornography and Marketing Act or CAN SPAM Act (S. 877), moved one step closer to passage when the House agreed to the Senate’s proposed amendments. The bill will now be sent to the President for his signature. By its terms, effective January 1, 2004, the bill:

  • Requires inclusion of (i) a return address or a comparable mechanism, (ii) information identifying the message as an advertisement or solicitation, (iii) notice of the opportunity to opt-out, (iv) the sender’s physical address and (v) warning labels on sexually oriented e-mail messages;
  • Prohibits (i) false or misleading transmission information, (ii) deceptive subject headings, (iii) transmission of commercial e-mail after objection, (iv) transmission of messages to harvested e-mail addresses and (v) predatory and abusive e-mail activity (e.g., hacking into a computer to send messages or registering for multiple e-mail accounts using false information and sending messages from those accounts);
  • Exempts (i) messages to recipients who have provided prior affirmative or implied consent and (ii) “transactional or relationship e-mail messages”;
  • Provides for (i) enforcement by the Federal Trade Commission (FTC), federal functional regulators and states, plus (ii) civil actions by Internet service providers. Potential penalties include (i) statutory damages of up to $2M, (ii) treble damages and (iii) criminal fines and/or imprisonment;
  • Preempts state laws expressly regulating the use of e-mail to send commercial messages, except to the extent that such laws prohibit falsity or deception in e-mail messages, but not state trespass, contract or tort laws or any state laws relating to fraud or computer crime; and
  • Directs the FTC to prepare a plan and timetable for establishment of a “Do-Not-E-Mail” Registry and authorizes the FTC to implement the plan.

Many consumer financial services providers have been interested in using the Internet for solicitation and/or collection purposes, in addition to customer service. Unfortunately, many providers have collected e-mail addresses without first seeking to establish the basis for use or seeking affirmative or implied consent. The FTC can be expected to establish firm standards for obtaining affirmative or implied consent.

Mike Tomkies