February 11, 2008February 11, 2008

Ensuring Compliance In The Ensuring Compliance In The Email RealmEmail Realm

• The compliance basics

• Third-parties and affiliates—compliance for experts

• The big “take aways”

Agenda

• The compliance basics

• Third-parties and affiliates—compliance for experts

• The big “take aways”

Agenda

While most of the law’s prohibitions are aimed at the worstactors, CAN-SPAM’s required inclusions target all senders ofcommercial email

Clear and conspicuous notice that email is commercial (not “ADV:”)1. Does not apply if sender has “affirmative consent” of recipient

Clear and conspicuous notice of ability to opt-out

Working unsubscribe functionality1. Internet-based mechanism2. Of the sender’s choosing 3. Applied within ten business days

Subject lines that are not misleading or deceptive

Valid physical postal address

The Compliance Basics

The Commercial Notice Requirement

Clear and conspicuous notice that email is commercial (not “ADV:”)

While not a “flashpoint” of FTC litigation, the FTC has made this a “rider” offense under CAN-SPAM cases

1.United States of America v. Jumpstart Technologies—emails appeared to be personal and were playing upon that notion2.Federal Trade Commission v. Optin Global—email portrayed as a confirmation without commercial notice

Generally prevalent in all FTC actions that involved “predatory and abusive” practices

Clear and conspicuous notice of ability to opt out

According to the FTC, 80% of its spam cases alleged violation of the opt-out requirement

Clearly a compliance concern, an obvious way to unsubscribe should be the cornerstone for commercial email campaigns

1.United States of America v. Jumpstart Technologies—emails contained unsubscribe links like:–“Go Here to Manage Your Mailing Preferences”–“Visit the BonusBonez Mailing Manager”–“Why wait? You can stop getting mail at any time”

2.So how does a marketer know when their opt-out disclosure is “clear and conspicuous?”–The placement of the disclosure–The prominence of the disclosure–The clarity of the language—is it understandable to the intended audience

Managers should avoid the fancy or esoteric

1.“To stop receiving commercial email from us…”

The Understandable Unsubscribe

Working unsubscribe functionality

Part of the 80%, ensuring that your unsubscribe link works is essential for CAN-SPAM compliance Two cases establish the need to ensure nearly perfect unsubscribe functionality

1.United States of America v. ICE.com–6,000 emails sent over 40 days–Sent more than 10 day business days after receipt of opt-out–Purported to be a technical outage–Resulted in settlement with FTC

2.United States of America v. Yesmail–Defendant utilized a reply-to address as its unsubscribe functionality–Spam filter blocked opt-out requests from getting processed

Ensuring the Honored Opt-Out

Rethinking the Subject Line

Subject lines that are not misleading or deceptive

Next to unsubscribe issues, deceptive or misleading subject lines are a lightning rod of activity for the FTC The FTC cases have been clear that, when taken on their own, subject

lines must rise above deceptive or misleading:1.Jumpstart Technologies

–“Hiya!”–“Invite”–“Happy Valentine’s Day”

“A subject heading that the defendant knew, or had reason to know, would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.”

The Valid Physical Postal Address

Not As Difficult As the Law Makes It Sound

Other than cases involving a failure to include an address, the FTC has yet to prosecute where some valid address is present

FTC guidance on what it means?1. May 2005 NPR provides something to think on2. The FTC proposed defining “Valid Physical Postal Address” as including:

–Private Mail Boxes–Post Office Boxes–Street address

Agenda

• The compliance basics

• Third-parties and affiliates—compliance for experts

• The big “take aways”

• Working with other companies

• Ad networks• Affiliate programs & networks• Third-party email marketers• Offline direct marketers

• Various payment approaches

• Pay-Per-Click /Action• Pay-Per-Lead• Shared revenues• Pay for delivery

• Way to leverage own database more effectively• PII often necessary to share for affiliate monitoring, but also as part of the leverage

What Is Affiliate Marketing?

• Potentially joint ownership/use of consumer data

• Multiple privacy and contractual representations

• Transparency of transactions

How Does Affiliate Marketing Differ From Conventional Marketing?

Regulatory framework to be accountable for acts of affiliates

• CAN-SPAM: obligations imposed on advertiser, additional obligations on initiators

1. Implicit need to monitor actions of affiliates

• Gramm-Leach-Bliley: financial institutions must also require compliance by their vendors and service providers

• Section 5: prohibits unfair and deceptive trade practices. Application to affiliates?

Getting To Accountability

FTC ActionsCases brought by the FTC in several areas have suggested that marketers,

leveraging affiliates, should monitor affiliate behavior

• TJ Web – Jan 2007 settlement includes obligations onaffiliate review, based on CAN-SPAM

• Optin Global• Cleverlink Trading Ltd.• Zango• Cart Manager – March 2005

1. Director of Bureau of Consumer Protection’s press release statement of monitoring activities: “Companies and [vendors] must make sure that their privacy policies are in sync. A [vendor] cannot secretly collect and rent consumers’ personal information, contrary to a merchant’s privacy policy. At the same time, merchants have an obligation to know what their [vendors] are doing with consumers’ personal information.”

Getting To Accountability

New York Attorney General Actions

New NY AG Cuomo settles with major advertisers

in Jan 2007 -- online promotion of products and services

through another’s alleged deceptively-installed

adware programs

• Priceline• Travelocity• Cingular

Getting To Accountability

In what circumstances do companies have a

legal obligation to monitor affiliates?

What affirmative actions should your company

take to avoid any law enforcement action?

Establish necessary and reasonable policies and procedures,

depending on the level of relationship.

• It’s your playground, make the rules.• Know thy affiliate.• Don’t turn a blind eye.

Policies & Procedures

Establish standard operating procedures

for the relationship.

• Keep standards consistent.• If company doesn’t meet standards,

don’t bend rules – could be weak link.• Develop deployment strategies.• Rules for marketing: channels, media, frequency.

Playground Rules

Agenda

• The compliance basics

• Third-parties and affiliates—compliance for experts

• The big “take aways”

• Develop monitoring techniques to detect abuse• Utilize seeds • Leverage brand-monitoring solutions that identify

brand abuse• Ensure marketers are honoring channel representations• Verify/contractually require affiliates to use reputable

partners• Understand data collection and use policies

(and get contractual representations re: same)• Review applicable privacy policies as appropriate

(PII in particular)• Monitor suppression list and complaint activities

Know Thy Affiliate

The recent enforcement activities indicates that if youhave a close relationship with purportedly bad actors,you could be held liable for their actions, even if you didnot dictate them.

Blindness

Quinn Jalli, Esq.

Chief Privacy Officer and Vice President

of ISP Relations

Datran Media

345 Hudson Street, 5th floor

New York, NY 10014

Tel: (212) 706-4897

Fax: (212) 706-9758

Email: QJalli@datranmedia.com

Contact Information