The ABCs Of Email Regulations

by Michele Karrlsson-Willis December 2, 2015
December 2, 2015

Email may be one of the fastest growing communication channels that we have today, so it’s not surprising that so many companies use it as a main form of customer communications. What they learn however, is that sending emails is not as easy as it may seem. There are actually a lot of rules and regulations around email distribution, that have to be followed by all ESPs . I can already imagine your heads hitting the keyboards, as you fall asleep at the mere mention of email regulations!

Instead, I hope to keep you engaged by taking you through a step by step guide, explaining the ABC’s of email regulations. .

The ABC’s Of Email Regulations

A is for Anti-SPAM regulations. As in CAN-SPAM compliance. Senders can face large fines if they don’t follow these regulations:

  • Don’t use false or misleading header or subject line information
  • Tell recipients where you’re located
  • Tell recipients how to opt-out of receiving your emails
  • Honor opt-out requests within 10 days

B is for Best Practice. Including an unsubscribe functionality in an email is a great example. While many types of transactional emails don’t require unsubscribes, you should always present this option and make it easy for end users to action it.

C is for CASL. Canadian Anti Spam Legislations. If you are sending emails to or from Canada, you need to be aware that CASL has taken your basic CAN-SPAM compliance to another level by adding these additional requirements:

  • Explicit or implicit consent
  • Companies must retain a record of consent confirmations

D is for data, as in ‘electronic protected health information” (e-PHI) pertinent to HIPAA regulations. HIPAA is Health Insurance Portability and Accountability Act and it aims to protect the confidentiality and security of healthcare information. There are 5 categories of requirements that relate to email:

  • Access controls: who can access e-PHI
  • Audit controls: safely storing e-PHI
  • Integrity: ensuring there is no tampering with or destroying e-PHI
  • Transmission security: safely sending e-PHI
  • Authentication: the correct recipient must receive e-PHI

E is for the eSign Act.

  • eSign states that electronic signatures, contracts, and other records relating to “transactions in or affecting interstate or foreign commerce” have the same weight and force in law as their paper counterparts. So, go ahead and give recipients the option to sign their documents or policies electronically!

F is for Federal Trade Commission (FTC) ‘Red Flags’: potential patterns, practices, or specific activities indicating the possibility of identity theft. Companies must comply by taking specific steps to limit the risk of identity theft for existing customer transactions.

  • If you are sending emails on behalf of creditors or financial institutions, make sure sufficient authentication methods are in place to safeguard the attached, confidential documents, such as bills, statements or policies.

G is for guidance. When is doubt – ask an expert! We are always happy to help you navigate through email rules and regulations, so you can deliver your email campaigns successfully!

Digital & Social Articles on Business 2 Community


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.