If you’ve worked in marketing for any time, you’re aware that there are laws in your state/country regulating the use of citizens’ data and protecting citizens’ privacy. What you might not be aware of though is the specifics of these laws, or that some laws transcend state and country boundaries.
We’re touching on four laws with great impact on businesses in the US, Canada and Europe below. As this is a fast-evolving and complex topic that will affect all businesses differently, it’s best to do your own research as well or consult a legal professional.
1. General Data Protection Regulation (GDPR)
GDPR is an EU regulation that governs privacy laws for all EU citizens. All companies, in all countries, that process or hold data on EU residents need to comply with GDPR or risk massive fines.
The requirements include clear consent and opt-in from EU contacts to be processed and contacted, along with limits on the information you can collect.
2. Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM)
CAN-SPAM is an older law that impacts email marketing in the US. It only impacts US-based companies and bans deceptive and misleading information in email header and subject lines.
CAN-SPAM is also the reason why mass email tools require opt-out info be included, usually in the email footer.
3. The Personal Information Protection and Electronic Documents Act (PIPEDA)
PIPEDA is similar to GDPR in that it regulates the collection and usage of citizens’ information, but it applies to Canadian citizens instead of EU citizens. Unlike GDPR, PIPEDA does not transcend country lines, and it also does not apply in certain provinces that have similar or stricter privacy laws in place.
The requirements include clear consent when collecting, using or disclosing personal info, along with re-obtaining consent if the info will be used for another purpose.
4. California Consumer Privacy Act (CCPA)
CCPA kicks in January 1, 2020, to regulate the usage, collection and sharing of California residents’ information. It affects companies doing business in California that meet one of three requirements around annual gross revenue and data collection/selling.
The requirements include giving contacts the right to opt-out of sale of their personal info via a link on the company’s homepage.
We recommend delving into the specifics of the laws impacting your company to ensure compliance, but there are also some general best practices you can follow:
- Only contact people who have expressly opted-in to messages from your company
- Allow contacts to enroll to subscription types, and only send the types of information they request
- If you’re unsure of a contact lists origin or age, don’t use it! The consequences could be very severe
- Don’t buy or sell contact data
- Give contacts a way to unsubscribe or to request full deletion of their information
- Stay up-to-date on privacy regulations, and update your company’s processes as needed
Interested in the specifics of these laws, including the main requirements and consequences of non-compliance? Visit our privacy law reference page for up-to-date information on the top laws.