State spam laws and the new CAN-SPAM

CAN-SPAM cancels out most provisions in more than 30 state anti-spam laws, ending a compliance headache for e-mail marketers, according to e-mail marketers and lawyers who have studied the law. But the new federal law leaves in place parts of state laws that prohibit false or deceptive information in commercial e-mail. CAN-SPAM also does not supercede state fraud or computer crime laws.

For example, when CAN-SPAM went into effect Jan. 1, it canceled out a tougher California law also scheduled to take effect in January. The California spam law would have required companies to obtain opt-in permission from all customers receiving commercial e-mail, whereas CAN-SPAM requires only that customers be able to opt out of commercial e-mail.

The California law would have held senders of unsolicited messages liable for damages of as much as $1,000 for each message to an individual and as much as $1 million for each e-mail advertisement sent. Passed last fall, the California law probably put the federal law on a fast track.

“Part of the reason CAN-SPAM was enacted so quickly was [due to] the California law … which many marketers had some issues with,” says Bart Lazar, a lawyer specializing in intellectual property and Internet law at Seyfarth Shaw law firm. “It just makes sense to have federal legislation that at least gives companies some comfort that they’re not going to get into trouble with one state,” he says.

The California law would have forced many companies to throw out their old e-mail lists and start again with opt-in permissions, adds Maureen Dorney, a lawyer at the Gray Cary law firm. “[E-mail marketers] were really suffering over that one, trying to figure out what to do,” she says.

Anti-spam activists have criticized CAN-SPAM’s opt-out approach, saying it allows spammers to continue sending unsolicited commercial e-mail. In the first days of January, after the law went into effect, spam-filtering companies measured no decrease in spam being sent across the Internet.

Although the new federal law supercedes state law in most instances, CAN-SPAM doesn’t prevent all state spam-related prosecutions. The law allows state attorneys general to bring prosecutions of CAN-SPAM violations, and states can still use their own laws to prosecute companies that send e-mails containing fraudulent or false information. Individual recipients of spam, including companies, may not sue spammers under CAN-SPAM, according to language in the law, but Internet service providers can file civil lawsuits for damages caused by spammers.

Now that CAN-SPAM is in place, legitimate marketers need no longer worry about complying with dozens of state spam laws, says Gail Goodman, CEO of Constant Contact, an e-mail service provider aimed at small and midsize businesses. Although the worst spammers are likely to be prosecuted under the new federal law, most legitimate commercial operations that use e-mail have nothing to worry about.

“Our customer base is not concerned with running afoul of fraud law,” Goodman says. “You don’t do those things by accident.”