As to CAN SPAM, with a broad brush the rules tell us that:
- Header information can't be false or misleading.
- Subject headings can't be misleading or deceptive.
- Email advertisements must have an opt-out mechanism that is clear and conspicuous.
- The sender's postal address must be identified.
- The message must be identified somewhere as an advertisement.
(If someone opts- out, you have ten days to get that done. Which is not an issue if this is a one-time mailing, but if it is successful and you do a follow-up, you need to have removed those opting-out.)
If you want to dig into this more, look at Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN SPAM) 16 CFR 316 and the FTC website. You'll also find some webinars in the BOL Banker Store.As to Privacy, Section 216.13 of Regulation P allows you to disclose a consumer’s nonpublic personal information to a nonaffiliated third party who performs services for you or functions on your behalf without providing the consumer an opt-out notice. However, to qualify for this exception, you must (1) enter into a contractual agreement prohibiting the third-party recipient from disclosing or using the nonpublic personal information other than to carry out the purpose(s) for which you disclose the information and (2) provide an initial notice to the consumer, whether or not he or she is your customer, that includes a separate statement describing the categories of information you disclose and the parties with whom you have contracted. Section Section 216.6(a)(5) and 216.13(a)(1). If you satisfy these requirements, you could, for example, enter an arrangement under which you disclose nonpublic personal information to a nonaffiliated third party that markets your own financial products and services, such as a telemarketer or direct mail marketer.
First published on BankersOnline.com 8/11/08