In this episode of his "Clearly Conspicuous" podcast series, "The FTC Acts Against Experian Customer Services," consumer protection attorney Anthony DiResta discusses the recent Federal Trade Commission (FTC) action requiring Experian to pay $650,000 for violations of the CAN-SPAM Act. Mr. DiResta delves into CAN-SPAM compliance, offering a comprehensive guide to avoid potential legal pitfalls in email marketing. He highlights the active enforcement of consumer protection laws and underscores the importance of adhering to legal standards to safeguard consumer rights and ensure business success.

Listen to more episodes of Clearly Conspicuous here.

Podcast Transcript

Welcome to another podcast of Clearly Conspicuous. As we noted in previous sessions, our goals in these podcasts is to make you succeed in this current regulatory and governmental environment, make you aware of what's going on with consumer protection agencies and give you practical tips for success. As always, it's a privilege to be with you today.

The Federal Trade Commission's Action Against Experian Consumer Services

Today we discuss the Federal Trade Commission's action against Experian Consumer Services, which offers consumers access to their Experian credit information. Experian will be required to pay $650,000 to settle charges that it sent to consumers unsolicited emails without offering them a way to opt-out of such messages as required under the CAN-SPAM Act. So let's start with a primer on CAN-SPAM and the ways in which the FTC looks at it. CAN-SPAM Act doesn't apply just to email, it covers all commercial messages, which the law defines as "any electronic mail message, the primary purpose of which is the commercial advertisement or promotion of a commercial product or service," including email that promotes content on commercial websites. The law makes no exception for business-to-business email. That means that all email — for example, a message to a former customer announcing a new product line — must comply with the law. Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to over $50,000. So noncompliance can be costly.

But following the law isn't complicated, and here's a rundown of CAN-SPAM main requirements, and I'll try to put this in eight steps.

  1. Don't use false or misleading header information. Your from, to, reply to and routing information, including the originating domain name and email address, must be accurate and identify the person or business who initiated the message.
  2. Don't use deceptive subject lines. The subject line must accurately reflect the content of the message.
  3. Identify the messages as an ad. The law gives you a lot of leeway on how to do this, but you must disclose clearly and conspicuously that your message is in advertising.
  4. Tell recipients where you're located. Your message must include your valid physical postal address. This could be your current street address, the post office box you've registered or private mailbox.
  5. Tell recipients how to opt-out of receiving future marketing email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt-out of getting marketing email from you in the future. Craft the notice in a way that's easy for an ordinary person to recognize, read and understand.
  6. Remember that subscribers and members can opt-out of marketing emails, too. Recipients of emails from a sender that runs a subscription, service or membership program still have the right to opt-out of marketing messages from you. While you don't need to get member's consent to send them marketing emails, subscribers and members don't lose their ability to opt-out of marketing emails from you simply because they have a subscription or membership.
  7. Honor opt-out requests. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient's opt-out request within 10 business days. You can't charge a fee, require the recipient to give you any personally identifiable information beyond an email address or make the recipient take any step other than sending a reply email, or visiting a single page on a website as a condition for honoring an opt-out request.
  8. Finally, monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you cannot contract away your legal responsibility to comply with the law. Both the company whose product was promoted in the message and the company that actually sends the message may be held legally responsible.

OK, with that behind us, back to the action by the FTC. In a complaint filed by the Department of Justice on behalf of the FTC, the agency says the California-based Experian Consumer Services, also known as consumerinfo.com, spammed consumers with marketing offers after they signed up for an account with the company in order to manage their Experian credit report information. In the emails, the company failed to provide clear and conspicuous notice of consumers' ability to opt-out of receiving additional marketing messages, and the mechanism for doing so, in violation of the CAN-SPAM Act, according to the complaint. "Signing up for a membership doesn't mean you're signing up for unwanted email, especially when all you're trying to do is freeze your credit to protect your identity," says Sam Levine, director of the FTC's Bureau of Consumer Protection. He continues, "You always have the right to unsubscribe from marketing messages, and the FTC takes enforcing that right seriously." Consumers who wish to freeze or take other steps to manage their Experian credit information online must create an account with the company. The complaint charges the consumers who signed up for a free membership account with the company were then sent emails promoting Experian products and services, such as one touting Experian Boost, which promotes ways for consumers to boost their credit scores, and another that offers a free "dark web" scam. But the emails do not contain an unsubscribe link consumers could use to keep from receiving even more marketing. In addition to the $650,000 penalty, the proposed order prohibits the company from sending marketing emails that fail to offer a mechanism to opt-out of such messaging. The order must be approved by a federal court before it can go into effect.

Key Takeaway

So what's the key takeaway here? CAN-SPAM is alive and well. So is FTC enforcement. And I want to say this, in my experience as a lawyer who defends companies and individuals in governmental investigations, I've never seen the FTC be so active in law enforcement actions and other initiatives. The staff is working around the clock. So please stay tuned for further programs as we identify and address the key issues and developments, and provide strategies for success. And I wish you continued success and a meaningful day. Thank you.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.