Legal Issues Associated with Database Marketing

Customer databases are often not used to their fullest potential. Most companies are not aware of all of the ways that the information that they have collected from consumers can be used to increase or create revenue. Those that are aware of the ways that they can market to and monetize their databases are often hesitant to do so because they are unfamiliar with the various federal and state laws that govern database marketing. Such hesitation is justified considering the liability, including stiff fines, which can result from improperly marketing to consumer databases. Even if you are using, or planning to use, a third party to manage and market to your database, you should be familiar with the steps that must be taken at the time the information is collected to ensure that you are creating a database that can be marketed to lawfully.

This article provides a summary of two (2) of the most popular and effective marketing channels – email marketing and telemarketing – utilized in database marketing today. If you are interested in marketing to mobile phone numbers in your database, you should be aware that there are currently laws and other regulations in place that severely restrict your ability to market to mobile devices. As a result, you should obtain guidance from a licensed legal professional prior to engaging in any mobile marketing.

Email Marketing
The federal CAN-SPAM Act of 2003 (“CAN-SPAM”) sets forth specific requirements that must be followed when marketing via email, as well as penalties for those who violate the statute. Under CAN-SPAM, use of false or misleading header information is prohibited. In other words, you must indicate the identity of the sender in all email transmissions. Additionally, your subject line should accurately reflect the products or services that are being advertised in the email. Finally, you must clearly and conspicuously identify the e-mail as an advertisement, provide a valid physical postal address for the sender, and provide consumers with a mechanism for opting out from the receipt of future email. Industry best practices require that you obtain affirmative consent from consumers (i.e., that consumers “opt in” to receive commercial email). Therefore, you should always obtain affirmative consent at the time that you obtain the consumer’s email address. To obtain affirmative consent, it is necessary to state in explicit terms that appear directly above your website’s “submit button,” that by clicking the “submit button” consumers are providing their express, informed consent to receive commercial email from you. If third parties are also going to be marketing to your database, you must also obtain separate affirmative consent for the receipt of commercial email sent from such parties. In addition to placing “affirmative consent” language above your “submit” button, you must also set forth your policy regarding consent as it relates to the sending of email in the applicable website privacy policy. This agreement to the terms of the privacy policy and website terms and conditions should be obtained from consumers at the time of sign-up.

In 2003, the Federal Trade Commission (“FTC”) amended the Telemarketing Sales Rule (“TSR”) and created the National Do Not Call Registry (“DNC Registry”). Consumers that do not want to be contacted by telemarketers or directly by sellers may register their residential telephone numbers, including wireless numbers, on the DNC Registry. Telemarketers are required to scrub against the DNC Registry at least once every 31 days.

There are, however, a few exceptions to the rule that telemarketers may not contact consumers even if their telephone numbers appear on the DNC Registry. For example, if a consumer has given you express written permission to be contacted via telephone, you, or a third party calling on your behalf, may call the consumer even if the consumer’s number is on the DNC Registry. If written permission is obtained online, the consumer’s signature may be in the form of a valid electronic signature. Permission must be provided affirmatively, such as by checking an unpopulated box, and the fact that consumers are affirmatively granting such permission, regardless of the fact that their numbers are listed on the DNC Registry or any state “do not call” list, should be explained in clear terms directly above the “submit” button and in the applicable privacy policy. In addition to the permission-based exception, a telemarketer or seller may call a consumer who is listed on the DNC Registry if an “established business relationship” exists with the consumer. Under the “established business relationship” exception set forth in the TSR, a telemarketer or seller may call a consumer for up to 18 months after a consumer’s last purchase or payment, and for up to 3 months after the consumer makes an inquiry or submits an application to the company.

Obviously, if consumers specifically request that you place their numbers on your internal do not call list, you may not call them, even if they have given you permission or if an established business relationship exists.

Please note that this is only a brief overview of some of the legal issues surrounding database marketing. Remember to obtain guidance from a licensed legal professional prior to marketing to your database or that of a third party.


David Klein

David Klein is one of the most recognized attorneys in the technology, Internet marketing, sweepstakes, and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Trending Topics

data CIPA law Swigert law consumer protection data on cumputer screen

Swigart Law Group CIPA Demands

Readers of this blog likely know about the wave of consumer privacy litigation directed at online companies’ collection of consumer data. A litany of these

Read More »