Does 'Can Spam' Travel?
• Data not kept longer than necessary;
• Data be processed in accordance with the data subjects' rights;
• Data be secure;
• Data are not transferred outside the European Economic Area to countries that do not have adequate levels of data protection without the consent of the data subject.
At the heart of those principles stands the twin pillars of notification and fair processing. Notification means that when collecting personal information you must explain why you are doing so and how you plan to use it. You must clearly identify who you are and how you can be easily contacted. Each purpose must be covered, as well as the types of third parties you intend to pass any information on to.
Fair processing requires that an opt-out mechanism exists in each communication sent to the subject, either from you or third parties that may be using the data. Consent can be withdrawn at any time.
These twin pillars underpin everything else. Other mechanisms or steps taken to collect personal information and subsequent electronic marketing, will not be sufficient if the twin pillars are not properly interpreted.
Can Spam in a Global Environment
Trying to enforce Can Spam mechanisms can cause unforeseen consequences. For example, insisting on using a header that identifies the source owner of the data in preference to the third-party sender means that any un-subscribes would require the source owner to stop communicating with the recipient, rather than opting out from future third-party communications. Rather, the desired outcome can achieved by detailing the reasons why the recipient was e-mailed in an link to a Permission Marketing Policy alongside the unsubscribe lin--provided the appropriate degree of consent was been obtained during data collection. So, using headers to mask a lack of consent for use by third parties is no substitute for obtaining personal data with due reference to these twin pillars of European legislation. US CAN SPAM: