Australia: Spam (not the canned variety): How can you comply?
EBIT (Emerging Business, Innovation and Tax)

Businesses face significant fines where they distribute spam. Therefore, they must ensure that they have processes in place that enable compliance with the Spam Act 2003 (Cth) (Act).

Most people can relate to the frustration of receiving unsolicited mass emails about new products and offers in which you have no interest. The Act seeks to pBy Michael Park and Sara Paytonrovide some relief from these messages by prohibiting persons from sending, or causing to be sent, unsolicited commercial, electronic messages (CEMs). Only SMS and email messages are caught by the Act. However, other statutes, such as the Do Not Call Register Act 2006 (Cth), operate to restrict other forms of marketing.

Interestingly, the act of sending CEMs is not of itself prohibited by the Act. However, the Act mandates that 3 requirements be satisfied each time CEMs are sent: obtain the consent of the recipient, identify the sender and include a functional unsubscribe facility.

Consent

CEMs may only be sent with the consent of the recipient. Consent may be express, such as when a customer ticks an opt-in box on a website. Consent may also be inferred in some cases. Where the sender has an established relationship with the recipient and the recipient would reasonably expect to receive the message, consent will usually be inferred; for example, a hair salon reminding a customer of an appointment. Consent may also be inferred where a work related email address is conspicuously published and the sender sends a CEM that directly relates to that person's line of work. While you may have the consent of a customer to send a CEM, the customer can withdraw his or her consent at any time. It is therefore important for businesses to keep accurate records of persons who have provided or withdrawn their consent.

Identify the sender

CEMs must include accurate sender information. Therefore, where you are sending CEMs, you must ensure that the message identifies you, or your organisation, as the sender of the message and details how the recipient can contact you.

Functional unsubscribe

Recipients of CEMs must have the opportunity to opt-out. Any CEM that you send must contain a functional unsubscribe facility which must remain functional for at least 30 days after the CEM is sent. The Act provides some relief from this requirement where the message contains only factual information. However, businesses must exercise some caution in relying on this exclusion as the distinction between promotional and factual information can often be quite blurred. For example, although a catalogue contains factual information about products and prices, this would not fall within the exception and an opt-out function would need to be included.

Compliance

The penalties associated with breaching the Spam Act are significant. In fact, a breach of the Act can result in fines ofup to $1.1 million per day. Therefore, businesses must ensure compliance.

The eMarketing Code establishes an industry code for sending electronic messages in accordance with the Act. The Code provides a useful tool in offering further guidance to businesses in respect of how they can comply with the Act. Although the provisions of the Code largely reflect the Act, the Code also deals with spam more widely, such as 'friend-get-friend' marketing campaigns.

Recent penalties for breaches of the Act have been very substantial. For example, fines of $22.25 million were imposed on several associated defendants for sending unsolicited premium SMS.

With such a significant risk to businesses, it is vital that any commercial email or SMS you intend to send complies with the Act. If in doubt, seek legal advice in respect of your proposed actions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.