Are You Emailing Customers? Make Sure to Protect Their Information
Disclaimer: I am not an attorney, so please do not consider anything written here to be legal advice. For any questions regarding privacy laws or anti-spam laws, please contact an attorney.
But, if you collect your customers’ data and send them emails, you might want to pay a little more attention. There’s a reason your inbox was flooded with those emails – the European Union (EU) started enforcing their General Data Protection Regulation (GDPR) on May 25, 2018.
If you deal with anyone in the EU at all, I strongly recommend that you look into GDPR and make sure you’re compliant. For the rest of this post, however, I’m going to focus on the good ol’ US of A.
So, it’s important to keep an eye on any changes and updates to privacy laws and anti-spam laws to make sure you’re compliant.
It’s important to let your customers know what information you’re gathering from them and why. Make sure that you’re fulfilling any promises you make to your customers.
Some states have their own privacy laws, so you’ll want to make sure you comply with those, too.
The Federal Trade Commission (FTC) spells out some pretty specific requirements if your business emails anyone. You can find these requirements in the CAN-SPAM Act. If you violate the act, each separate email in violation could cost you up to $41,484. Non-compliance is not worth the risk.
The CAN-SPAM Act spells out seven main requirements:
Don’t Use False or Misleading Header Information
When you’re sending an email, your “From,” “To,” and “Reply-To” fields must accurately portray you. In other words, when we (Workful) sends you an email, you’ll always see “Workful” in the “From” field. You’ll never see your brother’s name, some other company, or anything else.
Don’t Use Deceptive Subject Lines
Your email subject lines should always reflect the content of your email. You can’t put “Free earrings” in the subject line if you have no intention of giving anyone free earrings.
Identify the Message as an Ad
The CAN-SPAM Act doesn’t really spell out what this means, so you don’t have to put “This is an ad” at the top of every email. But, you shouldn’t try to make the email seem like a personal email when you’re really trying to sell something.
Tell Recipients Where You’re Located
Your emails have to include your mailing address – whether it’s a street address or a post office box. The easiest way to do this? Put your address in the footer of your email.
Let Recipients Know How to Opt Out of Future Emails from You
Your recipients gave their information to you voluntarily, and they should be able to take it away just as easily. Any email you send should include a clear way for your recipients to opt out of any future messages from you.
A lot of email-marketing platforms, like Mailchimp, will automatically include a link in each email that will allow recipients to opt out with the click of a button. If you’re not using an email marketing platform, you can have a note at the bottom of every email telling people to respond with “Unsubscribe” to opt out of future messages from you.
Honor Opt-Out Requests Promptly
It’s not enough to give recipients the option to opt out of your emails; you have to actually take them off your list.
What does promptly mean? According to the FTC, it means that the opt-out method must process opt-out requests for at least 30 days after the message was sent. And, you must honor all opt-out requests within 10 business days.
Monitor What Others Do on Your Behalf
Does another company handle your email marketing? That’s fine; nothing illegal about that. However, you’re still legally responsible for complying with the CAN-SPAM Act, so make sure the company you hire is doing what they’re supposed to.
5 Quick Tips to Help You Protect Your Customers’ Information
Okay, now you know why you have to protect your customers’ information. But, how do you go about doing that? Here are five quick tips to get you started:
Conduct a Data Audit
Before you collect anymore customer data, take a look at what you already have. Review what information you’re collecting, what information you actually need to collect, and how you’re storing that information.
After you review how you’re storing the information, you should also look at who has access to the information. If only marketing needs the information, then why does John in shipping have access?
Don’t Collect What You Don’t Need
Now that you know what information you’re collecting, stop collecting any information you don’t need.
Maybe, you’re collecting birthdates because you might need them later. If you don’t need anyone’s birthdate now, stop asking for it.
The less information you have, the less you have to worry about in the case of a data breach (which can, unfortunately, happen).
But now, you might have a couple of questions.
the kind of information you’re collecting,
why you’re collecting that information,
what you’ll do with the information,
how the information may be shared with other parties,
how the customer or subscriber can review and edit their own information,
a description of any changes you’ve made to the policy, and
the dispute resolution procedures if the customer or subscriber has a problem with how their information is being used.
Let Customers Complain
So, you have to have a process in place to let them tell you about their issues with it. It can be as simple as giving them a specific email address or providing an online form to fill out. No matter what method you use, however, make sure you take each complaint seriously and respond to it professionally and calmly.
When in Doubt, Bcc
If you’re using a standard email client (like Outlook or Gmail), then be extra careful when you’re emailing multiple people at once.
If you’re not making an introduction, then use the blind carbon copy (Bcc) field, instead of “To” or “Cc”. When you use “Bcc”, the people you send the email to will not be able to see each other’s email addresses. If you don’t do this, then someone on that list could add those emails to their own email list and start spamming them – you didn’t do what you promised and keep their information private.
Privacy is a big deal. When you handle customers’ information, you should take privacy and anti-spam laws very seriously. Take the necessary steps to keep your customers’ information safe and secure, and only email them important and relevant information to avoid spamming them.