New Zealand's new anti-spam law and how to prevent a $500,000 fine

Copyright © 2007 Evolve Marketing Ltd. All rights reserved.

You have until 5 September 2007 to make sure you are not an illegal spammer. On that date the "Unsolicited Electronic Messages Act 2007" comes into effect. We recommend you review your email practices to make sure you comply. The penalties for getting it wrong are significant (and of course your reputation will suffer).

Failure to comply with the Act could mean a fine of up to $500,000 and compensation or damages up to the amount of loss suffered by the victims or the amount of profit you made as a result of sending the spam.

Spam is estimated to make up around 80% of all email traffic worldwide. It clogs networks, reduces productivity and is often used for scams and malicious cyber-attacks.

Read on to learn what you must (and must not) do...

What the Act applies to
The Act applies to electronic messages...

• Email,
• Instant messages,
• Mobile phone messages, e.g. SMS,
• But not voice or fax...

... with a New Zealand link (i.e. messages sent to, from, or within New Zealand) that are commercial in nature.

NOTE: A single message may be spam. A message need not be sent or received in bulk to be considered spam.

What is a commercial message?
Commercial messages are those promoting goods, services, land, business or investment opportunities, or directing recipients to somewhere a commercial transaction can take place, such as a website.

BEWARE: A hyperlink to a company website in the signature of an otherwise non-commercial email would make it commercial!

Three steps to ensure you are not spamming...

1. Make sure you have recipients' consent
2. Identify your business and how you can be contacted
3. Include a functional unsubscribe facility

1. Consent

Before you send anyone a commercial email, you need their consent. There are three kinds of consent...

• Express consent is a direct indication from the recipient that it is okay to send the message. Examples of ways you can gain express consent are...
• Filling in a paper form
• Ticking a box on a website
• A phone or face-to-face conversation
   
• Inferred consent. You can send a commercial email to your existing contacts without express consent if you have a business or other relationship, which indicates that they would expect to receive that email from you.
• For example, I can email a marketing newsletter to my clients without having to obtain their express consent. I can infer consent because that is the focus of my business relationship with them. However, I could not infer consent to send them an email promoting an investment scheme.
   
• Deemed consent. You can send a commercial email to new contacts without express consent if...
• Their business email address has beenconspicuously published (e.g. on a website, brochure or magazine); and
• They have not stated that they do not want to receive unsolicited messages at that address; and
• Your message is relevant to the recipient's business or duties.
• For example, I could send an email to the owners of companies, having obtained their email addresses from their company websites, advising them of a new way to promote their products or services. However, I could not send that information to clerical staff as it is not relevant to their role.

2. Sender information

Your message must clearly identify the business responsible for sending the message and how it can be contacted.

If you use a third party to send messages for you, they must include accurate information about your business, i.e. name and contact details. This sender information must be accurate for a period of 30 days after the message is sent to ensure recipients can contact you.

3. Unsubscribe

Your message must contain a clearly presented and easy to use unsubscribe facility. It could be as simple as a line in your message saying, "If you do not wish to receive future messages, send a reply with UNSUBSCRIBE in the subject line." It need not be an automated process, but should be reliable.

You must honour a request to unsubscribe within five working days.

ACTION POINTS

1. If your email address is published on your website or elsewhere, add a statement that you do not wish to receive unsolicited messages at that address.
    
2. Keep a record of all instances where consent is given, including who gave the consent and how. Under the Act it is up to you to prove that consent exists.
    
3. It is also advisable to verify that consent has come from the actual holder of the email address. This can be done by requesting that the recipient reply confirming they would like to receive future messages (known as "double opt-in").
    
4. Review your existing database and if you are (a) not sure if you have their express consent, and (b) inferred consent does not apply, or (c) you are not confident that the existing relationship is strong enough to infer consent, you should obtain express consent (even if you have been emailing them for years).
    
5. Review your outgoing messages to ensure they comply.
    
6. Make sure your email signature file includes accurate company name and contact details, and that accurate sender information is included in all other electronic messages.
    
7. Add an unsubscribe statement at the end of your email signature file (and act on it within 5 days if someone does request to be unsubscribed), and ensure all other electronic messages include a clearly presented unsubscribe facility.

Disclaimer: We are not lawyers. This information is our interpretation of the Unsolicited Electronic Messages Act 2007. If you have any questions, please consult your lawyer or the Department of Internal Affairs at info@antispam.govt.nz. For more detailed information on the requirements the Act places on businesses, see the Unsolicited Electronic Messages Act Guide for businesses (PDF, 257 KB).