If marketing is as simple as telling people who you are, what you offer and how to find you, people like us wouldn’t need jobs, right? The truth of the matter is that there is a lot of creativity, analysis and science involved in what we do day-in and day-out, and that’s just scratching the surface. When you combine the technical and artistic aspects of our job, with a world that’s becoming more and more regulated, there ends up being a lot to consider before ever putting the pen to paper (or stylus to Wacom tablet).
It’s important that you dive into the individual regulations attached to your specific organization or industry, but here are the basic regulations that you need to be considering before starting a marketing project.
The Americans with Disabilities Act exists to create equal opportunities for disabled or impaired consumers. Because the act was created in 1990 before the Internet was mainstream and certainly before businesses were using it for their day-to-day business communications, there has always been some uncertainty around how ADA compliance works for a website.
In 1999, the World Wide Web Consortium (W3C) came out with a set of rules around accessibility that work to follow similar guidelines set forth by the ADA. Called the WCAG, these guidelines consider everything from color contrast for individuals with color blindness or impairment to functionality within the code of the website that allows assistance readers to sort through a website more easily.
If your business is a public-facing organization in the very slightest, your website should be ADA compliant and should follow the regulations set by both the ADA and the W3C. This includes:
- Healthcare organizations or healthcare networks
- Non-profit organizations, especially those working with disabled individuals
- Financial institutions
- Colleges, universities and school systems
- Government organizations
- Online retail or websites that are heavily focused on online customer service/support
When the European Union passed the General Data Protection Regulation (GDPR) in May of 2018, there was a flurry of activity from businesses working to ensure their websites and data collection sources were compliant with the new regulation. Despite GDPR being a European ruling, it still affects businesses and organizations within the United States (and across the world) if they receive any traffic from the EU.
Essentially, GDPR states that any personal data that is collected by an online entity should be done so with the complete and explicit permission of that entity. Personal data is defined as, “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.”
What this means is, if your website is collecting data on a user, that user needs to give you permission to store that data, whether you intend to ever use it or not. Furthermore, if you do intend to use that data, either for research or marketing purposes, you need to let the user know exactly how that data will be used.
While it may seem like a hindrance to request more levels of approvals when collecting data, and to have an audit plan in place to ensure you’re above board, consider that you’re doing a service to your customers by helping protect their identity and information.
And it’s not just the European Union that is on board with this extra level of protection. Shortly after the regulation was released, California released its own version of GDPR called the Consumer Privacy Act. The Consumer Privacy Act allows consumers to know what information companies are collecting about them, why they are collecting that data and who they are sharing it with. The law won’t go into effect until January 2020, but now is the time to make the necessary adjustments to your data policies.
Similar to the privacy rulings set by GDPR, but specific to email marketing, the CAN-SPAM Act imparts regulations around how organizations collect email addresses and how they communicate to those email addresses going forward.
The CAN-SPAM act is one of the OG marketing regulations, as it was enacted in 2003, just as the email marketing boom was happening. Essentially, CAN-SPAM states that any email that’s sent for marketing or promotional purposes should follow these main requirements:
- The From, To, and Reply-To must be completely accurate and identify the person or business or initiated the email.
- Subject lines should be clear, reflect the content of the message and not be deceptive.
- Your email should be clearly identified as an ad.
- An address, or at least a PO Box should always be included in the footer of your email.
- Recipients should have the option to opt out of email communications at any time (you’ll see an overlap with GDPR here)
- Opt-outs must be honored promptly, meaning they should be removed or archived from your email list immediately and not receive any further email communications unless they opt back in.
There are some caveats to CAN-SPAM rulings when it comes to list leasing or purchasing. In theory, leasing or purchasing a list of email addresses that are listed as being interested in your product or company is covered under CAN-SPAM’s “initiator” requirements. However, if the business that you purchased or leased your email list from acquired that information via illegal means like email harvesting, then you could be in violation of CAN-SPAM.
Make Sure Your Marketing is Always Compliant
While we aren’t lawyers, we have learned a thing or two about the above marketing regulations. If you are a law firm, retail business, financial institution or college/university, there may be additional regulations that you will need to follow in addition to these three. Make sure you talk with your marketing agency (we can help!) or even your lawyer before getting started on your marketing campaign to make sure you’re checking all the boxes.