Micfo CEO Amir Golestan has been sentenced to prison for five years for using made-up people and fake email addresses in order to amass more than 735,000 IP addresses which he then sold to spammers and scammers in China, Saudi Arabia, and elsewhere, along with a smattering of actual legitimate customers. The actual crime of which he is convicted is wire fraud, however for our purposes it is the subject of that fraud, the acts and deeds which led to the fraud charges, which are interesting.
Here is a GDPR country contacts list, in other words a list of GDPR countries and to whom questions or complaints involving GDPR should be directed for each country. This GDPR countries list is based on information compiled directly from the European Data Protection Board (EDPB).
Many people don't realize that when Brexit happened the United Kingdom ("UK") adopted their own version of GDPR, often referred to as the UK GDPR. When it comes to email marketing in the UK, the UK Information Commissioner's Office (ICO) has made fairly explicitly clear that under the UK GDPR there are only two situations in which you can send someone email marketing: you must either have their prior consent, or they must be an existing customer (this is the so-called "soft opt-in").
Yesterday afternoon (8/24/23) a Federal court judge handed the Republican National Committee its head on a platter. As you may recall the RNC had sued Google, claiming that Google's spam filtering algorithm was intentionally anti-Republican. Google then countered by offering a pilot program to any political campaign that would adhere to Google's best practices for email - a spam-filter offramp, if you will - in other words they would not even have to have their email run through certain spam filters.
Think the FTC and DOJ won't come after you if you violate CAN-SPAM? Think again. Experian's ConsumerInfo.com just got a rude awakening: you actually do have to comply with CAN-SPAM, or the FTC and DOJ will come after you - and win.
You may have heard of Charlie Javice and her now-defunct company Frank, as they have been in the news a lot lately. But in case you haven't heard of Charlie Javice, she, through her company Frank, it is alleged, conspired to fleece J.P. Morgan Chase (JPMC) out of millions of dollars by perpetrating a fraud whereby they fabricated a user list of millions of people, including email addresses, and then used that to entice JPMC to acquire them. Here's how they did it, what happened next, and how they were brought down and are now facing criminal charges.
New data privacy laws in Tennessee, Indiana, Montana, and Iowa put these states on par with Connecticut, Colorado, Virginia, Utah and Texas; all of them have new data privacy laws which, among other things, require affirmative opt-in and consent before you can use someone's email address, such as adding it to a mailing list or using it for targeted advertising. It's important to understand that this doesn't just apply to businesses which are headquartered in those states; in at least some of these states their law also applies to anyone doing business with someone in their state.
Texas has passed their HB 4, joining a growing list of states which have passed their own data privacy laws, laws which impact email and email marketing, among other things. The new Texas law goes into effect on July 1, 2024, and affects any business which either is in Texas, or which does business with individuals who reside within Texas. It is also very strict on email address collection, email use, and email marketing, and among other things it requires consent before you do nearly anything non-transactional with someone's email address. We break it down for you here.
Just when you thought it was safe to turn your back on political email skirmishes, Ready for Ron (RFR) challenges the Federal Elections Commission (FEC) in Federal court over not being allowed to give a list chock full of email addresses to a candidate. Now before you get excited to imagine that the FEC and the court cared even a tiny bit about the privacy of the email addresses, they didn't. What they cared about, and what the FEC opinion letter and subsequent case turned on, is the value of an email address or, more precisely, the value of a list of contact information of 200,000 people, including email addresses. And both the FEC and the court cared enough to hold that the value of that list exceeds the maximum allowed contribution to a candidate by a single entity.
Not confirming email addresses can put your customer in physical danger, and can cause you legal liability if they are harmed. We've written before about how not confirming email addresses can potentially create real-world, real legal liability, because in certain settings, and particulately in ecommerce, it can actually lead to your customer suffering physical harm; maybe even death.
