New data privacy laws in Tennessee, Indiana, Montana, and Iowa put these states on par with Connecticut, Colorado, Virginia, Utah and Texas; all of them have new data privacy laws which, among other things, require affirmative opt-in and consent before you can use someone’s email address, such as adding it to a mailing list or using it for targeted advertising. It’s important to understand that this doesn’t just apply to businesses which are headquartered in those states; most of these state laws also apply to anyone doing business with someone in that state.

Businesses in the U.S. have been spoiled up until now, being used to collecting email addresses in a variety of ways, and doing whatever they want with them until the person at the other end of that email address cries “uncle!” But no more. Do that now and you risk emailing someone in one of the states with these new state laws, some of which are already in effect (Virginia) or will be within a week of the writing of this article (Connecticut and Colorado).

Nearly all of these laws (including, as we’ve previously written about, those of Connecticut, Colorado, Virginia, Utah, and Texas) essentially exempt small businesses inasmuch as they apply to businesses who meet a certain threshold in terms of the number of individuals for whom they collect or process personal data. For the most part these laws apply to your business if you collect or process the data of 100,000 or more individuals in a year, unless you are monetizing that personal data, in which case the threshold is lowered to 25,000 to 50,000 (depending on the state) plus a specified percentage (25% to 50%) of your total revenue coming from such sale.

That said, the Texas law, as we mention here, does it a bit differently: instead of stating a threshold, the Texas law applies to any business which does not meet the Federal definition of a small business, as defined by the Federal Small Business Administration.

Consent and Affirmative Opt-In for Email

All of these state laws require affirmative consent (i.e. opt-in) before you can use an individual’s personal data, which includes email addresses. A typical clause in these laws says that you may “not process personal information for purposes that are beyond what is reasonably necessary to and compatible with the disclosed purposes for which the personal information is processed, as disclosed to the consumer, unless the controller obtains the consumer’s consent.” (This language in particular is from Tennessee’s law, but they all have similar, if not identical, language.)

This means that, for example, when someone gives you their email address in the course of placing an order, you may not put that email address on an email marketing list because that is not necessary for the purposes of fulfilling the order. In order to be able to put their email address on your email marketing list you must either clearly disclose that submitting an order will also result in their email address being put on your email marketing list, or you must get their clear consent to be put on your email marketing list.

We are only touching here on the requirements for opt-in before using someone’s email address in these laws, of course there’s a lot more to each of these laws as they concern data privacy in general, such as requirements for universal opt-outs, notifications, and more. Tennessee’s law goes into effect on July 1, 2024, Montana’s law goes into effect October 1, 2024, Iowa’s on January 1, 2025, and Indiana’s on January 1, 2026.

You can read each of these laws here:

Tennessee’s law

Montana’s law

Indiana’s law

Iowa’s law

You can find links to the Connecticut, Colorado, Virginia, and Utah laws here and to the Texas law here.

Iowa, Montana, Indiana, and Tennessee Join Ranks of States with Email Opt-In Requirement in New Data Privacy Laws

Let us help YOU get to the inbox like we've helped these others!

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *

We are ISIPP SuretyMail, the original certified sender program and email deliverability service. Learn more here
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Filter by Categories
Blocklists and Blacklists
Content Issues
Email Authentication
Email List Building
Feedback Loops
Mailing List Hygiene
Monitoring and Tracking
Opt-in Practices
Our News
Privacy & Email Laws
Sending Practices
SMS Marketing
Spam Complaints
Technical Stuff
The Industry
Need Help Getting to the Inbox?
If you need help getting out of the spam folder and into the inbox, we're here for you. Our deliverability services come with a personal touch, and we get results. That combination has created customer loyalty that's nearly unheard of. (testimonials)
Read what we'll do for you here.

Join our email community and get
How to Stay Out of the Spam Folder 
& How to Grow Your Email List free!

 Get to the Inbox by SuretyMail
The Original Email Deliverability Company

Free stuff!
Skip to content