Joel Brady, Claims Counsel – Media/Professional Insurance

Given the ever-expanding reach of the Internet and the proliferation of “e-commerce”, you are most likely aware that spam is more than just an interesting variety of gel-covered luncheon meat. With apologies to those with a predilection for Hormel’s famous product, SPAM™, the pejorative term “spam” refers to unsolicited commercial e-mails. If any facet of your business (or your clients’ business) utilizes e-mail advertising, you should know that at least 37 states have already enacted anti-spam laws. A recently-signed bill from Governor Schwarzenegger’s California, set to become law on January 1st, 2004, is easily the most restrictive anti-spam law yet. Just as the Terminator targeted John Connor, the law is poised to target not only the actual senders of unsolicited commercial e-mail, but also the advertisers whose goods or services are featured in the e-mail.

However, California’s mission appears likely to be terminated before the law ever takes effect. Both the U.S. Senate and House have recently passed anti-spam legislation which is expected to be signed into law by President Bush before the end of the year, and which would pre-empt state laws. Though uniform federal anti-spam legislation would eliminate some of the uncertainty involved in dealing with all of the various state laws, risk management for companies that engage in e-mail advertising is still a daunting task that requires monitoring of the constantly evolving legal landscape.

Some estimate that spam comprises up to eighty percent of all e-mail traffic. The rise in popularity of e-mail advertising creates new concerns for the proactive risk manager: How are these laws currently being enforced? Will this new California law survive? How can one ensure compliance with the federal anti-spam law?

An example is illustrative: amendments to Utah’s “Unsolicited Commercial and Sexually Explicit E-Mail Act” led to the filing of hundreds of new lawsuits. The Utah statute provides that the recipient of an unsolicited commercial e-mail may recover actual damages from the violator, or instead may elect to recover the lesser of $10 per unsolicited e-mail or $25,000 per day that the violation occurs. If the violator sent out a huge number of spam e-mails over an extended amount of time, a class action suit could result in a catastrophic, multi-million dollar judgment against the violator.

The federal measure awaiting President Bush’s signature would include penalties as severe as a maximum five-year prison sentence for violators, and statutory damages of up to $2 million (tripled to $6 million for intentional violations). It would authorize the FTC to create a federal “do-not-spam” list, and it would be enforced by the Justice Department, the FTC, and state attorney generals.

An even more daunting challenge to a risk manager would be grappling with the California law in the absence of federal legislation. It would allow the government, ISPs, and individuals to file suit for alleged violations, and would provide damages of up to $1,000 per e-mail, and up to $1 million for mass mailings. Not only would it allow for non-California senders to be sued, it would also allow the state to target financial holdings of foreign companies who violate the law. Consumer groups critical of the proposed federal law argue that regulators lack the time and resources to pursue all violators, and that the California law’s “opt-in” approach is a more effective deterrent than the “opt-out” approach favored by the federal law.
(Opt-out laws require consumers to ask the advertiser to stop sending e-mails before the advertiser must stop.)

As with questions about precisely what it is that comprises Hormel’s eerily enduring creation, the courts will likely grapple with questions about how to apply and enforce anti-spam statutes for years to come. One thing is certain: the law with respect to these issues will continue to evolve rapidly. As it does, it is vital that e-mail advertisers stay on top of the evolution so they can adapt their compliance and risk management procedures accordingly.

DISCLAIMER: This article is not meant to suggest that insurance policies issued by Media/Professional Insurance cover any or all spam-related claims. Coverage provided by any policy depends on the facts of a particular claim and the language of the relevant policy.