Keeping in touch with customers is important at the best of times – and so in the current economic climate is critical for many of us. Email provides an efficient low cost way of doing this. Unfortunately it can be abused as I am sure all our inboxes have shown at some stage.
This abuse resulted in the passing of the Unsolicited Electronic Messages Act 2007 (or Spam Act as it is commonly called).
While the Spam Act is unlikely to cause great concern for the Nigerian “official” who would like you to look after numerous millions of $’s for him it will impact on businesses operating in New Zealand that comply with New Zealand law.
Unless considered as part of the establishment and maintenance of your customer database the Spam Act could erode the value of that key asset.
The Spam Act came into force on 5 September 2007 and affects not just the sale of dodgy pills and investment schemes. Its aim is to prohibit the sending of unsolicited commercial electronic messages unless consent has been obtained from the recipient of the message. This has resulted in what is commonly phrased an “opt in” regime.
The definition of commercial electronic message is broad and includes messages that:
- market or promote goods, services, land, interests in land or business or investment opportunities; and
- provide a link or directs a recipient to a message that does anything listed above.
Consent can be express through an “opt in” action from the customer – something like a tick box at the end of a membership sign up page.
Consent can also be inferred from prior conduct and any prior relationship between the parties, for example, between a service provider and a subscriber to the service. For example continued exchange of emails and use of the service may be an indication of consent. It is important to note that companies with mailing lists that existed prior to the Spam Act are not able to rely on the fact that a recipient had not unsubscribed (i.e. opted out) as sufficient evidence by itself of inferred consent under the Spam Act.
Consent can also be deemed where
- the recipient’s electronic address has been published (for example on a website);
- the publication is not accompanied by a “no spam” type statement; and
- the message being sent to the recipient is relevant to the recipient in a business or official capacity.
In light of the consent requirement there seems to be an anomaly under the Spam Act where a company is being sold, along with its customer database. While principle 11 of the Privacy Act provides that the sale or other disposition of a business as a going concern is a permissible exception to the general rule of non disclosure as it relates to personal information, the Spam Act does not contain a similar provision. Therefore the position regarding the use by a purchaser of a business of customer contact databases used in that business is currently unclear.
Share sale
When a company is sold (and therefore effective control of a customer database transfers) the company can continue to send emails provided they are sent by the company and are of the kind previously consented to. The fact that there is a new owner does not result in changes to the right for the company to use the database.
The rationale for this being that a customer has its relationship with the business, not the owners of the business and in many cases a customer won’t know or become aware that the business has changed hands as it is “business as usual” from the customer’s point of view. Of course if the customer is unhappy with who the new owners are or decides that the type of email it is receiving has changed from what it wishes to receive that Customer can always use the unsubscribe facility that the Spam Act now requires must be included in all commercial electronic messages.
Asset Sale
It is clear that operating a business buying and selling email lists of customers is a breach of the Spam Act unless the customers on that list have agreed. But what about where the email list is simply sold as one of the assets of the business where the seller will not use it further and the buyer will carry on the same business as the seller used to and will use the list in the same manner?
On its face it doesn’t appear that the Spam Act distinguishes between these types of sale. And yet the customer probably would. For example while I would have a concern about an unrelated company contacting me about my car needing its next scheduled service, I would not have the same concern if the new owner of my regular garage contacted me for the same reason. While a purchaser might argue that there is inferred consent on the basis that the original owner had consent from the customer and the purchaser is simply contacting them for the same reason this is risky in light of the intention of the Spam Act.
In an asset sale the purchaser of a customer database who uses the database to email customers will on a strict interpretation be in breach of the Spam Act.
How can this be dealt with?
If you find yourself in the position of buying or selling a business you should probably audit your database now and question who has provided consent and in what relationships you can rely on inferred consent. If you there is no express consent and you are not confident that you can infer consent then:
- The seller could send out an email to its customer database informing its customers of the intended business sale and requesting the recipient provide its express consent to receive emails from party B once the purchase is complete. The risk with this approach is, of course, that the seller may lose a large part of its database where people choose not to opt in to receive emails from the purchaser. This may significantly deplete the size and value of the customer database, and could halt the whole sale or substantially reduce the price that the purchaser is prepared to pay.
- The purchaser could, after the purchase has occurred, look to send an email to the customer database regarding the purchase of the business. In doing this the purcasher may be able to rely on one of the many exceptions in the Spam Act. (The most likely being the one which excludes as spam a message which provides notification of factual information about a subscription, membership, account, loan, or similar relationship involving the ongoing purchase or use by the recipient of goods or services.) For certainty about the ongoing use of the database the purchaser should offer the recipients the choice to opt in and ensure that anybody who does not opt in is removed from the database. To do otherwise would result in the purchaser relying on the recipients silence as agreement which may not be the case for a variety of reasons (including that they may not have received the relevant email). However obviously this also risks significantly reducing the database and the purchaser may well take this into account when setting the price it is prepared to pay.
If you are not at the point of selling the business it is timely to review your database and decide if you have express consent or can infer it. If you don’t think that you have express or inferred consent then to avoid the issues and potential devaluation of your database at a time which would cause customers to consider carefully whether they want other parties to contact them you could take active steps now while you are still offering “business as usual”. You could ensure future compliance by sending a message to your customer database now requesting express consent and adding that this consent applies to any of your successors or assigns. In this way you can be sure that any purchaser can continue to send messages in whatever form following either a share or asset sale.