Read Time: 5 min

Email Marketing in the Age of Data Breaches & Tightening Regulations [Video]


Even when it was passed in 2003, the CAN-SPAM Act was considered weak and mocked as sending the signal that “It’s okay. You CAN SPAM.” Much has changed since 2003. Marketing technology has become way more advanced. Marketing volumes have grown multiple times over. And the amount of consumer data at marketers’ fingertips has grown exponentially.

At the same time, large-scale data breaches have become regrettably routine. Online privacy is almost a joke. And the anti-spam and privacy laws of Canada, Europe, and elsewhere are making US laws look downright farcical.

In light of how drastically different the environment is compared to 2003, we asked marketers whether they thought that US anti-spam laws would change at all over the next 5 years. They were remarkably divided.


If you’d asked me a couple of months ago if I thought anything would change, I would have been squarely in the “not a chance” camp. However, while at The Email Design Conference, I got to sit down and interview James Koons, dotmailer’s chief privacy officer.

While I’m skeptical given how gridlocked the national government is, James makes compelling arguments for why marketers shouldn’t be so sure that CAN-SPAM won’t be overhauled in the years ahead—in addition to explaining how email marketers can help minimize the damage from data breaches and why they should care about Canada’s Anti-Spam Law (CASL).

You can watch the full interview here, or read a transcript of it below.


Getting security and privacy teams working together with the marketing team is very important and sometimes very difficult. But in today’s climate of data breaches and security issues, there’s plenty of real-world examples that should facilitate this happening.

For example, most recently, the Ashley Madison breach is now being quoted as “an extinction-level event for online privacy as we know it.” These types of things, these types of breaches should bring these groups together with an understanding that we don’t want to be the next person on that list.

Limit Data Collection

What brands can do to minimize damage as far as data breaches is just to be careful about what they’re collecting, right? Only collect that what they need, and if it’s no longer needed, go through proper data destruction processes to get rid of it and get rid of it properly.

I see a lot of brands that I’ve worked with in the past collecting ridiculous amounts of data, things that they don’t even need and wouldn’t know how to use. The thought process they had was, well, the more we have, we might be able to figure something out. In the event of a data breach, the more you have, the more it’s worth to a bad actor.

Increase Customer Access

So marketers definitely can help the consumers control what type of information is out there by providing preference centers. So in the world of data privacy, we talk about access. We want to give people access to their data, and we want them to have the ability to either change it or remove it.

So access and choice are really something that marketers can do, through the use of things like preference centers, to really give their recipients and their consumers the choice of what’s out there about them and what’s being collected.

CASL Compliance Awareness

Everyone who’s sending commercial electronic mail needs to have a look at CASL. Remember that Canada was the last of the G8 nations to have any sort of anti-spam legislation, and CASL is not set out to control it, it’s set out to get rid of it. So they have very large monetary penalties.

Keep in mind that they have an agreement here in the United States with the Federal Trade Commission for enforcement. So companies that are sending to Canada—or potentially sending to Canada—need to be aware of what the requirements are, and if they fall into that, they should make sure that their campaigns and their databases are compliant.

An Update to CAN-SPAM?

So the chances that CAN-SPAM would eventually be, let’s say, updated or brought current or changed in any way, I think now that Canada has shown several enforcement actions under their anti-spam legislation that the United States government is definitely looking at what CAN-SPAM is doing in light of some of the data breaches and people’s email addresses being made available. It’s in everybody’s eye right now to kind of look at what we’re doing there and evaluate what changes would make sense.

Is your email landing in the spam folder?

Litmus Spam Testing

Make sure your email actually reaches your subscribers’ inbox. Get your email scanned by every major spam filter before you send.

Run a Spam Test →



More Expert Videos


Get notified about changes to CAN-SPAM, the latest email innovations, and more when you subscribe to our newsletter. The latest content will be delivered directly to you inbox a few times a month.