CAN-SPAM Act in United States

In spite of its relatively early action to regulate email messages, the US CAN-SPAM Act has relatively loose regulations, especially when compared with those of Europe and Asia. Unlike many nations, it is not illegal to send unsolicited emails in bulk to email users. However, there are several requirements for these messages.

1. All marketing emails must include a clear, simple, free way to unsubscribe
2. All unsubscribe requests must be processed within 10 days
3. The subject line must accurately reflect the content of the message
4. Emails must include the physical address of the business

Specific to California

The state of California recently enacted the California Consumer Privacy Act of 2018. California is the first and only state to implement its own regulatory data privacy measures. The measures operate similarly to GDPR. Among its requirements are:

1. Consumers have a right to know what data is being collected from them, how it’s collected, and what it is used for
2. Consumers cannot be sent email without prior consent (opt-in)
3. Businesses must delete consumer data upon request, and cannot change their pricing or service quality if consumers make such a request

While California is the only state with such requirements, it is possible that other states may implement similar regulations in the future.