Small businesses have more ways than ever to reach their audience. Social media, websites and blogs, video campaigns, webinars, and podcasts are just a few of the marketing strategies that you may leverage to drive sales. And while it is good to experiment with new ways of communicating your message, you should not overlook tried-and-true strategies like email marketing.

Email marketing is one of the more affordable marketing channels and has an impressive return on investment (ROI). Before you implement an email marketing strategy, however, your business should be aware of privacy and anti-spam laws that apply to direct-to-inbox communications. A well-thought-out email campaign can keep you top of mind with your audience, but a campaign that does not respect privacy rights can do more harm than good.

Email Marketing Stats to Know

The key to a successful marketing campaign is visibility. Your message is not going to get through if it is never received in the first place. Email has been around for decades and remains a part of people’s daily lives. According to a 2019 email usage study by Adobe, Americans spend an average of five hours per day checking emails.[1]

Despite the enduring popularity of email, not all marketers use it to their advantage. A HubSpot survey found that email marketing is used by about 50 percent of marketers, with more than 20 percent saying they plan to leverage email for the first time in 2022.[2]

Email marketing ROI is thirty-six dollars for every one dollar spent. That is a better ROI than organic searching and the third highest ROI of any marketing channel, trailing only paid and organic social media content. Over the last twelve months, more than three-quarters of marketers have seen an increase in email engagement, and 37 percent of brands plan on raising their email budget this year.[3]

Email Marketing and Privacy Laws

Effective email marketing is not as simple as sending out electronic missives on a regular basis. Strategies like market segmentation, strategic email copy that is targeted to your audience, and email A/B testing can help to increase open rates, click-through rates, and ROI.

But there is more to email marketing than understanding your audience. You must also understand the legal requirements for email marketing. Marketing emails sent to US recipients are subject to the CAN-SPAM Act, a law implemented in 2003 and updated in 2008. Violations of this law can subject businesses to fines of up to $46,517 per each separate email in violation, making noncompliance potentially costly.

To ensure that your marketing emails comply with the law, follow these CAN-SPAM requirements[4]:

  • No false or misleading headers. Your domain name and email address must accurately identify your name (or the name of your business) in the “From,” “To,” and “Reply-To” fields.
  • No deceptive subject lines. Honesty is the best policy in email marketing. The subject line of your email needs to reflect what is in the message. For example, if you are advertising a new product, do not make the subject line about a free gift card.
  • Identify your email as an advertisement. You have considerable flexibility in how you identify your message as an ad but ensure that the disclosure is clear and conspicuous.
  • Identify your location. Include a valid physical postal address for yourself or your business in all marketing emails.
  • Provide a way to opt out. Explain somewhere in your message how recipients can opt out of future emails. The Federal Trade Commision (FTC) says that your opt-out notice must be “easy for an ordinary person to recognize, read, and understand.”
  • Promptly honor opt out-requests. If you receive an opt-out request from an email recipient, you have ten days to comply. Once you receive a request, you are prohibited from selling or transferring the recipient’s email address to another party, including in mailing list form. To make compliance easier, most email marketing platforms automatically remove individuals who opt out from your lists.
  • Stay on top of marketing firm activities. Your legal responsibilities under the CAN-SPAM Act do not disappear if you contract with a marketing company to do your email marketing and they break the law.

Email Marketing Compliance and Your Privacy Policy

Other countries have requirements similar to those in the CAN-SPAM Act. For instance, Canada’s Anti-Spam Legislation (CASL) requires marketers to obtain consent (express or implied) prior to sending commercial emails. Similar consent requirements are found in the United Kingdom’s Privacy and Electronic Communications Regulations (PECR). Outside of the UK, European Union member states have adopted the General Data Protection Regulation (GDPR), which has rules that apply to email and email marketing.[5]

A growing number of countries and US states are adopting GDPR-like data protection rules that have marketing implications. California, Colorado, Connecticut, Utah, and Virginia have enacted comprehensive consumer data protection laws that may affect your email marketing and other marketing activities. For example, the California Consumer Protection Act (CCPA) gives consumers the right to delete certain personal information—including email addresses—that companies collect. If you are covered by the CCPA, you must comply with deletion requests, disclose to consumers their right to have personal information deleted, and notify any third parties that collect data on your behalf of the deletion request. Other state data laws have similar provisions.

Considering these developments, your company should craft a privacy policy that explains what you do with subscribers’ personal data, and a link to the policy should be included in emails and on web pages. Even in locations that do not require it, a privacy policy with a section on email marketing is considered a best practice that can earn customer trust. With the national American Data Privacy and Protection Act inching closer to reality, and similar laws being passed globally, having a strong privacy policy in place now can jumpstart your data compliance strategy.

With the data privacy movement gaining momentum in the United States and worldwide, protecting consumers from spam emails and other privacy violations is crucial. In addition to helping you avoid penalties, a compliance strategy that prioritizes customer consent and preference can provide a competitive advantage. Our attorneys can ensure that your business complies with consumer privacy laws everywhere you do business. For help with your digital compliance, please contact us.

[1] Michael Guta, Hey Marketers, Americans Still Spend 5 Hours a Day on Email, Small Business Trends (Apr. 16, 2021),

[2] Maxwell Iskiev, The HubSpot Blog’s 2022 Content and Media Strategy Report [Data], HubSpot, (last visited Sept. 16, 2022).

[3] Katrina Kirsch, The Ultimate List of Email Marketing Stats for 2022, HubSpot, (last visited Sept. 16, 2022).

[4] CAN-SPAM Act: A Compliance Guide for Business, Fed. Trade Comm’n, (last visited Sept. 16, 2022).

[5] Ben Wolford, How Does the GDPR Affect Email?,, (last visited Sept. 19, 2022).