Is spam undermining your business’s value?

The sale price of Kiwi businesses could be drastically reduced due a Spam Act anomaly.What happens when you buy a company with the intention of using its customer database to further grow the business and the Spam Act prevents you from contacting those individuals? The consent that customers have given to a specific business may not extend to a new owner. A customer’s decision to allow personal details to be held, and their consent to be contacted, could expire when the business changes hands. Business place considerable value on customer databases, keeping in touch with customers is important at the best of times, but especially during tough economic conditions. Being able to email customers is an efficient and low-cost business tool. Businesses need to ensure customer databases are set up legally and are sold as part of the company’s assets, to ensure it becomes legal property of the new owner of the business.The Unsolicited Electronic Messages Act 2007, or Spam Act as it is commonly known as, was the result of email marketing abuses. The Act came into force on September 5, 2007.While the Spam Act is unlikely to cause great concern for overseas spam mailers, it does impact the manner in which businesses operate in New Zealand. Unless a business complies with the Act when establishing and maintaining a customer database, the Spam Act could take away this key business asset.The anomaly:In light of the consent requirement, there seems to be an anomaly under the Spam Act when a company is sold along with its customer database. While principle 11 of the Privacy Act contemplates that the sale or other disposition of a business as a going concern is a permissible exception to the general rule of non-disclosure as it relates to personal information, the Spam Act does not contain a similar provision.It is therefore unclear how the buyer of a business, with a customer contact database, can use such information.In a share sale, where a company is sold, with the effective control and transfer of a customer database, the company could continue to send emails provided they are sent by the company and have been consented to by the customers. The fact that ownership has changed does not change the right of the company to use the database, the rationale being that a customer has a relationship with the business and not the owners. In many cases a customer won’t be aware the business has changed hands, as it is ‘business as usual’ from the customer’s point of view.If a customer is unhappy with the new owners and decides they no longer what to receive emails from the business, the customer always has the right to unsubscribe their details under the Spam Act, which also requires businesses using customer databases to include such details into all commercial electronic messages. What happens to an email database in an asset sale?It’s clear that operating a business of buying and selling emails lists is a breach of the Spam Act, unless the customers on the list have agreed to it. However, what happens when the database is sold as a company asset? Will the new owners use the email lists in the same manner as the previous owners? At first glance, it doesn’t appear the Spam Act would distinguish between these types of sales. Yet the customer probably would. I for one would not have a problem with the new owner of my regular garage calling to advise me that my car needed a service, but I would have a problem if an unrelated company contacted me and would question where they got their information from. While a buyer might argue there is an inferred consent on the basis the original owner had permission from the customer to hold personal details, and the buyer would be simply contacting them for the same reason, this is not without risk, in light of the Spam Act. In an asset sale, the buyer of a customer database who uses it to email customers would, on a literal interpretation of the Spam Act, be in breach as the customer might not be aware the business had changed hands.  How can this be dealt with? If you find yourself in the position of buying or selling a business, the firm recommends auditing your database now and questioning who has provided consent and what customers you can rely on for inferred consent. If you find there is no expressed consent to use the database, and you are not confident you can infer consent, the firm suggests you following these steps: * The seller could send out an email to its customer database informing its customers of the intended business sale and requesting the recipients provide consent to receive emails from the buyer once the purchase is complete. * The risk with this approach is that the seller could lose part of the database if customers refused to receive emails from the buyer. This could significantly deplete the size and value of the customer database, which in turn could halt the sale or substantially reduce the price the buyer is prepared to pay.* After the acquisition, the buyer could send out an email detailing the new ownership of the business. By doing this the buyer could fall back on one of the exceptions within the Spam Act, which says an email that provides information on notification changes such as ownership, subscriptions and account details is not technically defined as spam mail. To ensure the ongoing use of the database, the buyer should offer recipients the choice to opt in and out of the database. If this is not made clear to customers, the buyer is then assuming consent, which may not be the case for a variety of reasons including the fact they might not have received the relevant email on the change of ownership. Business as usualThis could significantly reduce the database and the buyer could take this into account when negotiating a price. If you are not considering selling your business, it would be advisable to review the database and see whether you have expressed consent and could infer it in the event of a sale. If you don’t think you have such consent, then to avoid the issues and the potential devaluation of the database down the line, you should contact your customers and see whether they would consent to their details being sold as part of the company’s assests. After taking these steps it will be ‘business as usual’.  To ensure future compliance, you could send an email requesting expressed consent for future owners. This way, you can assure a buyer that the database is fully accessible and use it as a commodity to drive the sale price up rather than down.  About the Spam Act The aim of the Spam Act is to prohibit the sending of unsolicited commercial electronic messages, unless consent has been given from the recipients in the email. This has resulted in what is commonly phrased as an ‘opt in’ regime. The definition of a commercial electronic message is broad and includes messages that: * Market or promote goods, services, land, interests in land or business and investment opportunities. * Provide a link or direct a recipient to a message which contains any of the above components. Consent can be confirmed through a ticked box at the end of a registration email or through a written consent. It can also be inferred from prior conduct or through prior relationships between the parties, for example, between a service provider and a subscriber to the service. A continued exchange of emails and use of the service, for instance, may be an indication of consent.  It’s important to note that companies with mailing lists that existed prior to the Spam Act, can’t determine consent based on the fact the recipient had not unsubscribed from the database, as they have the right to opt out and to know that’s an option. Consent can also be assumed where: * The recipient’s electronic address has been published, eg: on a website. * The publication is not accompanied by an anti-spam statement. * The message being sent to the recipient is relevant to the recipient in a business or official capacity.