Businesses that send commercial material through email or other forms of electronic messages are subject to the Unsolicited Electronic Messages Act 2007. The Act places restrictions on who can be sent commercial messages and prohibits the use of address-harvesting software.

What kind of commercial messages does the Act regulate?

Commercial electronic messages are usually referred to as “spam”. The Act defines spam as an electronic message that:

• Markets or promotes goods, services, land, an interest in land, or a business investment opportunity;
• Provides a link to any of the above; or
• Assists or enables a person to dishonestly obtain a financial advantage or gain from another person

Spam does not include messages that:

• Provide quotes or estimates for the supply of goods or services if it was requested by the recipient;
• Complete or confirm a commercial transaction that the recipient entered into with the business;
• Provide warranty, product recall, safety or security information about goods or services purchased by the recipient;
• Provide factual information about a subscription, membership or account involving the purchase or use by the recipient; or
• Deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient had previously entered into with the business.

Who can be sent spam?

Spam should not be sent to recipients who have not consented to receiving it.

There are three categories of consent:

Express consent: This is where the recipient has specifically agreed and expressed to the business that they consent to receiving the business’s marketing material.

Inferred consent: This where consent can be inferred by the business from the existing relationship between the recipient and the business. If a business is relying on inferred consent to send spam, they must ensure that the marketing material is relevant to their area of business.

Deemed consent: This is where the recipient has not chosen to receive marketing material and does not have an existing relationship with the business. However, consent by the recipient is deemed to have been given when the following conditions are met:

• The recipient has clearly and conspicuously published their email address, for example on a website or on social media;
• That the recipient has not expressly stated that they do not want to receive spam;
• That the content of the spam is relevant to the business, role, functions, or duties of the recipient; and
• There is a functioning unsubscribe facility in the spam, or an identifiable person to contact if the recipient does not want to receive spam.

Other requirements

Businesses must ensure that the content of the spam clearly identifies the person within the business who authorised the email to be sent and how the person can be contacted.

Businesses must also ensure that the unsubscribe facility is expressed clearly within the message and it allows for recipients to unsubscribe using the same method of communication. For example, if an email is sent by the business, then a recipient should be able to unsubscribe via email.

Businesses should also note that individual emails to recipients are also covered by the above rules, not just bulk mail-outs in a standard form. If a prospective client has emailed the business to request information about a product or service, the business should take care that their response is relevant to their query and does not include irrelevant marketing material.

Businesses should never use address-harvesting software or harvested address lists generated using such software. This is strictly prohibited under the Act.

Penalties

If a business fails to comply with the above anti-spam rules, they risk incurring a penalty enforced by the Department of Internal Affairs. Penalties can include formal warnings and monetary penalties including damages and compensation for any aggrieved recipients of spam. A fine can be given to the business of up to $500,000.

It is important to react correctly to complaints and establish effective processes to ensure the likelihood of future breaches, especially multiple breaches, is minimised. We recommend businesses seek legal advice if they are unsure about their compliance with the Act to avoid potential hefty penalties for non-compliance.

Leading law firms committed to helping clients cost-effectively will have a range of fixed-price Initial Consultations to suit most people’s needs in quickly learning what their options are.  At Rainey Collins we have an experienced team who can answer your questions and put you on the right track.