Experian Facing Proposed FTC Settlement for Violating CAN-SPAM

Experian Consumer Services, a major player in the credit reporting industry, has been issued a proposed order from the Federal Trade Commission (FTC) for alleged violations of the CAN-SPAM Act. The CAN-SPAM Act, or Controlling the Assault of Non-Solicited Pornography and Marketing Act, is a federal law enacted to regulate commercial email messages. The primary objective of the CAN-SPAM Act is to curtail deceptive and unsolicited email practices by enforcing specific requirements on commercial emails, such as clear opt-out mechanisms and accurate sender information, among other requirements.

After signing up for a free online membership with Experian with an email address, the FTC claims that many consumers received emails with phrases indicating that the emails were not commercial in nature, or that they were just informational. However, the emails sent by Experian included in the FTC complaint reveal upsells were included on things like credit card offers, discounts on auto-related services, and more. Additionally, these emails that the FTC have deemed commercial in nature do not include any type of opt-out or unsubscribe mechanism as required by the CAN-SPAM Act.

Experian allegedly made it nearly impossible for consumers to opt out of further messages, with an email stating, “You can update some alerts and communications preferences any time on your (. . .) profile, but you’ll continue to receive notifications like this one on the status of your account.” The FTC has interpreted these emails to mean that consumers had no viable way to opt-out of messages that were supposed to be informational in nature but actually included sales pitches.

The proposed settlement includes a hefty fine of $650,000, and it would also prohibit Experian from sending consumers commercial emails that do not offer the ability to unsubscribe in the future. The potential fallout from these alleged violations extends beyond the legal repercussions. In an age of increasing concern over compliance, privacy, and security, companies like Experian hold sensitive consumer information. When these kinds of companies are found to be in breach of email marketing regulations, consumer trust is eroded and questions are raised about overall compliance management.

The FTC’s action against Experian serves as a reminder to companies across various industries that compliance with regulations like the CAN-SPAM Act is crucial. While CAN-SPAM violations may occur frequently with bad actors, it has been rare to see a large, established company facing these types of allegations. However, this demonstrates that the FTC is not afraid to impose large fines when violations occur.

Updated CAN-SPAM compliance guidelines from the FTC can be found here. If you have any questions about complying with the CAN-SPAM Act or need help reviewing your current status, please reach out to us at connect@compliancepoint.com.