"Make money for your state and protect your children at the same time!"
It's a lawmakers' dream-come-true. And coming true it is. Following Utah's and Michigan's enactment of child protection laws creating do-not-email lists for children, many other states, including my home state of Georgia, are moving to jump on the band wagon.
In fact, at the very moment I was driving back from a parent-teacher conference, my state legislators were presenting SB425 to committee, Georgia's version of the Utah and Michigan laws. The irony was hard to believe -- Here I was, trying to be the best parent possible. Meanwhile, my well-intentioned legislators inadvertently were making the Internet even riskier for the children of their state.
Like so many things that promise amazing results with no risks, these laws will prove ineffective and potentially insidiously damaging to the very people who need our protection the most -- our children.
Why are these laws bad for children? Not only will they fail to protect them, they'll actually raise the risk of their being seduced by promotions and pedophiles online.
First, they provide virtually no protection against real threats online, yet their promise may lull parents into believing their children's inboxes are now safe. Ironically, the worst spammers operate offshore and pay no attention whatsoever to U.S. or state laws. If parents become less vigilant about their children's Internet usage, children may become even more susceptible to inappropriate email than ever before.
Second, in a letter sent by the Federal Trade Commission to Utah and Michigan expressing "serious concerns about the security and privacy risks inherent in any type of do-not-email registry," the FTC concluded that any registry "...that earmarked particular email addresses as belonging to or used by children would raise very grave concerns... [and] the possibility that such a list could fall into the hands of the Internet's most dangerous users, including pedophiles, is truly chilling."
If you visit the Web site of Unspam, the company powering these states' do-not-email lists, you might notice a few otherwise-common pages missing from its site. For instance, where are the security audit logos (e.g., ISS) that you find on virtually every site that manages secure data? Where does it talk about employee background checks or screening procedures, given the incredibly sensitive nature of the data it manages? And, most notably, where is its policy of notification should its data be stolen or compromised? Last I checked, there were no such pages.
Should Georgia's law pass, there is absolutely no way I will put my children's email addresses into a system that, no matter how secure it attempts or purports to be, serves as a bright beacon to pedophile hackers. I couldn't agree more with the FTC's view on this and I am shocked that the view is being summarily ignored by these states.
Why is this law bad for marketers? It's bad enough that these laws put our children at grave risk; they also have a real impact on small businesses across the United States.
Just at a time when permission-based email marketing is proving to be one of the most cost-effective and desirable forms of communication between businesses and their customers, these laws will cause countless companies to abandon the new channel and go back to costlier and less effective communication tools. For many small businesses, losing their most effective channel of customer communications could easily translate into insolvency.
Let's do the math.
Imagine owning an average small business with a list of 10,000 email names to which you send a newsletter every month. Using the average price across several popular email marketing systems (bCentral, Vertical Response and Constant Contact), it costs you about $75 each month to send those messages. Multiplied by 12 months, that's $900. Since none of these opt-in names have U.S. state information, and the new laws don't care if someone accidentally selects the wrong state, you're forced to check all the names on your list against the child protection database. Looking across the states, we can comfortably use an average rate of 0.75 cents per name checked ($7.50 CPM for those of you who are marketers). Since names must be checked monthly, your small business will need to spend another $75 to check its database each month.
Here is where things get out of hand. Since your small business cannot feasibly have 100-percent-positive information the state of residence for each person opted-in, you must check your entire database against each and every state with a registry. So, whereas before the state laws rolled out, your small business spent $900 per year on permission email marketing, in a world where four states have a registry, you now spend $4,500. For 20 states, it's almost $19,000. For all 50 states, you would be spending more than $45,000 a year on the same email marketing program that once cost you $900.
The worst part of all is the loosely written definition of what products and services fall under this new law. In the Georgia bill, for example, messages cannot promote products that minors are "prohibited by law from purchasing." I'm pretty sure it's illegal for children to purchase airline tickets, and who knows whether they can purchase R-rated DVDs or automobiles. Now, just imagine if a child in Georgia gets one of those emails from Best Buy that contain a section on DVD sales, or an email from American Airlines that promotes vacation packages. Plaintiffs and class-action attorneys will have a field day going after these large companies with claims that their emails promote products illegal for minors to purchase.
What does all this mean? The information I have presented above is factual. It is not an exaggeration. In the name of protecting children and earning money for their states, a lot of well-intentioned but grossly uninformed lawmakers are undermining the most effective marketing channel ever for small businesses, and far worse, are putting children at more risk while online than ever before.
Call your legislators. Call the FTC. Call your own attorney. Whatever you do, help shed some light on these otherwise well-intentioned laws that put our children at risk.