Datran Media's privacy officer and VP of ISP relations explains what recent regulatory actions mean to marketers and their online partners.

The "hear no evil, see no evil" days of online marketing may have officially come to an end. More and more, enforcement agencies have begun to hint at liability for marketers whose affiliates' and marketing partners' illegal activity results in the marketers' gain. In fact, the hints have been more like blatant statements. Perhaps, it is about time.

Since the industry's inception, the online marketing world has enjoyed the ability to work with third parties without an accompanying obligation to examine the practices of those third parties. In fact, before CAN-SPAM's enactment in 2004, online marketers and advertisers simply handed their advertisements to "trusted partners," and said, "Get the word out however you can." Very little thought was given to how things were being done, and, more importantly, very few people seemed to care.

In 2006, however, the official end of the "ostrich era" of online marketing became a reality, and now regulators seem to be of the mind that marketers had better know thy partners as well as thyselves. From companies using marketing partners to distribute advertisements to companies managing personal information for clients, the Federal Trade Commission and States Attorneys General have, in the last month, not-so-subtlety suggested an obligation to monitor third-party partners, and those companies that fail to pay attention to the warning signs may find themselves the subject of an enforcement action in the near future.

The portent of things to come was there for all to see in July and August of 2003
As Congress labored away on CAN-SPAM, there was an internal debate on how the law would define "sender"-- a debate that can be seen as the origin of today's affiliate-monitoring obligation. Many parties involved in the debate over the word sender felt that the person who pushed the email should be the sender, for they were the ones who had matched the recipient to the advertisement, and, more importantly, this is how it had always been done. Leaders in Congress, however, realized this could create enforcement difficulties and wisely decided to make the term sender and advertiser essentially synonymous. In its final version, CAN-SPAM established that a sender is a person "whose goods and service" are advertised in the email and who initiated the email, thereby creating a scenario where an advertiser, who pays a third party to transmit their advertisements via email, is the "CAN-SPAM sender."

In short, Congress created an implicit affiliate-monitoring responsibility, thereby setting this ball in motion.

More recently, an attorney in the New York State Attorney General's office reinforced the notion that, for online marketers, there was a responsibility to understand your marketing partners. In fact, Ken Dreifach, the former chief of the Internet Bureau for New York AG's office, was quoted on the record as stating that "even advertisers with layers of affiliate networks, sub-affiliate networks and independent contractors can still be found liable if any link in the chain is found to have acted illegally." Dreifach went on to suggest that marketers should "perform due diligence in examining the practices of their affiliates, sub-affiliates and independent contractors."

In my opinion, the above words should be seen as a strong warning that marketers are obligated to open their eyes to the practices of their marketing partners and ensure they are acting legally on the marketer's behalf.

Reinforcing this position, the Federal Trade Commission's settlement with Optin Global in April of this year was the first time the federal government explicitly required a marketer to monitor its marketing partners' activities. The FTC's Settlement with Optin Global required the defendant to monitor affiliates "to ensure compliance with [CAN-SPAM]." While CAN-SPAM implicitly requires marketers to monitor their marketing affiliates, the explicit requirement to do so in the Optin Global case is a seminal event in the online marketing world, for it cements the notion that advertisers are obligated to understand the practices of the companies they choose as partners. 

So how do marketers ensure their practices satisfy these new obligations?
In order to satisfy the obligation to effectively monitor affiliates and marketing partners, companies should:

• Standardize email templates when working with affiliates. These templates should incorporate all CAN-SPAM requirements for affiliates to use. Include a clear and conspicuous notice of the opportunity to opt-out, a functioning internet-based mechanism for unsubscribing, clear and conspicuous notice that the email is an advertisement and a valid physical postal address.
  
  
• Seed affiliate email lists and review emails arriving to seed accounts, ensuring that all emails sent out on your behalf are CAN-SPAM compliant.
  
  
• Work with brand-monitoring solutions to ensure affiliates are not using improper distribution channels to drive up lead-generation revenues.
  
  
• Monitor more sophisticated solutions designed to track improper affiliate activity; if a method is readily available to track abusive or unlawful affiliate behavior, a legal obligation to utilize that solution may arise.
  
  
• Review marketing partner and affiliate websites. Ensure that permission practices and representation are legally adequate, and ensure that both companies are living up to their legal obligation.
  
  
• If managing marketing data, review the privacy policy under which the data they manage is permissioned and ensure that the consumer has been properly informed as to how their data will be shared.

Additional resources:
Exclusive Q&A with the NY AG's Office

Quinn Jalli is privacy officer and vice president of ISP Relations, Datran Media.