A new study published claims that 31% of the UK’s top companies are failing to comply with EU directives on Privacy and Electronic Communications.

Under the terms of the EU directive, companies must only send emails to non-customers if they have actively opted in to receive them - when entering a competition, for example.

CDMS, which published the study, surveyed ‘the top 200 companies’ across 12 sectors, testing whether they offered non-customers the opportunity to actively consent to further marketing emails when their details were recorded as the result of a promotion or enquiry.

The study found that an average of 69% of companies were compliant, an increase of only 3% on the last such study in 2005. Ouch.

Banking was the only sector to achieve 100% compliance, while mobile telecoms and credit card companies scored highly. The worst performers in the survey were utilities and insurance companies.

Ian Hubbard of CDMS believes that some companies are putting their reputations at risk:

“Companies who have not complied are putting their carefully built brands at risk, by putting out the message to consumers that they apparently don’t care about legislation designed to protect their prospective customers’ privacy.”

“This effectively puts them in the category of junk emailers, and associating them with a rising tide of spam, and growing consumer concerns over the security of their personal records.”

Though a poll of just 200 companies isn’t a particularly large sample from which to conclude that a third of UK companies are effectively spammers, companies using email marketing certainly need to ensure that they are keeping within the law to avoid the threat of legal action.

The requirement for customers to opt-in is a crucial part of the EU laws, and there are a number of possible approaches:

Single opt-in – with this approach, customer opt-in by filling in a web form. The drawback is that people’s email addresses can be registered without their consent.

Notified opt-in – this is the same as single opt in, except that an email is sent, offering the subscriber a chance to remove themselves from the list.

Double opt-in –  this is the safest approach, as it requires the customer to return a confirmation email before being added to a mailing list. This approach ensures that no-one can be added to a mailing list without their consent.

In addition, when customers actively choose to unsubscribe from email mailing lists, this action should be taken instantly (and preferably automatically). In addition, the email address should be supressed rather than deleted to ensure that no further emails are sent, unlike  this email marketing worst practice example.

And for God’s sake, don’t go selling your list…

Further Reading:

E-mail Marketing Best Practice Trends

Email Marketing Buyer’s Guide 2006