Spam Control Act, a closer look
Under the revised edition of Act 21 of 2007, the Spam Control Act is defined as an Act to provide for the control of spam, which is unsolicited commercial communications sent in bulk by electronic mail or by text or multi-media messaging to mobile telephone numbers, and to provide for matters connected therewith.
Some might say that the Spam Control Act is similar to the Do Not Call regime in the PDPA, but in comparison, the Spam Control Act is about sending unsolicited messages in bulk to users through e-mail or mobile numbers, while the Do Not Call provision is about sending specified telemarketing messages to Singaporean telephone or mobile number without checking the Do Not Call Register or getting an unambiguous or clear consent.
Like the Do Not Call provision in the PDPA, when it can be proven that an individual suffers a loss or damage as a result of a contravention of the Spam Control Act, a fine can be imposed, ranging from a penalty of 25 SGD per message, which can be up to 1,000,000 SGD. To avoid this, here are the best practices organizations should consider:
Best Practices for Organizations
A message is considered spam if someone received unsolicited commercial electronic messages in bulk who did not give their informed consent to receiving such a message. Those who follow these electronic marketing guidelines will be considered to have made proper or legitimate use of this critical communication channel.
Electronic marketing guidelines
Requirements for compliance with spam control regime
1. The Spam Control Act regime provides a framework for spammers to follow, whether for mobile phones or through e-mail. This framework tells the spammers that they must offer users an unsubscribe option, and they must put labels to mark a message as spam.
Furthermore, under this regime, the use of dictionary attacks in spam or address harvesting software is prohibited.
With this, failure to follow these guidelines and prohibitions may lead to civil penalties for the spammer.
2. Unsubscribe facility
In the compliance with the Spam Control Act regime, the individual spam must have the following:
- Contact information – This can be in the form of a telephone number, a facsimile number, an Internet location address, an e-mail address, or a postal address that the recipients of the spam messages can submit their unsubscribe requests to. It is suggested that this contact information should be within the spam e-mail or the mobile spam message where the users can unsubscribe.
- Clear statement – There should be a statement that tells the recipient that they can use the contacts in the spam e-mail to unsubscribe the spam if they want to, which should be written mainly in English. This could be in two or more other languages, but at least one is in the English language.
The contacts included in the spam e-mails should be valid for at least 30 days. This means that the spammer should be able to receive unsubscribe requests from the recipients within that period. Furthermore, the recipients should not be charged extra for sending such unsubscribe requests more than the typical cost.
Once the recipient sends an unsubscribe request within ten (10) days, the spammer should remove the recipient’s electronic mail address or mobile phone number from the mailing list. Any spammer who receives the unsubscribe request should not disclose the recipient’s personal information except when permitted by the recipient.
3. Labelling and other requirements
The simple courtesy of correctly informing the recipients about the content of the message is responsible marketing. With this, each spam sent to the recipients should have:
- If the message has a subject field, it has a correct and non-misleading title in the message’s subject field.
- There’s a before the message’s title, which indicates that the e-mail is for advertisement. In cases where there is no subject field, there should be a before the actual content of the message.
- Non-misleading and Correct header information where applicable.
- An accurate and functional telephone number or e-mail address where the recipient can easily contact the spammer.
4. Do Not Call (DNC) Registry and the Spam Control Act
Phone and telephone numbers registered under the Do Not Call (DNC) Registry should not be disturbed with spam or other telemarketing messages in the form of voice calls, text or fax messages. Organizations must make sure that they comply with the DNC Provisions in Part IX of the Personal Data Protection Act 2012 or face a fine.
Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.
PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.