Let's say you host a webinar and invite another company to participate. They might provide a guest speaker or sponsorship or something else that contributes to the event. After the webinar, they ask you for a copy of the contact list generated from the webinar. What are the legal implications to sharing the leads and what are best practices?
Standard disclaimer here: I am not a lawyer and my understanding of the legal implications of any business process is to be discounted, disregarded, disputed, and disparaged. I'll be talking about the CAN-SPAM Act, which is United States law and does not apply to citizens of other countries.
Your self-study resources include:
- Full text of the CAN-SPAM Act of 2003
- FTC Compliance Guide for Business
- Practical Law overview on data protection
My read on the subject seems to indicate that there is no breach of the CAN-SPAM law inherent in the process of sharing the leads with your partner. Of course both of you have to adhere to the basic tenets of the Act. That means things like allowing recipients to opt out of further communications from you, not mailing to people who have opted out in the past, and not using deceptive subject lines to fool people into reading your email. So far, so good.
But there is an interesting subtlety in the rules that pertains here... According to the shorter FTC compliance guide, "Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list."
This means you have to pre-screen all collected leads against your opt-out list before forwarding them. Don't just send over the full registration list!
The other legal question is whether you are violating privacy laws by sharing the information your leads provide you with. I was surprised to see on the Practical Law web site that "there is no single, comprehensive federal (national) law regulating the collection and use of personal data" - although some federal and state laws offer specific protections that vary depending on your location and type of data collected. For instance, school records, financial information, health data, and so on have privacy laws.
But if your company has a posted privacy statement on the web site or in statements mailed to customers (as many companies do), you have to comply with your own policies. If you say you don't share information, you can't break the rules just because the webinar is "a special case."
So much for the legalities. How about best practices? A fundamental step in your earliest planning for a lead generation event that involves a guest speaker is to reach an explicit agreement on lead sharing. If you have a policy statement that prohibits sharing information collected on your web site, you have to tell the partner up front that you can't and won't share the registration list.
If the partner wants a shot at those people, it needs to create an opt-in opportunity for registrants to specifically request contact. I often do this on a post-event feedback form. Add new fields for contact information and a checkbox that very clearly asks whether the respondent would like contact or communications from the guest speaker's company. Now you can share just those opt-ins in good conscience. If anybody complains about email they receive, you have an electronic record of their request for it.
Transparency and honesty in your dealings with new contacts is the right way to do business. If they are coming to a public, free event and are asked to provide all their contact information, they know what's up. Don't try to dance around it and pretend you aren't going to use the information. If you aren't going to use it, don't ask for it!