Our bank’s compliance officer has the view that CAN-SPAM requirements preempt all state laws that are similar to it. Are there any instances where state law trumps CAN-SPAM?
CAN-SPAM preempts any statute, regulation, or rule of a state, or even a political subdivision of a state, that expressly regulates the use of electronic mail to send commercial messages – except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto. [15 USC § 7707(b)(1)]
Thus, CAN-SPAM carves out an exception from preemption for state laws that govern the use of commercial email by prohibiting fraud or deception in messages or attachments.
CAN-SPAM does not preempt the applicability of (1) state laws that are not specific to electronic mail, including state trespass, contract or tort laws, or (2) state laws that relate to acts of fraud or computer crime. [15 USC § 7707(b)(2)]
State laws that are not specific to commercial email, but would apply to commercial email (together with other types of communication or activity), are not preempted; neither are state laws that address computer fraud or crime more generally.
Although not specific to mortgage banking, policies and procedures used by "internet access services" to block spam are also protected from preemption. Internet access services’ policies and procedures are preempted from CAN-SPAM with respect to declining to transmit, route, relay, handle, or store certain types of electronic mail messages. [15 USC § 7707(c)]
Questions as to which state anti-spam laws are preempted, and to what extent such laws are preempted, are ultimately answered through the legal interpretation of courts. So far, the issue of CAN-SPAM preemption has been addressed by three Federal Circuit Courts of Appeals: the Fourth Circuit, the Fifth Circuit, and the Ninth Circuit.
President & Managing Director
Lenders Compliance Group