I've been speaking recently about how regulators and law enforcement officials are increasingly using a new tactic against allegedly false or deceptive marketing practices. Instead of challenging the marketers themselves, they are focusing enforcement efforts against the service providers and suppliers of the marketers. Consequently, suppliers who are not engaged in any false or deceptive conduct are now being held accountable for the acts of their clients when they knew or should have known that something was awry.
The "Dandelion" Theory
Going after service providers rather than the marketer is known as the dandelion theory because regulators believe that the marketers are like a weed that can only be prevented from growing back by cutting out the roots, i.e., the service providers. And there is some logic to the theory, because regulators are unable to effectively shut down deceptive marketers, who can easily start up new "boiler rooms" in other locations, especially with the increased popularity of the Internet and the low cost of international phone calls. Marketers can be located far away from the grasp of United States law enforcement officials, but they cannot exist without the services of service providers - such as list suppliers/managers, payment processors, and printers. By imposing obligations on suppliers of necessary services to the direct marketers, regulators believe that they will be more effective on an overall scale by challenging the suppliers than proceeding against the marketers themselves. In addition to the financial burdens imposed by an enforcement proceeding and potential restrictions in future business activities, suppliers who find themselves embroiled in such legal actions are forced to contend with negative publicity.
The obvious problem with the dandelion theory is that it seems to be against public policy for law enforcement to target those who are not engaged in wrongdoing while allowing the marketers to continue to operate unabated. Indeed, recent enforcement actions against suppliers the regulators have not even attempted to take any action against the allegedly deceptive marketers while at the same time seeking drastic remedies from the suppliers, such as freezing their bank accounts.
Supplier Liability in the Telemarketing Context
Though many in direct marketing understand that telemarketing is a highly regulated industry, there is often a false impression that the FTC's Telemarketing Sales Rule (TSR) applies only to those actually engaged in telemarketing. However, many provisions of the TSR apply not only to telemarketers, but also to those who provide substantial assistance or support to a telemarketer when they knew or should have known that the telemarketer was violating the TSR. Under this standard, a supplier has an obligation to investigate whether the marketer is in compliance with the TSR.
While the TSR's supplier liability provisions have been in effect since 1995, it was not until 2003 that the FTC actually began utilizing them. After lengthy investigations into the list brokerage industry that initially focused on compliance with privacy issues such as Gramm-Leach-Bliley, the FTC changed focus to compliance with the TSR. As part of its investigation, the FTC obtained marketing materials such as ad copy and telemarketing scripts from list managers.
As a result of its investigation, the FTC brought enforcement proceedings against at least three list managers that allegedly knew or should have known that these materials violated the TSR (even if it was not obvious to a non-lawyer). Reportedly, the actions of one list manager was challenged based on a test rental of only 500 names.
The terms of each of the list managers' settlements are nearly identical except for the amounts paid to the government, which were $25,000, $100,000 and $62,500, respectively. The settlements expressly require the list managers to make affirmative efforts to ensure that telemarketers to whom the lists are rented comply with the TSR's prohibitions regarding deceptive acts or practices, credit card laundering and abusive acts or practices. Included in the abusive act restrictions are "do not call" and call abandonment compliance. Even more recently, the FTC brought its first "do not call" action against a supplier - There, the FTC contended the company allegedly assisted a telemarketer in evading do not call compliance.
The payment processing context has also been a significant focus for the FTC, state attorneys general and even the United States Department of Justice. The FTC has filed enforcement actions against payment processors for processing for telemarketers processors. In one case, the FTC obtained from a payment processor a ban on ACH processing and the payment of $3.9 million in consumer redress.
Last fall, the payment processor Amerinet settled with five states -- Vermont, Florida, Illinois, North Carolina and Ohio - over its payment processing for telemarketers accused of engaging in deceptive and unlawful marketing practices. More recently, the Department of Justice has brought suit against another payment processor accusing it of being willfully blind in the processing of payments for telemarketing and direct mail clients. That matter is currently the subject of litigation. It should be noted, however, that the government chose not to sue the actual telemarketers, many of whom continue to operate using other processors even in the same locale.
Supplier Liability For E-mail
This spring, the New York Attorney General brought an action against Datran, a company that transmitted e-mail solicitations on behalf of its clients based on a list supplied by Gratis Internet - an entity who operated such websites as myfreeipod.com. Gratis sold a customer list of 7 million names to Datran, who sent solicitations to the list on behalf of its clients.
The NY Attorney General claimed that Datran's e-mail solicitations violated the law because the list supplied by Gratis was obtained in connection with a privacy policy representation that Gratis would "never lend, sell, or give out for any reason" the information provided by users. Even though Datran did not make the representation, the Attorney General held it liable because it knew that the representation had been made.
Datran agreed to pay $1.1 million, including $750,000 as a penalty. The settlement is important for all service providers to consider because it imposed on Datran the affirmative obligation to independently verify that the data supplied complies with the privacy policy representations made at the time of data collection. Interestingly, the order expressly provides that a written representation from the list owner as to compliance would not be sufficient to meet Datran's due diligence obligations. Note - unlike the other supplier actions, it appears that the AG has now gone after the marketer (Gratis) as well.
What does this mean to suppliers?
The regulatory actions against suppliers demonstrate that regulators are now focusing on supplier liability rather than simply holding marketers liable for their own misconduct. Businesses that supply marketers must perform a due diligence search to ensure that the marketer's acts comply with the applicable laws.
At a minimum, due diligence should include a request for and a review of the marketing materials being used with an eye toward the restrictions or obtaining legal approval from qualified counsel that the advertising claims are substantiated and otherwise appear to comply with applicable law. To the extent data is being re-sold, suppliers should independently confirm that the resale does not violate any privacy policies or privacy representations. Moreover, all due diligence efforts should be well documented by a paper trail in case of any investigation.
- Partner
Marketers, advertisers, agencies and suppliers, among others, regularly seek Andy’s counsel regarding legal aspects of their advertising and promotional marketing businesses. He’s pragmatic and always looks for ...