Experian Consumer Services sent unsolicited emails to customers with free credit-monitoring accounts — a violation of a 20-year-old U.S. anti-spam law, according to a settlement announced by the Federal Trade Commission this week.
The credit-reporting agency must pay a fine of $650,000 and from now on provide customers a way of unsubscribing from marketing emails. The FTC did not specify how many consumers it believes received the unwanted emails.
While the FTC doesn't have jurisdiction over banks, financial institutions still must comply with the same law that sets guidelines for businesses' use of email. Banks and other companies with extensive email-marketing operations should make sure all commercial email communications come with a way for recipients to opt out, experts said.
"The general guidance is if you're in doubt, comply, because the costs of noncompliance are substantial, and the costs of compliance are really minimal," said Billee Elliott McAuliffe, an attorney at Lewis Rice who specializes in data privacy.
Companies should also confirm they can comply with requests to cease marketing emails within the 10-day period granted by federal law, McAuliffe said.
The FTC recommends that companies clearly identify messages as advertisements and make sure that third-party email marketing companies are following the rules on their behalf.
According to
"You have to jump through hoops like a trained seal to stop getting junk mail from Experian," Ed Mierzwinski, senior director the federal consumer program at U.S. PIRG, an advocacy group. "Consumers did not sign up for that."
Experian said it will comply with the FTC's requested changes, including adding the option to unsubscribe from future marketing emails.
"Although we disagree with the FTC's allegations, the agreement allows us to move forward and continue to focus on serving consumers in the best way possible," Experian said in a statement.
Experian's email conduct violated the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003. The so-called CAN-SPAM Act created the country's first standards for email communication and covers all commercial messages — "any electronic mail message the primary service of which is the commercial advertisement or promotion of a commercial product or service."
Consumers who had signed up for a free credit-monitoring account with Experian were subject to marketing emails unrelated to their free credit monitoring. (The Fair Credit Reporting Act requires each of the major credit-reporting agencies to provide consumers with a free copy of their credit report once every 12 months).
Banks and other lenders rely on the credit-reporting agencies to provide accurate information about consumers.
Experian is one of the country's three main credit-reporting bureaus. Revenue at the company totaled more than $6 billion in 2022, a 17% increase from 2021.
The settlement was the first time the FTC sanctioned a credit-reporting agency for violating the privacy law, the agency said.
"You don't see SPAM violations very often, so that makes me think [the Experian emails] must have been pretty pervasive," McAuliffe said.