Web sites are increasingly asking consumers to allow access to their address books to send invitations to their friends on the consumer’s behalf. A common technique to increase the site subscriptions and benefits for the user is by bringing their friends into the service.

A recent article in the New York Times highlights the complexities of implementing an address book import feature.

Done well, such a mechanism provides clear notice to consumers to ensure they understand what will happen to the addresses in their address book, giving them a meaningful opportunity to consent.

Implemented poorly, it can leave consumers distressed and even mortified to find their personal and professional contacts getting messages demanding to know why they aren’t on the latest social networking site.

TrustArc is experienced with certifying the online privacy practices of thousands of websites, and the use of address book contacts import features is rising.

Here are some general “best practices” recommendations for helping websites make their “Contacts import” features live up to consumer expectations.

1. Ability to Skip using the Import Contacts feature

If you invite consumers to let you import their email address books, make sure they can opt out or skip that step. Make the Skip option equally prominent compared to the Submit button, so the consumer is provided a clear choice around using the feature.

2. Messages Sent on Behalf of the Consumer

If you send messages to the consumer’s contacts, place “on behalf of” in the From line.This will alert recipients that the message is not actually from the consumer’s e-mail address.

Offer consumers a preview of the message to be sent that includes header and body text.

3. Use of the Contact Information Supplied

Notify consumers at the Point of Collection and in your Privacy Statement about how you will use the imported contact information. Explicitly state whether you will be sending a one-time invite or a reminder email in addition to the original invite.

TrustArc also recommends stating that the imported contact information will not be used for other purposes beyond sending the requested invite or reminder messages.

4. Requesting Login Information for Other Accounts

When asking consumers to supply login information they use for other services such as an email account to import their address book, provide clear and conspicuous notice about how your site will use this information.

This will help avoid surprising users who think they are choosing the same login information to register with your own site.

5. Additional Checks if Providing Incentives to Import Contact Information

If you are providing an incentive, such as a contest entry or rewards points, for consumers to import contacts, additional CAN SPAM requirements may apply. Be sure to provide an opt-out from receiving additional email messages.

Additionally, some recipients ask for a global opt-out mechanism if they want to receive no further such e-mailed invites through the web site’s servers, regardless of who subsequently imports the recipient’s address as part of their Contacts.

A site should make sure they have a way to block further such invites to e-mail recipients upon request, even if resulting from actions by the user’s contacts.

Informed Consent is the Key to Protecting Consumer Good Will

The guidelines above should help ensure that consumers get an opportunity to provide informed consent.

Address book import can be a powerful feature to help a site expand its reach and can make use of the site much more convenient for the user, provided the feature is implemented carefully and respects the consumer’s consent.