I'm wondering if there are any specific regulations and laws regarding the use of customer email addresses for companies (more specifically in my case, CA-based corporations). For example, say I had a user sign-up for my app and sign-in with her email address, now known to me.
I assume I can contact the customer whenever I want until she decides to unsubscribe from the mailing list (most companies do this, so I assume it's legit).
How about sharing or selling the address with a partner firm for the purpose of generating leads? I remember seeing the "do you authorize us to share your information with our partners" question on many sites before, which leads me to believe that there might be some regulation against doing that without explicit consent. If that's true, would placing the consent in the EULA be sufficient, or does it need to be truly explicit?
Not clear if you are referring to California or Canada.
In the US - refer to the CAN-SPAM rulings.
Here is a comparison to EU and US spam laws Including when the person signed up, including a simple opt out option, and maintaining signup records help in keeping your from being labeled a spammer and getting your mailserver blacklisted.
And - just because you have their email address doesn't mean that you can automatically include them on multiple lists unless you specifically asked them during signup. For every new list, you should be asking for their permission to add them - and allow them to opt out on any number of lists you create.
Think that's a bit harsh? Perhaps.. but one look at the papa johns text spam debacle and the fines associated with wrongly assuming permission may change your mind.
Wether there is rule or none, it is still not acceptable to share users' emails to any third party, especially those who are not affiliated anymore. And oh, selling it is a very bad Idea. It's against the "good" company etiquette. They trusted you to handle their personal info, it's your call to ruin it even without their knowings.