When it comes to contacting consumers, organizations need to be aware of three core contact variables. Core contact variables outline the laws and regulations surrounding contacting consumers, including timing, rules and definitions, and the contacts with whom your company is engaging. In this blog, we will break them down so you will be equipped with everything you need to know about contacting consumers when conducting outreach campaigns. 

Understanding contact compliance 

To understand core contact variables, it is helpful to first understand the laws around contacting consumers. One of the biggest being the Telephone Consumer Protection Act (TCPA). The TCPA was passed in 1991 in response to consumer complaints surrounding unwanted nuisance marketing calls. The TCPA places restrictions around the use of an automated telephone dialing system (ATDS) (otherwise known as an autodialer) or a phone system with a capacity to be an ATDS and maintaining and adhering to Do Not Call (DNC) lists of individuals who have opted out. TCPA also regulates call curfew and frequency by which an organization can contact someone, wireless restrictions, the reassigned numbers database, emergency purpose exemptions, established business relationships, express written consent and more. 

Many states are passing their own telemarketing legislation. They often are more stringent than what the federal government mandates and differ from the federal TCPA in the case of call frequency, consent requirements, the definition of an ATDS as well as minimum and maximum penalties per incident. Since 2023, Florida, Maryland, Oklahoma, and Washington have passed their own telemarketing legislation.

Under the TCPA, text messages are also subject to government regulation. The TCPA requires express written consent before contacting someone via SMS or text message. A business is not permitted to text a consumer unless the consumer opt-ins to notifications by providing express written consent to be contacted via text message. 

In addition to federal and state TCPA laws, marketers must also comply with the CAN-SPAM Act passed in 2003. This law governs the standards for sending commercial emails and provides consumers the ability to opt out of future solicitations. 

Supporting the above compliance laws are these registries and lists: 

  1. National Do Not Call (DNC): The National DNC was created in June of 2003 and by September of the same year, over 50 million phone numbers had already been registered. Today that number is over 250 million. 
  2. State DNC: In addition to the National DNC, 11 states have their own DNC lists which collectively contains nearly 65 million entries. 
  3. Internal DNC (IDNC): An internal DNC list refers to the list of consumers who have taken steps to opt out of communications for your organization. All three DNC lists are critical to maintain to avoid fines.  
  4. Internal Do Not Email (DNE): An internal DNE is a list of people who do not wish to be emailed from your organization. 
  5. Reassigned Numbers Database (RND): The RND was created by the Federal Communication Commission (FCC) and is designed to prevent a consumer from getting unwanted calls intended for someone who previously held their phone number. The reassignment of phone numbers can happen for a variety of reasons, such as when a customer cancels their service or when one carrier merges with another. Under the TCPA, consent to being contacted is tied to the consumer being called, not the phone number, making it essential that businesses performing outbound communications from an ATDS are aware of the reassigned numbers database. 
  6. Known Professional Litigators: There is an established group of known serial litigators that specifically target and entice telemarketing and collections organizations into calling them to initiate a class action lawsuit. A TCPA litigator list contains the names and phone numbers of associated case files of TCPA litigators, professional plaintiffs, and persons consistently involved with TCPA litigation. These litigators have extensive knowledge of TCPA regulations, court precedents, and compliance strategies, making them experts in navigating TCPA litigation and therefore someone you want to ensure you avoid in your outbound calling campaigns. 

These lists and registries should always be consulted before contacting someone. You do not want to risk a potential fine because you unknowingly contacted someone on one of the lists or registries mentioned above. 

Contact variables 

Contact compliance laws are further broken down by a core set of contact variables. These variables outline the rules and regulations to contacting consumers under federal and state law. The three core contact variables are timing, rules and definitions, and contacts.  


In contact compliance, timing is everything. Legal calling hours, holiday prohibitions, states of emergencies and contact frequency all affect when and how often you can contact someone. 

For legal calling hours, the federal TCPA law states that sales callers may not call before 8 am or after 9 pm depending on the state. The start and end times can vary anywhere from 1-4 hours. Currently 19 states have different calling hours outside the federal standard.  

Some states prohibit calls on Sunday and holidays. If the holiday falls on a Sunday, sales callers in certain states are banned from calling the following Monday. Currently, 7 states impose calling restrictions for 12 holidays, each varying slightly in the holidays they observe. 

Like holiday prohibitions, some states also restrict calling during States of Emergency. New York, for example, has the “Nuisance Call Act” which took effect on March 1, 2020, and prohibits telemarketers from “knowingly making unsolicited sales calls to any individual in a city, county, town or village during a declared state of emergency or disaster emergency” NY GBL § 399-z(5)(a) and NY GBL § 399-pp(7)(f). Louisiana, among other states, also have similar laws in place. 

Calling frequency, the calling mechanism (such as from an ATDS), and whether the call is a landline or mobile phone can also vary by state. It is important to keep these timing factors in mind when conducting outreach.  

Rules and definitions 

There are rules and definitions surrounding different contact variables as well. One of those rules surrounds disclosures. Certain disclosures need to be made at the beginning of the phone call and those disclosures can vary by state. In general, callers should provide accurate contact information including their name, company and telephone number or address. In addition to identity requirements, permission to continue, no rebuttal and opt-out disclosures can vary by state. 

One definition you should be familiar with is what constitutes an automated telephone dialing system (ATDS). An ATDS is sometimes referred to as an autodialer or robocall. When calling a wireless number from an ATDS or a system with the capacity to be an ATDS, the caller must have express written consent. It is important to note that the definition of what constitutes an ATDS varies by state, so be sure that you are following each state’s regulations when calling into them if you are using an ATDS.  

Disconnected/reassigned phone numbers and the date of prior express written consent are also something you need to be aware of when contacting consumers. With nearly 300 million active mobile phone lines today, many get disconnected or reassigned. Since consent applies to the consumer being called, not the actual phone number, it is the caller’s responsibility to take steps to ensure phone numbers with consent to call have not been reassigned to another consumer who has not given consent. Callers can do this by checking the Reassigned Numbers Database and checking the “date of prior express written consent,” which refers to the date when an organization obtained consent from the consumer to call the number, or a past date on which a company is reasonably certain that the consumer could still be reached at that number. 


The last contact variable affecting compliance are the contacts themselves. The first contact-related variable you should be aware of are opt-outs and consent revocation. Whether contacting an individual on the phone, over text or over email, companies have the responsibility to provide consumers with a means to opt-out of communications and the ability to revoke consent. 

There are three types of TCPA/DNC exemptions that impact marketing reach. They are existing business relationships, express written consent/permission, and expired state-level and internal opt-outs: 

  • Existing Business Relationships (EBR): When a company has an Established Business Relationship with a consumer, they are permitted to contact them under certain conditions even if they registered their number on the National Do Not Call List. There are two types of EBRs, inquiry and transaction. An inquiry EBR happens when a consumer makes an inquiry about an organization’s goods or services, the company is permitted to contact the consumer for up to 3 months from the date of inquiry or application. A past transaction EBR occurs when a company establishes a business relationship with a consumer based on the consumer’s last date of purchase, delivery, or payment, and may call them for up to 18 months after that last transaction. 
  • Express Written Consent: Another exemption is express written consent. When you have express written consent from a consumer to contact them, even if they are on an internal or DNC list, you can contact them. The most common means to getting express written consent is through website forms, text messages, telephone key presses and voice recordings.  
  • Expired State-Level and Internal Opt-Outs: Once you register your phone number on the National DNC list, you never need to re-register it. It never expires. However, State-Level DNCs and Internal DNC lists sometimes do have an expiration date. Companies can use expired state-level and internal opt-outs to reach back out to consumers who have previously opted-out. 

Navigating the complex contact compliance landscape 

Navigating the complex contact compliance landscape can be difficult. With the rules and regulations constantly evolving around the core contact variables, your organization needs an automated compliance solution that takes the guesswork out of contact compliance.  

Gryph for Compliance delivers a robust, automated solution to help enterprise businesses preemptively eliminate Do Not Call (DNC) and Telephone Consumer Protection Act (TCPA) compliance risk across their entire organization.  

If you are ready to start your compliance journey, reach out to Gryphon today. 

Regulatory update: Maine’s RND Law

In an effort to further reduce robocalling, the Governor of Maine approved new bill HP 1433 (L.D. 2234) on March 25, 2024, requiring telephone solicitors to leverage the Reassigned Numbers…

Regulatory Round Up: Q1 2024

As we wrap the first quarter of 2024, it’s essential to stay up to date on recent telemarketing regulations to ensure operational success for the rest of the year. Here…

Revenue Growth through TCPA and DNC Contact Compliance

There’s a common misconception that implementing a contact compliance solution for DNC and TCPA compliance will hurt your marketing outreach, ultimately impacting revenue growth. However, this doesn’t have to be…