For any organization running high-volume outbound calling campaigns, the Telephone Consumer Protection Act (TCPA) landscape has never been more unforgiving. Statutory damages stack per call, class actions settle in the tens of millions, and courts are tightening what counts as a defensible compliance posture. This guide covers the single biggest exposure point most organizations are underestimating and the one tool the Federal Communications Commission (FCC) built specifically to address it.

The problem hiding in plain sight: the person who consented to receive your automated call may no longer own the number you’re dialing.

According to the FCC, over 35 million U.S. phone numbers cycle through this process every year. That’s roughly 100,000 numbers getting new owners every single day.

For any organization running Autodialed or Prerecorded Voicemail (APRV) campaigns, this churn creates a legal trap that no amount of good faith can escape. Under the TCPA, consent is tied to the individual, not the phone number. The moment a number changes hands, your prior express consent is gone. If your dialer reaches the new subscriber, you’ve committed a TCPA violation. Intent doesn’t matter. The statute is strict liability.

That’s the exposure. Now let’s talk about the dollar figures attached to it.

What Reassigned Number Lawsuits Actually Cost

TCPA violations carry statutory damages of $500 to $1,500 per call, not per lawsuit, per call. In high-volume outbound environments, that math compounds fast. And because the TCPA includes a private right of action, plaintiffs’ attorneys have strong financial incentive to find class members and push for maximum exposure.

Three recent settlements illustrate what’s at stake, and together they tell a story about how the RND is reshaping litigation itself.

  • Jackson v. Gen Digital, $9.95 million (D. Ariz., Jan. 2026): Gen Digital settled after placing prerecorded LifeLock and Norton alerts to more than 300,000 numbers belonging to non-customers, proof that purpose doesn’t matter when the number is reassigned. Settlement terms mandated ongoing RND scrubbing as a condition of resolution.
  • Puckett v. Western Express, $1.25 million (Case No. 25C1496): Five years of autodialed and prerecorded calls to reassigned numbers ended in a settlement that required an active RND subscription as a going-forward condition, not a recommendation.
  • Lewis v. Register.com, $1.5 million: Here the RND didn’t just inform the settlement. It defined the class itself, confirming every one of the 453 affected numbers as disconnected and reassigned before contact was made.

Three settlements. Three distinct ways the RND is now shaping litigation. It is no longer simply a safe harbor or a data validation tool. It is becoming the evidentiary standard by which wrong-number exposure is built, measured, and resolved, and courts are beginning to treat RND certification as a condition of resolution, not just a compliance best practice.

What Is the RND, and Why Is It the Only Real Answer?

The Reassigned Numbers Database (RND) is the FCC’s official solution to this problem. Created by the FCC’s 2018 Second Report and Order and operational for paid subscribers since November 2021, it’s a centralized database fed by mandatory monthly reports from every U.S. voice carrier. When a number is permanently disconnected, the carrier reports it. The RND tracks when.

To use it, you provide two inputs: the phone number you want to call, and either the date you obtained consent from that subscriber or the last date you confirmed the number still belonged to them. The database returns one of three responses:

  • No: The number has not been permanently disconnected since your provided date. You have a defensible basis to proceed, and if the database turns out to be wrong, you’re shielded from liability.
  • Yes: The number was disconnected after your provided date. Do not call. Proceeding after this response eliminates any safe harbor defense.
  • No Data: The database has no record, typically because your consent date predates the RND’s tracking window. No safe harbor applies here.

That “No” response is critical. It is the only FCC-sanctioned mechanism that provides a statutory safe harbor for APRV calls to numbers that turn out to have been reassigned. No other data source or scrubbing service can replicate it. And as the Gen Digital and Western Express settlements show, courts are now requiring RND compliance as a term of resolution, not just citing it as something defendants should have done.

What It Actually Takes to Do This Right

Using the RND isn’t just about having a subscription. The safe harbor depends on your query being valid, and a query is only valid if the last-contact date you submit is accurate. This is where many organizations create gaps in their own compliance programs without realizing it, submitting record-creation dates instead of verified last-contact dates, or running batch scrubs quarterly instead of on the required 31-day cadence.

Two additional elements round out a complete APRV compliance posture:

  • Wireless vs. landline identification: The TCPA’s highest-risk category is APRV calls to wireless numbers. Knowing which numbers in your portfolio are wireless and screening them accordingly is foundational, not optional.
  • Wrong-number documentation: When agents encounter wrong-party contacts, those reports need to flow immediately into account records and suppression lists. A documented wrong-number report sitting in a queue is a compliance failure in progress.

How Gryphon AI Closes the Compliance Gap

Most organizations understand the logic of the RND. The breakdown happens in execution, specifically in the gap between knowing you should query the database and ensuring that every outbound campaign actually does, with the correct date, at the right cadence, with results flowing back into suppression workflows automatically.

Gryphon ONE addresses this operationally:

  • Pre-dial RND validation runs before any APRV campaign reaches your dialer. Lists are scrubbed against the RND before a single call is placed, with flagged results automatically suppressed.
  • Automated last-contact date mapping ensures the date submitted with each query reflects actual verified contact history, not a record-creation date or system default. This is the detail that determines whether your safe harbor holds up when challenged.
  • Continuous cadence enforcement manages the 31-day refresh cycle so your lists don’t age out of compliance between campaigns.
  • Wireless identification runs in parallel, ensuring APRV campaigns are only directed at numbers where TCPA requirements have been properly assessed.

The result is a compliance posture that doesn’t depend on manual processes or institutional memory, one that works the same way on your highest-volume campaign day as it does on any other.

Frequently Asked Questions

If I have valid consent on file, do I still need to query the RND before every APRV campaign?

Yes. Consent is valid only as long as the consenting party owns the number. The RND tells you whether the number has changed hands since you obtained consent. Without that check, your consent documentation provides no protection if the number has been reassigned.

How often does the RND update, and how often should I scrub?

The database updates monthly, with new disconnection data uploaded on the 16th of each month. To maintain an active safe harbor, lists should be scrubbed at least every 31 days and ideally as close to the 16th as operationally practical.

Is RND use legally required?

At the federal level, use is strongly incentivized through the safe harbor mechanism but not universally mandated. Maine became the first state to require RND use by statute in July 2024. More states are expected to follow. Courts have also held that non-use is relevant to liability, particularly for willfulness findings that support trebled damages.

Does the RND safe harbor apply to text messages?

The RND’s safe harbor was designed around voice calls, but the same underlying risk applies to text campaigns. Consult legal counsel on how your specific text messaging practices interact with RND querying obligations.

The RND Is Your Litigation Shield, But Only If It’s Operational

The settlement record makes the risk concrete: courts are now building RND compliance directly into resolution terms, and plaintiffs’ attorneys target companies skipping the RND precisely because those companies have no statutory defense when they reach the wrong number. The database exists. The safe harbor exists. The shield is available, but only to organizations that have made RND querying automatic, accurate, and consistent across every campaign.

The question is not whether reassigned number exposure is real. It’s whether your compliance infrastructure is built to deploy that shield reliably, at scale, every time a call goes out.

Gryphon AI is built to make that answer yes, automatically, every time.

See How Gryphon ONE Operationalizes RND Compliance.

The Survival Guide to Outbound Calling: Why the RND Is Your #1 Litigation Shield

For any organization running high-volume outbound calling campaigns, the Telephone Consumer Protection Act (TCPA) landscape has never been more unforgiving. Statutory damages stack per call, class actions settle in the…

Compliance Is No Longer a Back-Office Function

Regulatory change is no longer a periodic event compliance teams can prepare for in advance. It is continuous, interconnected, and accelerating. For organizations in financial services, insurance, and healthcare, the…

Mastering the NYC SHIELD Rule: A Deep Dive into Real-Time Compliance and Growth

The NYC SHIELD Rule is a debt collection regulation, effective September 1, 2026, that establishes strict numerical limits on consumer contact frequency, dispute handling, and auditability requirements for collectors operating…