Blog
Understanding TCPA Compliance
May 7, 2024
What is the TCPA?
Understanding TCPA compliance begins with recognizing the foundational legislation that governs it. The Telephone Consumer Protection Act (TCPA) was enacted in 1991 by Congress to combat unwanted telephone marketing calls by placing restrictions around the use of an automated telephone dialing system as well as maintaining and adhering to Do Not Call (DNC) lists.
Check out our new TCPA infographic.
Understanding TCPA compliance and restrictions
Here are the restrictions outlined by the TCPA.
Automated telephone dialing system (ATDS)
An automated telephone dialing system, otherwise known as an autodialer, is “equipment which has the capacity – (A) to store or produce telephone numbers to be called, using a random or sequential number generator, and (B) to dial such numbers.” It is important to note that the definition of what constitutes an ATDS has evolved and varies by state, so it is crucial to understand each state’s stance on what an ATDS is before picking up the phone.
Under the TCPA, if your organization is using an ATDS or a telephone system with the capacity to be an ATDS, you must obtain prior express written consent to make telemarketing calls and text messages to residential phone numbers, and prior express consent for informational calls and text messages to these numbers.
Wireless restrictions
The TCPA prohibits telemarketers from calling wireless phone numbers using an ATDS unless the caller has obtained prior express consent, or if the call is being placed for emergency purposes. TCPA wireless restrictions apply to all wireless numbers, residential and business. This means that even if a number is being used for business purposes and is provided to you as such, you are at risk of a violation.
Text messaging restrictions
Under the TCPA, all marketing calls including SMS or text messages are subject to government regulation in addition to calls. The TCPA requires express written consent before contacting someone via SMS or text message. In other words, consumers do not have to opt-out or be on a Do Not Call list to avoid being contacted by text message. A business is not permitted to text a consumer unless the consumer provides express written consent to be contacted via text message.
When communicating with consumers via text message, it’s important that organizations always do the following when obtaining consent:
- Provide accurate information about the nature and content of text messaging when requesting permission
- Keep a record of all “written consent” received regardless of format
- Always provide an easy way to opt out of future communications and honor those opt outs in a timely manner
In most instances, expressed written permission (consent) does not expire. Generally, once a consumer opts-in to receive text messages, organizations are permitted to contact them until the organization receives an opt-out notice or consent is revoked. However, this rule can vary by state. For example, consent in the state of Florida expires after 18 months, making it so consumers have to opt-in again after that time to continue to receive messages.
Reassigned numbers database
Under the TCPA, consent is associated to the consumer being called, not the phone number. Therefore, callers will be held liable for soliciting phone numbers for which they previously obtained consent to contact if the number has since been reassigned. To avoid calling reassigned numbers, organizations must scrub their contact databases against the federal reassigned numbers database to identify these numbers.
Call curfews
Regarding curfews, be aware that the TCPA prohibits businesses from calling consumers before 8 a.m. or after 9 p.m. At the state level, these hours could differ.
There are also restrictions around holiday calling hours. Calls to phone numbers in certain states could result in violations of that specific state’s holiday calling solicitation restrictions. Different states have restrictions on various holidays each month, so it is critical that your organization stays in-the-know with these monthly changes.
Established business relationships
If your organization is placing outbound calls to customers, note that there could be exemptions for established business relationships (EBRs). An EBR exemption can be claimed for calls placed to do not call numbers in the following scenarios:
- Calls may be placed to do not call numbers where there is a relationship between the entity making the call and a consumer, based on the consumer’s purchase or transaction. This exemption allows the entity making the call to contact the consumer within the 18 months immediately preceding the date of the transaction, and neither party has previously terminated the relationship; or
- Calls placed to do not call numbers based on the consumer’s inquiry or application regarding products or services offered by the entity. Calls may be made within the 3 months immediately preceding the date of the inquiry, and neither party has previously terminated the relationship.
Calls made to numbers that have given prior express written consent will also be exempt from TCPA violation penalties.
Prior express written consent
The TCPA requires prior express written consent for telemarketing calls made to cell phones using an ATDS. Prior express written consent means that there must be a written or oral agreement, signed by the person receiving the call or text to consent to being contacted.
This carveout is specific to each organization and must be maintained to provide proof of consumer consent. The ways to get consent in “writing” in the digital age include website forms, text messages, telephone key presses, and voice recordings (varies by state).
Emergency purpose exemptions
Under the TCPA’s emergency purposes exemptions to consent requirements, calls made to both residential landlines and mobile phones under “emergency purposes” do not require consent, with “emergency purposes” defined as “calls made necessary in any situation affecting the health and safety of consumers.”
For example, a state of emergency may be triggered in the case of a hurricane, or a public health emergency like COVID-19, for which the FCC issued specific guidance regarding emergency purposes exceptions.
Additionally, it is important to be aware of individual state guidelines. In New York state, the New York Disaster Emergency Restrictions under the Nuisance Call Act mandate that it is unlawful for telemarketers doing business in the state to knowingly place an unsolicited telemarketing call to any person during a declared state of emergency. What does this mean for your business? Like federal and state do not call lists, it is important to keep up with both federal and state emergency purposes exemptions that may impact your outbound telemarketing efforts.
Call frequency
The TCPA also places restrictions on how many times you can contact a consumer in a given time period. These call frequencies vary by state, so it is crucial to be aware of each state you are calling into and their specific rules before you attempt to contact a consumer.
Common types of TCPA violations
Under the TCPA, here are the most common types of violations.
Unauthorized pre-recorded voice messages (robocalls)
Unauthorized pre-recorded voice messages, otherwise known as robocalls, are unlawful under the TCPA.
Unsolicited text messages
Unsolicited text messages are unlawful under the TCPA. The TCPA requires express written consent before contacting someone via SMS or text message.
Autodialed calls to cell phones
It is not permitted to contact someone on their wireless device using an ATDS. Only calls made to residential lines are permitted while using an ATDS or the system with a capacity to be an ATDS.
Violations of the Do Not Call Registry
The National Do Not Call Registry is a database maintained by the United States federal government, listing the telephone numbers of individuals and families who have requested that telemarketers not contact them. Under the TCPA, it is prohibited to contact someone who has registered their phone number on the DNC.
It is important to note that there are multiple DNC registries. In addition to the federal DNC, 11 states own and operate their own DNC registries: Colorado, Florida, Indiana, Louisiana, Massachusetts, Missouri, Oklahoma, Pennsylvania, Tennessee, Texas, and Wyoming.
Organizations also have internal DNC lists that also must be honored and maintained to prevent TCPA violations.
Deceptive caller ID practices (spoofing)
Caller ID spoofing is when the caller’s name or business does not match the telephone number. The FCC prohibits caller ID spoofing with the intent to defraud, cause harm or wrongly obtain anything of value.
On the state level, the rules on caller ID spoofing vary. Sellers must perform their due diligence when calling into different states to avoid risk. Louisiana, Illinois, Ohio, and Wisconsin are just some of the states that prohibit caller ID spoofing.
Consequences of violating TCPA compliance regulations
There are multiple consequences of violating TCPA compliance regulations, ranging from monetary fines to a damaged reputation.
Fines of $500 to $1500 per violation/call
The TCPA has a fine of $500 per violation/call if the caller unknowingly violates the TCPA and $1500 per violation/call if it proven that the caller willingly and knowingly violated any restrictions. This may not sound like a lot, but these fines add up quickly if your organization is found to have made more than 1 unlawful call.
Civil lawsuits
In addition to monetary fines under the TCPA, civil lawsuits may arise from violations. A civil lawsuit occurs when an individual holds the responsible party accountable for financial and emotional losses that resulted from personal injury. Civil lawsuits seek financial compensation only, making them popular amongst TCPA cases. While the fines for violating the TCPA can cost up to $500 or $1500 depending on the violation, there is no cap on statutory damages under the TCPA so thousands of dollars of violations can end up resulting in millions of dollars’ worth of penalties.
Class action lawsuits
A class action lawsuit is a type of civil lawsuit in which charges against a company or individual are brought forth by several plaintiffs. Class action lawsuits resulting from TCPA violations are among the most common types of class action lawsuits because TCPA violations have the largest payout in the history of American class action lawsuits. This is why understanding TCPA compliance is so critical to the success of your business.
Damaged brand and reputation
When businesses violate the TCPA, their brand and reputation are also affected negatively. The amount of money spent on fines and legal fees is nothing compared to the damage of a poor brand reputation. The fines and lawsuits can be paid, but your brand reputation will suffer long after it becomes known that you violated the TCPA.
Reduced shareholder value
In addition to fines, lawsuits, and brand damage, violating TCPA compliance regulations may also result in reduced shareholder value. Shareholder value is the value delivered by a company to investors who own shares in the company. When companies get hit with costly fines and lawsuits, the value of the company decreases, therefore reducing shareholder value as well. This can result in substantial financial losses for investors, reduced ability to raise capital, and more.
Loss of consumer trust
Loss of consumer trust is another massive consequence of violating TCPA compliance laws. When you violate a consumer’s privacy or do not honor their contact preferences by sending unsolicited messages or making unwanted calls, they are likely to lose trust in your business. When consumers lose trust that you can operate your business ethically, they may never purchase your products or services again. Can your business afford to lose consumer trust?
Understanding TCPA compliance best practices
To safeguard your organization against the effects of violating TCPA regulations, follow these best practices.
Obtain proper consent
It is imperative that organizations obtain proper consent before contacting consumers. This is one of the main regulations under the TCPA, and the backbone of remaining compliant. Obtaining proper consent ensures your organization is complying with federal regulations, protecting consumer privacy, enhancing customer relationships, and mitigating risks.
Maintain and honor Do Not Call lists
Another best practice to safeguard your organization from TCPA violations is to maintain and honor do not call lists. To avoid violating DNC regulations, it is important to avoid calling consumers who are on the federal, state or an internal DNC list. Companies that illegally call numbers on the national do not call registry can currently be fined up to $50,120 per call.
Keep records of consent
Not only is obtaining proper consent important, but keeping records of consent is equally important. In the case of an audit, you want to be sure you can provide the proper documentation needed. Failure to obtain clear and documented consent from consumers can lead to hefty fines and penalties.
In most instances, expressed written permission (consent) does not expire. Once a consumer opts-in to receive text messages, organizations are permitted to contact them until the organization receives an opt-out notice or consent is revoked. However, this rule can vary by state. For example, consent in the state of Florida expires after 18 months, making it so consumers have to opt-in again after that time to continue to receive messages, making it vital that organizations monitor consent expirations so that they can legally contact them again.
Regularly update consumer contact info
Periodically verify and update contact information to avoid contacting the wrong person. Consumers could change their phone number for any number of reasons. Since consent is tied to the person being called and not the actual phone number, it is important to ensure you are contacting the correct person you are intending to reach. To avoid violating compliance laws, make sure your consumer contact info is always up to date.
Include clear opt-out information in all communications
Always include clear opt-out information in all communications and make the opt-out process simple and easily accessible. This way, your organization is complying with legal standards and respecting customer contact preferences. Including clear opt-out information also enhances brand trust by giving individuals control over their communication preferences and builds a positive brand image.
Regularly train staff
Train employees regularly on TCPA compliance, including the latest regulations to avoid violating any laws. It is especially important that customer-facing staff are aware of compliance protocols since they are the employees who will be talking to customers daily. With an educated staff, your organization is less likely to make compliance mistakes.
Conduct regular risk assessments
Periodically assess any potential risks related to TCPA compliance in your compliance strategy. Compliance rules and regulations are constantly changing, which means your strategy is most likely being constantly updated as well. Regularly assess your compliance strategy to address any identified risks to prevent issues.
Avoid known litigators
There is an established group of known serial litigators that specifically target and entice telemarketing and collections organizations into calling them to initiate a class action lawsuit. These litigators, sometimes referred to as “litigator sharks,” use the TCPA to their advantage to create egregious lawsuits against TCPA violators. These litigators have extensive knowledge of TCPA regulations, court precedents, and compliance strategies, making them experts in navigating TCPA litigation.
Litigator sharks take advantage of the TCPA’s status as having the largest pay-outs in the history of American class action lawsuits and have been known to abuse the regulations to make TCPA litigation a big business, therefore someone you want to ensure you avoid in your outbound calling campaigns.
Stay informed about industry changes and standards
It is important to stay informed about industry changes and standards when it comes to compliance, so your organization always remains aware of new regulations. When new rules and regulations emerge, adjust your compliance strategy in a timely manner to ensure you remain compliant.
Is an automated compliance solution right for your organization?
If managing TCPA and DNC compliance sound difficult to manage, it’s because it is. An automated solution may be right for your organization. Gryph for Compliance delivers a robust, automated solution to help enterprise businesses preemptively eliminate DNC and TCPA compliance risk across their entire organization.
Gryph for Compliance is the only real-time, automated solution that mitigates risk of DNC and TCPA violations for all outbound communications. To learn more, contact us today.
Related Posts
Over the past year, significant legislative and regulatory compliance changes have reshaped how businesses handle consumer communications, especially around consent requirements. One of the most impactful updates is the Federal…
Collections contact compliance is critical to making sure your call centers and outbound telemarketers are adhering to the laws and regulations governing debt collection calls. Consumers have rights that must…
We’re thrilled to announce new features for Gryph for Collections! This update enhances customization, expands contact points, and strengthens screening controls, providing debt collectors with advanced compliance protection. What is…
Learn more about Gryphon