Insights
Not to be a Grinch, but… is your business TCPA compliant? (with apologies to Dr. Seuss)
Dec 15, 2023Every marketer down in Whoville liked text messages a lot.
But the Grinch, who lived just North of Whoville, did not! [1]
Does your business use text message marketing, telemarketing or faxing? If so, you may be exposing yourself to multi-million dollar liability under the Telephone Consumer Protection Act of 1991 (“TCPA”), which restricts telephone solicitations (including text messages and faxes). Read on for some tips on how to comply with the TCPA and avoid the pitfalls that have fueled class actions in this space from the plaintiffs’ bar Grinches. While this alert mainly focuses on text message marketing, businesses should be aware that their telephone and fax marketing campaigns must also comply with the TCPA.
Text Messaging Is Effective
All telemarketing is effective, particularly text messaging. Marketers love text messaging for good reason. According to the consulting firm Gartner, SMS messages have an open rate of 98% and response rate of 45%, compared to just 20% and 6% for emails, respectively.[2]But danger lurks…
Text Messaging Is Also Risky
Then he growled, with his Grinch fingers nervously drumming,
I must find some way to stop those unsolicited text messages from coming!
Originally passed to protect consumers from “the proliferation of intrusive nuisance calls to their homes from telemarketers,”[3]the TCPA places restrictions on the manner in which companies contact consumers by text message, phone call, or fax. It is a nuanced, complex, and frequently-litigated area of the law.
The TCPA is enforced by the Federal Communications Commission (“FCC”), but is also susceptible to a private right of action, incurring statutory damages of $500-$1500 per consumer, per unsolicited text message, phone call, or fax – with no requirement to prove actual harm.[4]
TCPA Class Action Lawsuits Routinely Settle in the Multi-Million Dollar Range
Then they got an idea! An awful idea!
The plaintiffs’ bar got a wonderful, awful idea!
Congress may not have intended for the TCPA to create a cottage industry for litigation, but that’s exactly what’s happened. The number of class action lawsuits filed under the TCPA has expanded greatly in recent years, and it is not uncommon to see seven-figure and even eight-figure class action settlements and verdicts in this area of the law.
To put it simply, TCPA lawsuits are easy money for plaintiffs’ attorneys. Virtually any business that conducts marketing via text messaging is at risk.
There Are Few Good Defenses in TCPA Litigation
Then he went up the chimney himself, the old liar.
On their walls he left nothing but hooks and some wire.
And the one speck of food that he left in the house,
Was a crumb that was even too small for a mouse.
Unfortunately, with no need to prove damages or intent, there are few good defenses to a TCPA lawsuit. Defendants may try to argue that the plaintiff and putative class members provided prior express written consent, or that the equipment used would not qualify as an autodialer under current case law.[5]If the business has implemented procedures to prevent inadvertently calling a number on the National Do Not Call Registry, such as having a publicly-available Do Not Call Policy, scrubbing against the National Do Not Call Registry, and maintaining an internal do-not-call list, it may also be able to invoke the TCPA’s safe harbor provisions. A defendant may be able to defeat class certification by arguing that there are individualized issues of consent. Unfortunately, many of these defenses can only be established after a good deal of discovery has been undertaken, which is expensive. Further, the precise requirements of “prior express written consent” and the Do Not Call safe harbor provisions may render these defenses inapplicable. Ideally, the business is compliant to begin with and escapes the notice of the TCPA Grinches.
A Compliance Checklist Is a Good Place to Start
Pop guns! And bicycles! Roller skates! Drums!
Checkerboards! Tricycles! Popcorn! And plums!
What can a business do to protect itself? While not a substitute for tailored legal advice, there are a few key concepts that may help your business avoid the TCPA Grinches. Important actions you can take include:
1. Obtain prior express written consent prior to text message marketing, telemarketing, or fax marketing.
Under the TCPA, “prior express written consent” means “an agreement, in writing, bearing the signature of the person called that clearly authorizes the seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice, and the telephone number to which the signatory authorizes such advertisements or telemarketing messages to be delivered.”[6]A valid consent must also include “a clear and conspicuous disclosure informing the person signing that: (A) By executing the agreement, such person authorizes the seller to deliver or cause to be delivered to the signatory telemarketing calls using an automatic telephone dialing system or an artificial or prerecorded voice; and (B) The person is not required to sign the agreement (directly or indirectly), or agree to enter into such an agreement as a condition of purchasing any property, goods, or services.”[7]In addition, the Cellular Telephone Industry Association (CTIA) and Mobile Marketing Association (MMA) have specific requirements for language that must be included in the verbiage of the “prior express written consent.” While these are not TCPA requirements, wireless carriers can and do forbid businesses from text messaging on their networks if these industry standards are violated. Ensure that your consent language is compliant. There are many examples of “almost compliant” consent that have resulted in TCPA lawsuits, but a well-crafted consent can head the TCPA Grinches off at the pass to Mount Crumpet.
2. If sending text messages, follow CTIA and MMA requirements, such as using a “double opt-in” message to confirm subscription.
The CTIA mandates the use of a double opt-in process, which requires a consumer to first send a text message in response to a call-to-action or sign up to receive messages in person or via a web form, and then confirm that consent to receive text messages by a reply text to an initial message asking for confirmation (such as a message asking the recipient to reply Y for yes to begin receiving messages). The CTIA requires specific language for the double opt-in message and has additional requirements for using “shopping cart reminders.” Further, the MMA has specific criteria that must be included in the business’s response to the HELP command.
3. For telephone solicitations, text message marketing, and fax marketing, offer consumers a way to opt-out, and honor opt-outs promptly.
Under the TCPA, consumers may revoke their consent at any time using any reasonable method.[8]The opt-out statement in the text message itself is a reasonable method, but there are many others that a consumer can use, such as calling or emailing the business to say they no longer want to receive messages. Opt-out requests must be honored no more than 30 days after the request is made, and should be recorded on the business’s internal do-not-call list.[9]The CTIA and MMA have also listed best practices for managing text message opt-outs and have specific requirements for words in addition to STOP that the text messaging system must recognize. If your business uses fax marketing, very specific opt-out language must appear at the bottom of the fax.
4. Do not call or text numbers on the National Do Not Call Registry unless an exception applies.
The TCPA prohibits making telemarketing calls to numbers on the National Do-Not-Call Registry (“NDNCR”), and businesses should regularly “scrub” their call lists against the NDNCR.[10]There are some exemptions to the NDNCR, including an Established Business Relationship (“EBR”) [11]and Prior Express Permission (“PEP”). [12]Both have specific requirements. If the business inadvertently calls a number on the NDNCR, there is a “safe harbor” available, so long as the company can show the call was a result of an error, and that it meets certain procedural, training and policy requirements.[13]These requirements are detailed and specific, but should be complied with as mistakes happen.
5. Keep an internal do-not-call list.
In addition to the NDNCR, companies must also record specific do-not-call or opt-out requests in an internal do-not call list.[14] The internal DNC list does not have an exemption for either an EBR or for PEP.[15] Internal DNC requests must be honored for five years from the date the request was made.[16]
6. Follow state-specific telemarketing laws and rules.
If the alphabet soup of the TCPA, the CTIA, and the MMA, wasn’t complex enough, many states have specific telemarketing laws, some stricter than the federal statutes. For example, some states have broader definitions of what constitutes an “automatic telephone dialing system,” or unique requirements for disclosures. It is important to ensure you are complying with state laws in every state you are conducting telemarketing.
Of course, this mini-checklist is not all-inclusive, as TCPA requirements are nuanced and complex. Merely following a checklist does not necessarily ensure compliance. Before embarking on a text messaging, telemarketing or fax marketing campaign, a business should consult with its TCPA counsel to ensure no threads are missed.
Takeaways
And what happened then? Well… in Whovillle they say,
That the Grinch’s small heart grew three sizes that day!
How the Grinch Stole Christmas has a happy ending, with the Grinch’s heart growing “three sizes.” Of course, it’s unlikely plaintiffs’ attorneys will experience such a change of heart. While the TCPA is a nuanced law and a checklist is no substitute for legal advice, we hope this alert provides points for discussion. With these in hand, businesses can avoid becoming a target of the TCPA Grinches.
[1] See, generally, Dr. Seuss, How the Grinch Stole Christmas! (1957).
[2] “Tap Into the Marketing Power of SMS,” Gartner, (Nov. 6, 2016)
[3] Telephone Consumer Protection Act Of 1991, PL 102–243, December 20, 1991, 105 Stat 2394.
[4] 47 USC 227(b)(3), (c)(5).
[5] Although the definition of an autodialer has shifted under the Supreme Court case Facebook, Inc. v. Duguid, it should never be assumed that a particular dialing system is not an autodialer, as this is a nuanced determination. 592 U.S. 395 (2021)
[6] 47 CFR § 64.1200(f)(9).
[7] Id.
[8] 30 FCC Rcd. 7961, ¶¶ 55-70.
[9] 68 Fed. Reg. 44144 at ¶ 21; 47 CFR § 64.1200(d)(6).
[10] 47 CFR § 64.1200(c)(2); 16 CFR § 310.4(b)(1)(iii).
[11] 47 CFR § 64.1200(f)(15); see also 16 CFR § 310.4(b)(iii)(B)(2);
[12] 16 CFR § 310.2(q); 47 CFR § 64.1200(f)(3).
[13] 47 USC § 227(c)(5); 47 CFR § 64.1200(c)(2)(i); see also 16 CFR § 310.4(b)(3); 68 Fed. Reg. 44144 at ¶ 16 (July 25, 2003).
[14] 46 CFR § 64.1200(d)(3).
[15] 68 Fed. Reg. 44144 at ¶ 80; 68 Fed. Reg. 44144 at ¶ 22.
[16] 68 Fed. Reg. 44144 at ¶ 21; 47 CFR § 64.1200(d)(6).
Related Practice Areas
-
Data Privacy & Security