TCPA Compliance Checklist & Guide for Business Messaging
TCPA Compliance Checklist & Guide for Business Messaging
Aug 02, 2020 - 15 min read time
What is TCPA? Comprehensive TCPA compliance checklist and guide to TCPA regulations and violations for calls and text messages.

TCPA Compliance Checklist and Guide: Everything Your Business or Organization Needs to Know

Text messages are a highly effective way to communicate with contacts and customers. In fact, 67% of people would rather text than talk.

What many businesses and organizations may not know is how the regulation applies to text messaging.
Text messages are subject to the same regulations and restrictions as telemarketing calls.

TCPA litigation has become hot stuff since 2015, so we’re providing businesses with the knowledge they need to stay TCPA compliant.

In This Guide You'll Learn:

  1. What is TCPA? What Does TCPA Stand for?
  2. TCPA Compliance Guide
  3. TCPA Compliance Checklist
  4. TCPA Consent Standards
  5. Text Messaging Consent Standards
  6. Three Types of Consent
  7. TCPA Consent Exceptions
  8. Calls-to-Action (CTAs)
  9. Opt-in and Opt-out Requirements
  10. TCPA Violations
  11. CTIA SHAFT Guidelines
  12. Maintaining a Do Not Contact List

What is TCPA? What Does TCPA Stand for?

TCPA stands for the telephone consumer protection act. The TCPA is a set of laws and regulations enacted in 1991 to protect consumers’ privacy and reduce abusive telecommunications.

The TCPA outlines various violations and offers a guide to businesses on how to contact consumers

TCPA Compliance Checklist

  • Conversational messages require implied consent.
  • Information messages require express consent.
  • Promotional messages require express written consent.
  • Don't purchase lists of phone numbers containing contacts who haven't opted in.
  • Don't use spammy technology like shortcodes, artificial voices, or recordings.
  • When possible use a business messaging service that offers local 10DLC messaging.
  • Don't text or call a contact before 8 am or after 9 pm, local time.
  • Don't text or call anyone on the National DNC Registry.
  • Maintain a "Do Not Contact" list for all of your business contacts.
  • List your business name, message frequency, and applicable messaging rates when contacts opt-in.
  • Provide contacts with an "opt-out" like "STOP".
  • If calling, disconnect if no one answers after 15 seconds or 4 rings, whichever comes first.
  • Don't send messages pertaining to alcohol to non-age-verified numbers.
  • Don't send messages with anything that's graphic, hateful, violent, or confidential.
  • Stay aware of updates to messaging regulations.

Disclaimer: Please note that our advice is for informational purposes only. It’s not meant to substitute for advice from qualified legal counsel.

TCPA Compliance Guide

There are several important things you and your business need to know about TCPA compliance before sending text messages or making phone calls:

  1. Get express written consent.
  2. Keep messages conversational.
  3. Use texting services that support local 10-digit long codes (10DLC).
  4. Include clear CTAs, terms of service, and privacy policies.
  5. Support "STOP" for opt-out.
  6. Maintain records for opt-in and opt-out with a DNC (do not contact) list.

1. Get Express Written Consent.
There are three types of consent based on the three different types of conversations typically had with contacts and customers.

To send automated marketing or promotional messages you need express written consent. If you don’t have proper express written consent, then you must put contact phone number in your DNC (Do Not Contact) list.

2. Keep Messages Conversational.
Message delivery and response rates go up when you have personalized, thoughtful conversations. Don’t get spammy and talk like a robot - carriers, regulators, and your contacts will appreciate it.

3. Use Texting Services that Support Local 10-Digit Long Codes (10DLC).
Older five and six-digit shortcodes are a thing of the past and many carriers like AT&T aren’t supporting them.

These numbers and send pathways aren’t always verified and they only support one-way mass texting.

4. Include Clear CTAs, Terms of Service, and Privacy Policies.
Every call-to-action (CTA) you use in your messages should be clear.

Include your campaign purpose, message frequency, terms and conditions, privacy policy, and info about message and data rates.

5. Support “STOP” For Opt-out.
The first message you send to new contacts must be an opt-in message that clearly states how to opt-out of future communication.

6. Maintain Records for Opt-in and Opt-out with a DNC (Do Not Contact) list.
To protect yourself from liability you need to maintain up-to-date records of who has and hasn’t opted into communication with your business

TCPA Violations:

Damages associated with TCPA violations range from $500 to $1,500 per violation. Since 2015, it’s not uncommon to see federal courts award tens of millions of dollars through class action settlements for TCPA violations.

In short, sending any unwanted texts or phone calls using a dialing system to your contacts’ cell phone is a TCPA violation.

If your business doesn't have the right level of consent to send the right kind of message, then you’re violating the TCPA. Below is a list of TCPA violations.

1. Sending Unsolicited Texts or Making Unsolicited Calls to Residential Phone Numbers

For your business to call residential numbers, you need an “established business relationship” (EBR).

If you haven’t done business with the contact in the last 3-18 months, then you don’t have an established business relationship.

This makes texting and calling via automated campaigns where that contact hasn’t opted-in a TCPA violation.

3. Not Allowing Contacts to Opt-out

If you have received consent to message a contact, you still need a means for them to opt-out of all future messaging from your company. Most business messaging providers already have “STOP” keywords in place.

4. Calling People Listed on the National Do Not Call Registry

It’s illegal for your business to text or call anyone who has opted-out of communications, especially those registering on the federal Do Not Call Registry.

Things Your Business Can’t Text – SHAFT

Business communications are a regulated channel. Obviously, various types of content come with additional restrictions.

In an effort to keep the messaging experience positive for everyone across all networks the CTIA (an association of mobile carriers and industry advocates) has put forth guidelines regarding sex, hate, alcohol, firearms, and tobacco (SHAFT).

The alcohol and legal cannabis/marijuana industries are of particular concern with SHAFT.

If your business provides either of these goods or services you still need to comply with SHAFT standards.

In most cases, this means having robust age-gates and normal opt-in and opt-out capabilities.

CTIA SHAFT Guidelines:

  • Content regarding controlled substances and adult content must be age-gated.
  • You can’t disperse content with depictions or endorsements of violence or hate.
  • Don’t send messages containing profanity or hate speech.
  • Endorsements of illegal drugs are forbidden.

Group Text Messaging

Depending on the type of business text messaging service your business uses, group messaging might be possible. If you can send group text messages using your provider, keep in mind the following recommendations:

  • Make sure the service has strong anti-abuse controls and mechanisms in place to accommodate sending many messages - most do.
  • Check that the service specifically gives group members the ability to opt-out of the group at any time.
  • Finally, make sure the messaging service has features that prevent contacts from getting caught in recursive or cyclical group messages that involve more than one group. Opting a contact out of one group may not opt them out of the other and so on.

Maintaining a DNC (Do Not Contact) List

It’s important that your business knows who they can and can’t call and text. To keep the record straight, you need a DNC or “Do Not Contact” list.

Many business text messaging apps have systems in place to help you keep track of this.

Documenting and saving opt-in and opt-out records with your messaging permissions helps if you’re ever faced with a complaint.