Find an Expert Witness

Forensic, General & Medical
Expert Witnesses

TCPA Compliance: A Checklist

In this article, the author explains the basics of the Telephone Consumer Protection Act (TCPA)--in particular the Automatic Telephone Dialing System (ATDS) element of the statute. He illustrates the risks associated with the use of "dialers" to communicate via voice or text and provides a detailed checklist of Dos and Don'ts. This is a purely objective checklist that applies equally to Plaintiffs and Defendants.

The Telephone Consumer Protection Act (TCPA) was passed into law in 1991. At the time, consumers were plagued by sales calls which it seemed always came at the most inconvenient times. You may remember jumping up from the dinner table half a dozen times a day to jump over the dog, navigate the maze of Legos the kids left strewn over the dining room floor, and snatch up the handset on your hard-wired phone only to answer a robocall from an obscure auto insurance company with a pre-recorded policy pitch. You had plenty of great auto insurance and didn’t need motorcycle coverage because you didn’t have one. What you did have was heartburn and a stubbed toe. What you did need was peace and quiet at dinnertime.

What’s the Big Deal … All of a Sudden?

Well, it is a big deal and it didn’t become so overnight. The world was a very different place in 1991. Your analog hardphone is now in the storage room only because you can’t give it away and you feel guilty donating it to the landfill. Your cellular phone is in your back pocket or on your belt and is not only voice capable but also supports text messaging, Internet access, Web surfing, and social media messaging. All of your voice calls, text messages and data usage are monitored and measured—inbound and outbound, upstream and downstream—and charges apply to every voice call, minute of talk-time, text message, and megabyte of data usage.

According to the FCC, “Unwanted calls are far and away the biggest consumer complaint to the FCC with over 200,000 complaints each year—around 60 percent of all the complaints we receive. Some private analyses estimate that U.S. consumers received nearly 4 billion [4,000,000,000] robocalls per month in 2018. Unfortunately, advancements in technology make it cheap and easy to make massive numbers of robocalls and to "spoof" caller ID information to hide a caller's true identity.” Technology is wonderful, but there is a dark side.

TCPA to the Rescue

In an effort to address a growing number of telephone marketing calls and certain other telemarketing practices thought to be invasions of privacy, Congress enacted the Telephone Consumer Protection Act of 1991 (TCPA), codified at 47 U.S.C. § 227. Most of us know, at least in general terms, about the restrictions on unsolicited telemarketing calls to consumers and the national Do-Not-Call (DNC) Registry designed to end those annoyances…or opportunities, depending on your perspective. Just to refresh your memory, the TCPA states “It shall be unlawful for any person within the United States, or any person outside the United States if the recipient is within the United States—(A) to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system [ATDS] or an artificial or prerecorded voice…(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call….”

The second provision then incorporates that definition in setting out the scope of the prohibition: “It shall be unlawful for any person . . . to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system… to any telephone number assigned to a…cellular telephone service[.]”

FCC Weighs In … As Do the States

The FCC repeated and elaborated on the statutory language, stating “The Commission has emphasized that this definition covers any equipment that has the specified capacity to generate numbers and dial them without human intervention ….” The FCC also has developed implementation guidelines and orders in its capacity as “An independent U.S. government agency overseen by Congress, the commission is the United States' primary authority for communications law, regulation and technological innovation.” The state governments have weighed in, as well, with their own statutes that more or less mirror the TCPA but vary in terms of allowable times of day for voice calls (e.g., 8:00 am to 9:00 pm) and frequency (e.g., not more than 3 calls per day). In 2003, the FCC revised its TCPA rules to establish, in coordination with the Federal Trade Commission (FTC), the nation’s consumer protection agency, the National Do-Not-Call Registry, thereby providing a mechanism by which consumers can advise potential callers of their desire to avoid unwanted telemarketing calls.

The penalties prescribed by the TCPA are considerable--$500 per violation, which triples to $1,500 for a willful violation, meaning that you knew your voice call, text or fax was in violation but you did it anyway. Multiply that by a few hundred or a few thousand calls, texts or faxes in a typical campaign and you are talking some serious money.

U.S. District Courts and Courts of Appeals have weighed in as lawsuits have proliferated over the years, thanks in large part to highly enthusiastic class action attorneys. The statute and FCC implementation guidelines have been challenged repeatedly. Decisions have varied widely by jurisdiction.

So, what’s a body to do?

My advice always is to follow the law and abide by the FCC regulations, of which there are more than a few. The FCC also has provided guidance outside of formal regulations. Let’s focus on outbound voice calls and text messages (also categorized as calls in the eyes of the law); fax transmissions are a category unto themselves and, as such, involve an entirely different set of regulations. A brief checklist follows:

• Do not call a number on the National Do-Not-Call Registry unless you have prior express consent. Scrub your list of telephone numbers against the NDNC at least every 31 days. Better yet, do so every day in real time.

• Do not call a residential telephone number before 8:00 am or after 9:00 pm (local time, called party).

• Do not place an autodialed call or a pre-recorded message call or send a text to a wireless (read cellular) number for advertising or telemarketing purposes unless you have prior express consent. Scrub your list of telephone numbers against one of multiple commercially available list of numbers ported from landline to wireless and do so every 31 days. Better yet, do so every day in real time. Note: Prior express consent is very tricky. You need a knowledgeable, skilled attorney to help you figure this out.

• Do not place an autodialed pre-recorded message call to a landline (i.e., wired) number for advertising or telemarketing purposes.

• Disconnect an unanswered telemarketing call within 15 seconds or 4 rings

• Do not abandon more than 3% of all telemarketing calls. Note: There are specific periods of measurement for each campaign and sensitive to the length of the campaign.

There are additional and very specific requirements for prerecorded voice messages, including:

• Identify the responsible calling entity (read business)

• Clearly state the regular telephone number of the calling entity. The telephone number provided may not be a number for which charges exceed local or toll (long distance) charges (read no 900 numbers).

• Provide an automated, interactive voice- and/or key press-activated opt-out mechanism for the called person to make a do-not-call request.

There are exemptions, including the following, subject to the changing legal landscape:

• Manually dialed calls. This is interpreted under FCC regulations and case law to mean calls that require human intervention to launch. (This gets tricky and is subject to interpretation, which can vary by jurisdiction.)

• Calls made for emergency purposes (think reverse 911)

• Calls made for other than a commercial purpose (think informational or political)

• Calls made by or on behalf of a tax-exempt nonprofit entity (think 501(c)(3))

Compliance Checklist

This can be confusing but confusion is no excuse for violating the law … as interpreted by the FCC and the courts. The costs of defending yourself to and through trial can be in the range of $500,000, which is serious money in my humble opinion. That’s the bad news. The good news is that help is available if you give it some thought and know where to look. The cost is a lot less than throwing yourself on the mercy of the Plaintiff—trust me on this one. I have several suggestions.

First, do not operate under the false assumption that you can outsource your way out of the problem. I am not an attorney, but am very much aware of a legal concept known as vicarious liability, meaning in the context of the TCPA that you can be held liable for TCPA violations committed by third-party call center operators calling on your behalf. It makes no difference if they are physically located in the U.S. or abroad. It makes no difference if you directed their activities, knew what they were doing, or not. In other words, your failure to direct, supervise or control is your problem. The issue gets a lot more complicated where resellers rather than contactors or agents are involved. I repeat, retain the services of a good attorney. (That would not be me.)

Second, do not operate under the false assumption that the manufacturer or software developer of the relevant system is responsible or jointly liable. Again, I am not an attorney, but I can suggest that you not rely on brochures, websites or other self-promoting marketing nonsense. Your failure to investigate, analyze and understand the technical specifics of the system can put you at extreme risk. Make sure that you get legally binding assurances from the system manufacturers that they are in compliance with the relevant provisions of the TCPA. (This may require considerable effort on your part.) Again, I am not an attorney, but I have been in business for a very long time and learned a lot in the process.

Third, do not operate under the false assumption that a cloud-based system insulates you from liability. In fact, the opposite may be the case. A premises-based system is more or less under your complete control; a cloud-based system is not. Again, I am not an attorney, but I can suggest that you not rely on brochures, websites or other self-promoting marketing nonsense. Your failure to investigate, analyze and understand the technical specifics of the system can put you at extreme risk. Make sure that you get written, legally binding assurances from the system providers that they are in compliance with the relevant provisions of the TCPA. Also, make sure you get written, legally binding assurances that they will support you fully in Declarations and Depositions, as necessary, should you be the subject of a TCPA lawsuit. (This will not be easy.)

Fourth, retain the services of a good, knowledgeable, seasoned attorney, experienced in TCPA defense. Large, communications-intensive companies generally have in-house counsel responsible for following the TCPA, as interpreted by the FCC and case law in all jurisdictions, and advising you with respect to compliance issues. They also follow relevant state laws and regulations. They generally supplement in-house counsel with knowledgeable outside counsel skilled in litigation. After all, there is always a potential lawsuit right around the corner, right? I am not an attorney but I spent my formative years in Texas, and can assure you this is not my first rodeo, so to speak. (Actually, this should be first on your list.)

Fifth, retain the services of a good technical expert to evaluate the nature of the data and telephony systems (aka dialers) you employ. This get tricky in the context of the TCPA, largely because the issues of capacity and human intervention come into play. Don’t wait until you are in litigation (read the subject of a lawsuit). Take the time and spend the money to get a prophylactic analysis of your dialer—system and subsystems—as well as the associated, interconnected DBMSs (DataBase Management Systems), CRMs (Customer Relationship Management) systems, PBXs (Private Branch eXchanges), and any and all other associated and especially interconnected systems and subsystems. Any of these, individually, and all of these and more, in combination, can put you at extreme risk. Note: By now you should know that I am not an attorney. Full disclosure: I am, however, a technical expert who has performed many dozens of compliance reviews for some of the largest financial institutions and survey companies in the U.S. (Actually, this should be second on your list.)


Apply your DIY to your BYP , not your TCPA . There are lots of bad actors—the kind of people that the TCPA was designed to stop. You may be a good actor but can get yourself in a lot of serious trouble if you don’t do all the right things in all the right order. Retain a good attorney or two to keep you on the straight and narrow path to legal compliance. Retain a solid expert to help you figure out the technical side of things. Don’t get cute. Don’t cut corners. If that is part of your program, plan on a really smart class action attorney to call your bluff and let’s hope you’re not playing a pot limit game.

Disclaimer: Ray Horak is not an attorney and does not offer legal advice or opinions. The legal information provided herein is, at best, of a general nature and cannot substitute for the advice of a competent, licensed professional with specialized knowledge who can apply it to the particular circumstances of your case. Consider contacting the local bar association, law society or similar organization in your jurisdiction to obtain a referral to a competent, licensed attorney.

Copyright © 2019 by The Context Corporation.
All rights reserved. This article or any portion thereof may not be reproduced or used in any manner whatsoever
without the express written permission of the author except for the use of brief quotations with full attribution.

By Context Corporation
Telecommunications, Data Communication Systems & Networks Expert Witness
Ray Horak is a seasoned writer, columnist, author, telecom consultant, and industry analyst who provides litigation support services as a consulting and testifying expert across a wide range of telecom matters, including the TCPA. He also frequently conducts corporate compliance reviews to assess the risk levels associated with customer contact and related systems, policies and procedures in the context of the TCPA, with the goal of minimizing, if not eliminating, the risk of adverse judgments.

Copyright Context Corporation

Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.

Find an Expert Witness