Share article:

TCPA compliance: your guide to consumer consent in the US.

With its proven ability to supercharge sales, boost your brand, and connect with customers, there’s no doubt that SMS is an essential tool in every marketer’s toolkit.

But it’s a tool that needs to be handled carefully. Like other channels, SMS comes with some pretty rigid rules in the United States to help protect consumers’ rights — and you need to be aware of them. A good starting point is the Telephone Consumer Protection Act (TCPA), the Cellular Telecommunications and Internet Association (CTIA) guiding principles, and the CAN-SPAM Act.

Below, we dive into what these rules mean for you if you’re sending in the United States, and provide some tips to help you toe the line with every SMS you send.

JUST SO YOU KNOW, WE CAN’T GIVE LEGAL ADVICE : This blog contains general information. The content of this blog does not constitute legal advice, is not intended to be legal advice, and should not be relied on as such. It’s important to seek your own legal advice about text messaging rules and regulations.

That’s why we recommend you check in with the primary sources that are making the rules if you’re sending in the United States, such as the TCPA.

Let’s unpack the TCPA first.

The basic idea behind the TCPA is consumer consent. That is, everyone has the right to choose whether they want to be contacted by a business or marketer.  

First introduced in 1991 to protect people from pesky telemarketing calls, it has since been extended to include rules around pre-recorded voice messages, robocalls, and unsolicited faxes. 

Here are the key things to know about the TCPA: 

  • As federal law, it applies to all companies operating in the United States — if you don’t follow its rules, you could be subject to serious fines  
  • Telemarketers can’t use autodialing and/or pre-recorded telemarketing messages without the recipient’s consent 
  • You need to give consumers the easy ability to revoke their consent (hello, SMS opt-outs), and if they do, then you have to stop calling or messaging — even if the phone number is ported to a new line 
  • You can only contact customers without consent in certain circumstances  

Many states are also implementing their own “Mini-TCPA” rules which apply to sending or receiving messages in those states, including more restrictive “quiet hours” when messages cannot be sent and restrictions on the number of messages that can be sent each day. Florida, Oklahoma, and many other states have robust legislation related to messaging that you should ensure you comply with.

OK, so what about the others?

There’s the CTIA.

The CTIA is an American trade organization made up of wireless carriers like Sprint and Verizon. One part of its mission is to share four best practices for SMS marketing, including: 

  • Display clear calls-to-action
  • Get customers’ consent
  • Send opt-in confirmation messages
  • Honor opt-out requests

You can face a ban from messaging on  carriers for violations. Compliance with the CTIA best practices is often required by the codes of conduct of US carriers — so it always pays to be mindful of them.

There’s the National Do-Not-Call Registry.

The National Do-Not-Call (DNC) Registry gives consumers the choice of whether they want to receive telemarketing calls or not. You can only call or text people on this registry if you have express written consent from them.

There’s the CAN-SPAM Act.

The CAN-SPAM Act is another law in the United States that spells out requirements for commercial messages — with tough penalties for businesses that don’t comply. For example, you need to identify that your message is an ad, tell recipients where you’re located, and include easy ways to opt-out.

And for your Canadian customers?

If you’re sending messages to customers in Canada, you’ll also need to be across the Canada Anti-Spam Legislation.

A TCPA violation could really break the bank.

TCPA violations and National DNC Registry violations have a big impact on SMS marketing — and, potentially, your bottom line.

Here’s what these violations could cost you:

  • $500 per violation of the National DNC Registry
  • $500 per phone call or text that violates TCPA regulations
  • $1,500 fee, if it can be proven that your company knowingly and willfully violated TCPA regulations

These TCPA fines are per violation. So, for example, if you text the same unsolicited message to 1,000 numbers, the $500 fee could apply 1,000 times, adding up to a whopping $500,000. And, if you continue to ignore the TCPA rules, it could lead to even more expensive class-action lawsuits.

The real-life examples below show just how serious a TCPA violation can be.

  • AT&T. In 2014, this telecom giant had to pay $45 million to a single plaintiff whose phone number had been used as a placeholder on the accounts of countless AT&T customers at a branch in Montana.
  • Dish. In 2017, the Illinois federal courts imposed a fine of $280 million on TV provider Dish for tens of millions of violations of the DNC Registry.
  • Caribbean Cruise Line. The cruise ship company had to pay $76 million in damages in 2016 after a robocalling scam that offered so-called free cruises.

A safe harbour against TCPA penalties.

If you send unsolicited texts in error, you could qualify for safe harbour — which means you won’t face these hefty penalties. To qualify, you need to tick a few things off, including: 

  • Written procedures for compliance with the DNC Registry  
  • Ongoing training for all staff 
  • Monitoring and enforcement of compliance within your business 
  • An internal, separate list of contacts that your business may not contact 
  • Records indicating that you accessed the DNC Registry no more than 31 days before contacting a number 
  • Confirmation that any calls violating the DNC Registry were made in error 

Please refer to the FTC website for the complete safe harbour requirements.

Tips to ensure TCPA compliance when texting.

While all of the above might sound a bit doom and gloom, the good news is that TCPA compliance isn’t that difficult. Use these tips when planning your next SMS marketing campaign to customers in America to help stay compliant: 

  • Ask customers to opt-in to your SMS updates either through written consent or a clearly labeled checkbox online 
  • Always include an easy way to opt-out, which can be as simple as including an opt-out keyword in all messages 
  • Don’t send messages too often, and always disclose the frequency of messages when the consumer opts in 
  • Be aware of timezones and send your messages at socially acceptable times (brush up on sending etiquette here
  • Keep your contact list up-to-date by removing old numbers or people who have opted out, and continually cross-referencing against the DNC Registry
  • Identify your business in every message
  • Don’t send adult content — messages shouldn’t contain information about drugs, nudity, or weapons

By applying these best practices, you’ll help ensure compliance with the TCPA rules, avoid fees and lawsuits, and ultimately keep your customers happy. Just remember, it’s your responsibility to comply with all the rules and regulations related to messaging. Learn more about SMS compliance best practices.

Get started with TCPA-compliant texting.

Woman wearing a yellow shirt pointing at a text bubble.