Professional Documents
Culture Documents
TCPA Compliance Checklist & Guide For Business Messaging
TCPA Compliance Checklist & Guide For Business Messaging
Compliance
Checklist &
Guide for
Business
Messaging
Aug 02, 2020 - 15
min read time
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 1 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
4. TCPA Violations: Text messages are subject to the same regulations and restrictions as telemarketing
calls.
5. Group Text Messaging
TCPA litigation has become hot stuff since 2015, so we’re providing businesses with the
knowledge they need to stay TCPA compliant.
8. Calls-to-Action (CTAs)
Chapter 1
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 2 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
TCPA stands for the telephone consumer protection act. The TCPA is a set of laws and
regulations enacted in 1991 to protect consumers’ privacy and reduce abusive
telecommunications.
The TCPA outlines various violations and offers a guide to businesses on how to contact
consumers
• When possible use a business messaging service that offers local 10DLC
messaging.
• Maintain a "Do Not Contact" list for all of your business contacts.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 3 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
Disclaimer: Please note that our advice is for informational purposes only. It’s not
meant to substitute for advice from qualified legal counsel.
There are several important things you and your business need to know about TCPA
compliance before sending text messages or making phone calls:
3. Use texting services that support local 10-digit long codes (10DLC).
6. Maintain records for opt-in and opt-out with a DNC (do not contact) list.
3. Use Texting Services that Support Local 10-Digit Long Codes (10DLC).
Older five and six-digit shortcodes are a thing of the past and many carriers like AT&T
aren’t supporting them.
These numbers and send pathways aren’t always verified and they only support one-
way mass texting.
Include your campaign purpose, message frequency, terms and conditions, privacy
policy, and info about message and data rates.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 4 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
6. Maintain Records for Opt-in and Opt-out with a DNC (Do Not Contact) list.
To protect yourself from liability you need to maintain up-to-date records of who has
and hasn’t opted into communication with your business
Chapter 2
Bottom line: you need consent for your business or organization to call and send text
messages. This isn’t negotiable.
If you don’t get the right level of consent at the right time for the right kind of
conversation, you could get into serious trouble with the law.
In short, unless a contact gives you prior express written consent, the TCPA, and FCC
rules ban both robocalls calls and robo-texts with artificial or prerecorded voice
and/or messages from autodialers.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 5 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
Consent varies based on the various types of conversations you have with your
customers (Conversational, Informational, Promotional, etc.) and on the nature of the
conversation (Transactional or Promotional).
Technology and automation also play an important factor. Getting the right kind of
consent depends on the content of the message and who or what sends it first.
Generally, you need three things before you start texting your customers.
If a customer texts your business first and you respond quickly with a single message,
then it is likely conversational.
As long as you respond with relevant information, then you don’t need verbal or written
permission.
This is called implied consent. It’s based on the already established relationship you
have with your customer or contact.
Informational messaging takes place when a contact gives your business their phone
number and asks to be contacted in the future.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 6 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
These messages are all in this category because the message content fulfills your
contacts’ original request.
For informational text messaging, your customer does need to agree to receive texts
specifically for informational purposes.
This is called express permission. Contacts may grant you this permission via text opt-
in, on a form, on a website, verbally or with written permission.
Express consent may also be orally recorded for all non-commercial, informational
texts from tax-exempt nonprofits, political campaigns, and other non-commercial
entities.
Promotional text messages are messages that directly promote, market, and sell your
business, product, or service. Before your business sends any promotional text
messages, you need express written consent.
Contacts may sign a form, check a box online, etc. to receive promotional text
messages. The important part is that you have this consent in writing.
If you already ask customers to sign forms or submit their contact information, then
consider adding a field to account for this level of consent.
First
Conversation
Consent Message Text Message Content
Type
Sender
Conversational Contact
Implied Two-way Responses to a specific,
Text or
Consent Conversation inbound customer request
Messaging Customer
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 7 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
Nonprofit
Express One-way
Tax Exempt or Group
Consent Alert or Two- Inbound Content Expressly
Nonprofit Text Acting on
(Oral or Way Related to Organization
Messaging Their
Written) Conversation
Behalf
Note: This table gives examples of the types of text message conversations and
required consent. This does not qualify as legal advice. It isn’t a substitute for legal
advice from qualified professionals.
Chapter 3
Implied Consent:
Express Consent:
Customer Opt-in
Customer Opt-out
Consent
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 8 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
At MessageDesk we have rules for importing contacts. Consent doesn’t just apply to
new contacts. It applies to all of your contacts - even the ones you import. Before you
import a list, make sure you’ve got the right form of consent from every contact.
Implied Consent:
If it’s “reasonable to believe” that you have permission to text a contact then you have
implied consent.
If a contact reaches out to your business and texts you first, then it’s reasonable to
assume you have permission to text the contact back, but only specifically regarding
their message.
The same holds true for email. If a contact emails your business, and their signature
includes their phone number, then you can reasonably assume they’ve given you
permission to call them.
Meeting someone in person and getting their business card also gives you permission
to contact them by the means listed on their card.
Keep in mind that this doesn’t grant you permission to send them promotional
messages regarding your product, good or service.
However, if the contact asked specifically for that information, then you have express
consent.
Express Consent:
The TCPA doesn’t specifically define express consent. It simply states that express
consent is a written or oral agreement that clearly indicates consent to receive texts or
calls at a particular phone number. Informational text messages fall into this category.
If a contact knowingly provides your business with a phone number as part of the
normal course of business, then you have implied express consent to message them.
But this only holds if the content of the message you send the contact relates to the
original reason they gave your business their number.
If a contact gave you their number and they expect to receive a confirmation of their
appointment or receive pertinent information regarding their account, then your
business has the right to contact them via implied express consent.
If you have a prior established business relationship with a contact, then in most
cases you also have prior express consent.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 9 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
This is written, recorded permission that a contact gives your business either on paper
or electronically. Your business will need express written consent from a contact if you
plan on contacting them regarding anything that’s promotional.
If the intent of your message is to sell or market your goods, product, or service, you
need express written consent.
The thing to remember is that express written consent isn’t implied or assumed. You
risk violating the TCPA until you’ve got written proof that they agree to receive texts for
promotional purposes.
In this case, “written consent” doesn’t have to mean written by hand. You just need a
record of it.
Digital agreements work great for express written consent since the FCC expanded the
definition to include web forms, written verbal agreements, or opt-in via text message
keyword.
Finally, don’t bury written consent in a long web form full written in legalese. The
recipient should clearly understand the terms of opting-in.
Texting or talking with an existing customer mean your business has a prior established
business relationship.
If a contact asked for information regarding your business within the past 3 months or
they’ve made a purchase or transaction with your business in the past 18 months, you
have an established business relationship with that contact.
An established business relationship with a contact gives your business prior express
consent to call or text with them.
Tax-Exempt Nonprofits
Tax-exempt Nonprofits are non-commercial. They don’t sell goods or services. As long
as their communications with contacts remain non-commercial, they can operate
under the assumption of express consent to call and text contacts.
Health Care
Health care messages sent on behalf of someone covered under a healthcare plan as
defined by the HIPAA Privacy Rules are exempt from normal TCPA consent standards.
Emergency Purposes
Calls and text messages for emergency purposes are for obvious reasons exempt from
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 10 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
The purpose of a CTA is to tell your customer what’s going on and to direct them.
Specifically, an opt-in CTA ensures that your customer agrees to receive a text
message and that they understand the terms and conditions associated with your text
message policy.
No matter what, every CTA you use in your text messages needs to be clear. It should
indicate to the customer what will happen if they click through.
Calls-to-Action and other text messages coming from your company shouldn’t contain
deceptive language. Don’t obscure opt-in and opt-out details in your terms and
conditions.
1. Explain what your product or service is. Contacts need to know what
they’re signing up for. Are they getting information or promotional offers?
Specify what you’re offering so there aren’t any surprises regarding
consent.
2. Show the telephone number(s) or short code(s) your messages come from
If you use a 10-digit long code, this can inform your contact where you’re
sending messages from.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 11 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
7. List any other applicable terms and conditions like contact information and
privacy policies.
Customer Opt-in
Business text messaging apps like MessageDesk already support the opt-in
mechanisms you need to stay compliant with the TCPA.
Messaging platforms like MessageDesk only allow you to send promotional texts after
your contacts have opted-in to receive them.
Having the right opt-in procedures limits liability by reducing the chance that a contact
receives an unwanted message. It also helps prevent messages from being sent to a
phone number that doesn’t belong to the contact who provided that phone number.
• Enter their telephone number and agree to the terms of service on your
website.
• Saying “yes” and opting-in via interactive voice response (IVR) technology.
Customer Opt-out
You need to offer your contacts the choice to opt-out of communications with your
business at any time. This message should state how and what words will opt a contact
out of communication.
Most every business text messaging platform uses the word “STOP” to opt contacts out.
The wording for all opt-out instructions needs to be unambiguous and support normal
language and variances like, stop, end, unsubscribe, cancel, quit, “please opt me out”,
etc.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 12 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
Links are an inherent part of how businesses communicate with contacts and
customers.
They’re great for when you want to ask a customer for a review, collect an open
invoice, schedule an appointment, or provide customer service.
However, texting a whole bunch of short links to large groups of people may prompt
some red flags at the carrier or message provider level.
With long URLs like https://mesagedesk.com, contacts know exactly where the link will
take them. With shortened links, a contact may not know where it’s sending them.
Bitly and Google’s Firebase Dynamic Links are great tools for shortening URLs and
creating shortlinks.
All invoice reminder text messages sent from MessageDesk populate automatically as
shortlinks.
Chapter 4
TCPA Violations:
TCPA Violations:
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 13 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
TCPA Violations:
Damages associated with TCPA violations range from $500 to $1,500 per violation.
Since 2015, it’s not uncommon to see federal courts award tens of millions of dollars
through class action settlements for TCPA violations.
In short, sending any unwanted texts or phone calls using a dialing system to your
contacts’ cell phone is a TCPA violation.
If your business doesn't have the right level of consent to send the right kind of
message, then you’re violating the TCPA. Below is a list of TCPA violations.
For your business to call residential numbers, you need an “established business
relationship” (EBR).
If you haven’t done business with the contact in the last 3-18 months, then you don’t
have an established business relationship.
This makes texting and calling via automated campaigns where that contact hasn’t
opted-in a TCPA violation.
Based on the content of your message, you will need prior implied, express or express
written consent before your business calls or texts a contact. If a contact has not opted
in and consented to messaging you are in violation of the TCPA.
If you have received consent to message a contact, you still need a means for them to
opt-out of all future messaging from your company. Most business messaging
providers already have “STOP” keywords in place.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 14 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
It’s illegal for your business to text or call anyone who has opted-out of
communications, especially those registering on the federal Do Not Call Registry.
In an effort to keep the messaging experience positive for everyone across all networks
the CTIA (an association of mobile carriers and industry advocates) has put forth
guidelines regarding sex, hate, alcohol, firearms, and tobacco (SHAFT).
The alcohol and legal cannabis/marijuana industries are of particular concern with
SHAFT.
If your business provides either of these goods or services you still need to comply with
SHAFT standards.
In most cases, this means having robust age-gates and normal opt-in and opt-out
capabilities.
Chapter 5
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 15 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
Depending on the type of business text messaging service your business uses, group
messaging might be possible. If you can send group text messages using your provider,
keep in mind the following recommendations:
• Make sure the service has strong anti-abuse controls and mechanisms in
place to accommodate sending many messages - most do.
• Check that the service specifically gives group members the ability to opt-
out of the group at any time.
• Finally, make sure the messaging service has features that prevent
contacts from getting caught in recursive or cyclical group messages that
involve more than one group. Opting a contact out of one group may not
opt them out of the other and so on.
It’s important that your business knows who they can and can’t call and text. To keep
the record straight, you need a DNC or “Do Not Contact” list.
Many business text messaging apps have systems in place to help you keep track of
this.
Documenting and saving opt-in and opt-out records with your messaging permissions
helps if you’re ever faced with a complaint.
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 16 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM
List Growth & Forms One-on-One & Team Service & Trade-Based
Messaging Businesses Solo Owner-Operators &
Scheduling & Appointments Independent Contractors
Group Text Without Reply All Medical, Dental & Clinical
Reviews, Polls & Surveys Offices Office Staff, Teams &
Automated Text Messages Multiple Locations
Text-to-Donate HR Departments & Staffing
Website Contact Forms Agencies Workplaces & Enterprises
Text-to-Pay
Webinars & Videos Google Review Link RCS Strategic Partnership Support
Generator
Learning Center Contact
Integrations Roadmap
https://messagedesk.com/resources/guides/tcpa-compliance/ Page 17 of 17