banner ad
Experts Logo


Telephone Consumer Protection Act (TCPA) Compliance: A Checklist

This article originally appeared in Telecom Reseller ( July 2019

By: Ray Horak

Tel: (360) 428-5747
Fax: (360) 416-3378
Email Mr. Horak

View Profile on

The Telephone Consumer Protection Act (TCPA) was passed into law in 1991. At the time, consumers were plagued by sales calls which it seemed always came at the most inconvenient times. You may remember jumping up from the dinner table half a dozen times a day to jump over the dog, navigate the maze of Legos the kids left strewn over the dining room floor, and snatch up the handset on your hard-wired phone only to answer a robocall from an obscure auto insurance company with a pre-recorded policy pitch. You had plenty of great auto insurance and didn’t need motorcycle coverage because you didn’t have one. What you did have was heartburn and a stubbed toe. What you did need was peace and quiet at dinnertime.

What’s the Big Deal … All of a Sudden?

ell, it is a big deal and it didn’t become so overnight. The world was a very different place in 1991. Your analog hardphone is now in the storage room only because you can’t give it away and you feel guilty donating it to the landfill. Your cellular phone is in your back pocket or on your belt and is not only voice capable but also supports text messaging, Internet access, Web surfing, and social media messaging. All of your voice calls, text messages and data usage are monitored and measured—inbound and outbound, upstream and downstream—and charges apply to every voice call, minute of talk-time, text message, and megabyte of data usage.

According to the FCC, “Unwanted calls are far and away the biggest consumer complaint to the FCC with over 200,000 complaints each year—around 60 percent of all the complaints we receive. Some private analyses estimate that U.S. consumers received nearly 4 billion [4,000,000,000] robocalls per month in 2018. Unfortunately, advancements in technology make it cheap and easy to make massive numbers of robocalls and to "spoof" caller ID information to hide a caller's true identity.”1 Technology is wonderful, but there is a dark side.

TCPA to the Rescue

In an effort to address a growing number of telephone marketing calls and certain other telemarketing practices thought to be invasions of privacy, Congress enacted the Telephone Consumer Protection Act of 1991 (TCPA), codified at 47 U.S.C. § 227. Most of us know, at least in general terms, about the restrictions on unsolicited telemarketing calls to consumers and the national Do-Not-Call (DNC) Registry designed to end those annoyances…or opportunities, depending on your perspective. Just to refresh your memory, the TCPA states “It shall be unlawful for any person within the United States, or any person outside the United States if the recipient is within the United States—(A) to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system [ATDS] or an artificial or prerecorded voice…(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call….”2

The second provision then incorporates that definition in setting out the scope of the prohibition: “It shall be unlawful for any person . . . to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system… to any telephone number assigned to a…cellular telephone service[.]”3

FCC Weighs In … As Do the States

The FCC repeated and elaborated on the statutory language, stating “The Commission has emphasized that this definition covers any equipment that has the specified capacity to generate numbers and dial them without human intervention ….”4 The FCC also has developed implementation guidelines and orders in its capacity as “An independent U.S. government agency overseen by Congress, the commission is the United States' primary authority for communications law, regulation and technological innovation.”5 The state governments have weighed in, as well, with their own statutes that more or less mirror the TCPA but vary in terms of allowable times of day for voice calls (e.g., 8:00 am to 9:00 pm) and frequency (e.g., not more than 3 calls per day). In 2003, the FCC revised its TCPA rules to establish, in coordination with the Federal Trade Commission (FTC), the nation’s consumer protection agency, the National Do-Not-Call Registry, thereby providing a mechanism by which consumers can advise potential callers of their desire to avoid unwanted telemarketing calls.

The penalties prescribed by the TCPA are considerable--$500 per violation, which triples to $1,500 for a willful violation, meaning that you knew your voice call, text or fax was in violation but you did it anyway. Multiply that by a few hundred or a few thousand calls, texts or faxes in a typical campaign and you are talking some serious money.

U.S. District Courts and Courts of Appeals have weighed in as lawsuits have proliferated over the years, thanks in large part to highly enthusiastic class action attorneys. The statute and FCC implementation guidelines have been challenged repeatedly. Decisions have varied widely by jurisdiction.

So, what's a body to do?

My advice always is to follow the law and abide by the FCC regulations, of which there are more than a few. The FCC also has provided guidance outside of formal regulations. Let’s focus on outbound voice calls and text messages (also categorized as calls in the eyes of the law); fax transmissions are a category unto themselves and, as such, involve an entirely different set of regulations. A brief checklist follows:

  • Do not call a number on the National Do-Not-Call Registry unless you have prior express consent. Scrub your list of telephone numbers against the NDNC at least every 31 days. Better yet, do so every day in real time.
  • Do not call a residential telephone number before 8:00 am or after 9:00 pm (local time, called party).
  • Do not place an autodialed call or a pre-recorded message call or send a text to a wireless (read cellular) number for advertising or telemarketing purposes unless you have prior express consent. Scrub your list of telephone numbers against one of multiple commercially available list of numbers ported from landline to wireless and do so every 31 days. Better yet, do so every day in real time. Note: Prior express consent is very tricky. You need a knowledgeable, skilled attorney to help you figure this out.
  • Do not place an autodialed pre-recorded message call to a landline (i.e., wired) number for advertising or telemarketing purposes.
  • Disconnect an unanswered telemarketing call within 15 seconds or 4 rings
  • Do not abandon more than 3% of all telemarketing calls. Note: There are specific periods of measurement for each campaign and sensitive to the length of the campaign.

There are additional and very specific requirements for prerecorded voice messages, including:

  • Identify the responsible calling entity (read business)
  • Clearly state the regular telephone number of the calling entity. The telephone number provided may not be a number for which charges exceed local or toll (long distance) charges (read no 900 numbers).
  • Provide an automated, interactive voice- and/or key press-activated opt-out mechanism for the called person to make a do-not-call request.

There are exemptions, including the following, subject to the changing legal landscape:

  • Manually dialed calls. This is interpreted under FCC regulations and case law to mean calls that require human intervention to launch. (This gets tricky and is subject to interpretation, which can vary by jurisdiction.)
  • Calls made for emergency purposes (think reverse 911)
  • Calls made for other than a commercial purpose (think informational or political)
  • Calls made by or on behalf of a tax-exempt nonprofit entity (think 501(c)(3))

Compliance Checklist

This can be confusing but confusion is no excuse for violating the law … as interpreted by the FCC and the courts. The costs of defending yourself to and through trial can be in the range of $500,000, which is serious money in my humble opinion. That’s the bad news. The good news is that help is available if you give it some thought and know where to look. The cost is a lot less than throwing yourself on the mercy of the Plaintiff—trust me on this one. I have several suggestions.

First, do not operate under the false assumption that you can outsource your way out of the problem. I am not an attorney, but am very much aware of a legal concept known as vicarious liability, meaning in the context of the TCPA that you can be held liable for TCPA violations committed by third-party call center operators calling on your behalf. It makes no difference if they are physically located in the U.S. or abroad. It makes no difference if you directed their activities, knew what they were doing, or not. In other words, your failure to direct, supervise or control is your problem. The issue gets a lot more complicated where resellers rather than contactors or agents are involved. I repeat, retain the services of a good attorney. (That would not be me.)

Second, do not operate under the false assumption that the manufacturer or software developer of the relevant system is responsible or jointly liable. Again, I am not an attorney, but I can suggest that you not rely on brochures, websites or other self-promoting marketing nonsense. Your failure to investigate, analyze and understand the technical specifics of the system can put you at extreme risk. Make sure that you get legally binding assurances from the system manufacturers that they are in compliance with the relevant provisions of the TCPA. (This may require considerable effort on your part.) Again, I am not an attorney, but I have been in business for a very long time and learned a lot in the process.
Third, do not operate under the false assumption that a cloud-based system insulates you from liability. In fact, the opposite may be the case. A premises-based system is more or less under your complete control; a cloud-based system is not. Again, I am not an attorney, but I can suggest that you not rely on brochures, websites or other self-promoting marketing nonsense. Your failure to investigate, analyze and understand the technical specifics of the system can put you at extreme risk. Make sure that you get written, legally binding assurances from the system providers that they are in compliance with the relevant provisions of the TCPA. Also, make sure you get written, legally binding assurances that they will support you fully in Declarations and Depositions, as necessary, should you be the subject of a TCPA lawsuit. (This will not be easy.)

Fourth, retain the services of a good, knowledgeable, seasoned attorney, experienced in TCPA defense. Large, communications-intensive companies generally have in-house counsel responsible for following the TCPA, as interpreted by the FCC and case law in all jurisdictions, and advising you with respect to compliance issues. They also follow relevant state laws and regulations. They generally supplement in-house counsel with knowledgeable outside counsel skilled in litigation. After all, there is always a potential lawsuit right around the corner, right? I am not an attorney but I spent my formative years in Texas, and can assure you this is not my first rodeo, so to speak. (Actually, this should be first on your list.)

Fifth, retain the services of a good technical expert to evaluate the nature of the data and telephony systems (aka dialers) you employ. This get tricky in the context of the TCPA, largely because the issues of capacity and human intervention come into play. Don’t wait until you are in litigation (read the subject of a lawsuit). Take the time and spend the money to get a prophylactic analysis of your dialer—system and subsystems—as well as the associated, interconnected DBMSs (DataBase Management Systems), CRMs (Customer Relationship Management) systems, PBXs (Private Branch eXchanges), and any and all other associated and especially interconnected systems and subsystems. Any of these, individually, and all of these and more, in combination, can put you at extreme risk. Note: By now you should know that I am not an attorney. Full disclosure: I am, however, a technical expert who has performed many dozens of compliance reviews for some of the largest financial institutions and survey companies in the U.S. (Actually, this should be second on your list.)


Apply your DIY6 to your BYP7, not your TCPA8. There are lots of bad actors—the kind of people that the TCPA was designed to stop. You may be a good actor but can get yourself in a lot of serious trouble if you don’t do all the right things in all the right order. Retain a good attorney or two to keep you on the straight and narrow path to legal compliance. Retain a solid expert to help you figure out the technical side of things. Don’t get cute. Don’t cut corners. If that is part of your program, plan on a really smart class action attorney to call your bluff and let’s hope you’re not playing a pot limit game.


2. 47 USC § 227(b)(1)(iii))
3. 47 USC § 227(b)(1)(A)(iii).
4. Notice of Proposed Rulemaking of May 22, 2012
6. Do It Yourself
7. Back Yard Project
8. You know what that means


Disclaimer: Ray Horak is not an attorney and does not offer legal advice or opinions. The legal information provided herein is, at best, of a general nature and cannot substitute for the advice of a competent, licensed professional with specialized knowledge who can apply it to the particular circumstances of your case. Consider contacting the local bar association, law society or similar organization in your jurisdiction to obtain a referral to a competent, licensed attorney.

Mr. Ray Horak is a seasoned author, writer, columnist, telecom consultant, and industry analyst who provides litigation support services as a consulting and testifying expert across a wide range of telecom matters, including the TCPA. He also frequently conducts corporate compliance reviews to assess the risk levels associated with customer contact and related systems, policies and procedures in the context of the TCPA, with the goal of minimizing, if not eliminating, the risk of adverse judgments.

©Copyright - All Rights Reserved


Related articles


3/22/2022· Telecommunication

Global Standard Setting At 3GPP Endangered With Russia’s Invasion of Ukraine (Analyst Angle)

By: Keith Mallinson

It took the industry 30 years to consolidate mobile communications developments into a single 4G standard with the introduction of LTE and the demise of WiMAX. That attainment—also in 5G—should be cherished; but it is imperiled by geopolitical developments.


10/23/2018· Telecommunication

Analyst Angle: Gigabit LTE is a milestone on the road to 5G

By: Keith Mallinson

Recent new technology deployments with gigabit LTE at Telstra in Australia, Sprint in the U.S. and EE in the UK highlight how much mobile communications technologies have improved since the introduction of mobile data services with circuit-switched and then packet-switched offerings from around 20 years ago. Peak and average user speeds have increased by a factor of 10,000. By way of comparison, microprocessor performance doubling every couple of years, as predicted by Moore's Law, has increased it only one thousand-fold over that period. Cellular performance improvements are therefore quite spectacular given the vagaries of connecting through the ether up to hundreds of meters, as well as processing those signals in the confines of around one square centimeter of baseband processor silicon!


1/24/2018· Telecommunication

Analyst Angle: How to Provide Gigabit LTE Cheaply When You Don't Have the Spectrum?

By: Keith Mallinson

Consumers are only beginning to use LTE in unlicensed spectrum. So far chatter has mostly been about operator trials, commercial chipsets and sales of devices to seed the market before anyone is to be able to use the new service feature. Nevertheless, the commercial impact will be quite dramatic within a few years.

; broker Movie Ad

Follow us

linkedin logo youtube logo rss feed logo