TCPA Litigation: Understanding the Safe Harbor Defense

As technology advances, businesses have more options to employ big data and implement lost-cost marketing strategies in reaching customers and generating revenues. However, the Telephone Consumer Protection Act (“TCPA”) contains strict provisions to ensure that businesses are not abusing that technology and harming consumers with harassing telemarketing calls and texts.

If your business employs such marketing strategies in contacting consumers, it is critical to have processes and procedures in place for national and state-by-state compliance. Understanding and tracking all of the legal developments to the TCPA is not enough.  For example, Florida’s mini-TCPA (“FTSA”) and the laws of various other states have significant distinctions and nuances you should be aware of in training your team and implementing ongoing compliance protocols.

This article addresses safe harbor protections for technical violations of the National Do Not Call Registry (“DNC”), which is a database maintained by the Federal Trade Commission, to allow consumers to opt-out of telemarketing communications. 

Safe Harbor Provisions

The law allows for certain safe harbor protections to those businesses who are acting in good faith to comply through sound policies and procedures. For instance, the TCPA provides that businesses can raise, as a defense to any action for calling an individual on a do-not-call list, that the “defendant has established and implemented, with due care, reasonable practices and procedures to effectively prevent telephone solicitations in violation of the do-not-call registry. See 47 U.S.C. § 227(c)(5). If an entity has violated the do-not-call portion of the TCPA, it can avoid liability if the call was placed in error and “as part of its routine business practice,” and if the business meets various standards.

Specifically, the business: 

(1) has written procedures in compliance with the national do-not-call rules;

(2) provides adequate training of personnel;

(3) maintains an internal do-not-call list of phone numbers that it does not contact; 

(4) uses “a process to prevent telephone solicitations to any telephone number on any list established pursuant to the do-not-call rules;” and 

(5) uses “a process to ensure that it does not sell, rent, lease, purchase or use the national do-not-call database, or any part thereof, for any purpose except compliance with this section and any such state or federal law to prevent telephone solicitations to telephone numbers registered on the national database.”

What can businesses do to demonstrate a viable safe harbor defense?

In analyzing the safe harbor protections, courts have found the presence of the following specific processes indicated compliance with the safe-harbor protections: 

1. The presence of an employee, department, or company that oversees TCPA compliance, training of employees, and ensures employee access to effective training.

2. Written procedures ensuring compliance with national do-not-call rules and detailing how TCPA compliance is handled.

3. Sufficient training at hiring of TCPA and internal procedures, followed by annual follow up training, and training whenever there is a statutory or regulatory change impacting TCPA compliance. Accompanying this training, courts have looked favorably on requiring employees placing calls to pass a certification test confirming understanding of TCPA requirements before placing calls. Employees have continued open access to review of the training materials at any time during the course of their employment.

4. Clear procedures and practices for placing callers on internal do-not-call lists if they indicate a desire not to be contacted.

5. Scrubbing call lists against national and state do-not-call lists.

6. In the event someone on the list is erroneously called, the company investigates and takes steps to minimize future errors.

7. Whether the calling business was “understandably mistaken in its belief that Plaintiff had consented to the call.”

Conclusion

TCPA compliance concerns more than just compliance with do-not call registries. Robust TCPA compliance may include engagement of experienced legal counsel, with a good understanding of your business model, who can review your standard forms, employee handbooks, onboarding and training materials. It would be prudent for legal counsel to audit and advise you on limiting exposure to TCPA claims in the future. The existence of these compliance materials can be the difference between millions in exposure and little exposure at all.