What Is the TCPA — and Why Does It Matter to Your Business?
The Telephone Consumer Protection Act is one of the most frequently litigated consumer protection statutes in America. Understanding it is the first step to protecting your business.
The Law in Plain English
The Telephone Consumer Protection Act (TCPA) was enacted in 1991 to restrict how businesses can contact consumers by phone, text, and fax. It is a federal statute that applies to virtually every business that communicates with consumers through regulated channels.
The TCPA specifically governs:
- Autodialed calls (calls made using an automatic telephone dialing system)
- Prerecorded voice messages (robocalls)
- SMS and text messages sent for marketing purposes
- Unsolicited faxes (fax advertisements)
If your business uses any of these communication methods to reach consumers, the TCPA applies to you — regardless of your industry or company size.
Who Enforces It?
The Federal Communications Commission (FCC) sets the regulations that implement the TCPA. However, the statute is primarily enforced through private lawsuits — individual consumers and class action plaintiffs, not government agencies, drive the vast majority of TCPA litigation.
Financial Exposure
- $500 per violation — statutory damages for each individual call, text, or fax that violates the TCPA
- $1,500 per willful violation — treble damages when a court determines the violation was knowing or willful
Class actions can aggregate hundreds of thousands of individual violations into a single case. A single marketing campaign that contacts 100,000 consumers without proper consent could generate $50 million to $150 million in potential statutory damages.
Risk Areas
Common TCPA Violations
These are the five most frequent TCPA violations that lead to lawsuits and regulatory action against businesses.
Calling or Texting Without Prior Express Written Consent
The most common violation. Businesses must obtain clear, documented written consent before sending marketing calls or texts. Verbal consent or implied consent is not sufficient for marketing communications.
Continuing Contact After an Opt-Out Request
When a consumer says "stop" or requests to be removed from a contact list, the business must honor that request promptly. Continued contact after opt-out is a separate violation for each subsequent communication.
Using an Autodialer to Call Do-Not-Call Numbers
Calling numbers on the National Do Not Call Registry or the business's own internal DNC list using an autodialer system violates the TCPA, even if consent was previously obtained.
Failing to Provide Opt-Out Instructions
Every marketing text message and prerecorded call must include clear instructions for how the recipient can opt out of future communications. Missing or unclear opt-out mechanisms create per-message liability.
Liability for Third-Party Violations
Businesses can be held vicariously liable for TCPA violations committed by their vendors, lead generators, or marketing partners. Hiring a third party to make calls does not insulate the business from responsibility.
What Counts as Consent?
For marketing communications (calls and texts that promote products or services), the TCPA requires prior express written consent. This is a higher standard than general consent and has specific requirements:
Clear, Signed Written Agreement
The consumer must sign (physically or electronically) a clear and conspicuous disclosure authorizing the business to contact them via the specified channel.
Specific Authorization for Marketing
The agreement must specifically authorize marketing communications — general terms of service or privacy policy acknowledgments are not sufficient.
Verbal Consent Is Not Sufficient
For marketing calls and texts, oral consent does not meet the TCPA standard. Written documentation is required and must be retained as evidence.
Revocable at Any Time
Consent must be revocable at any time through any reasonable means. Businesses cannot require consumers to follow a specific process to revoke consent.
Important
The burden of proof is on the business. If a consumer claims they did not consent, the business must be able to produce documentation showing that valid prior express written consent was obtained.
The Current TCPA Landscape
The FCC has expanded enforcement in recent years, issuing new rules that significantly increase compliance requirements for businesses that use third-party lead generators or multi-seller consent forms.
New "Lead Generator" Consent Rules (Effective January 2025)
The FCC's updated rules require one-to-one consent — a consumer's consent cannot be bundled to cover multiple sellers simultaneously. Each seller or marketing partner must have individual, specific consent from the consumer.
This means that a single web form collecting leads for multiple businesses must now obtain separate consent for each business individually. Pre-checked boxes, blanket consent clauses, and "partner lists" buried in fine print are no longer compliant.
Businesses that rely on purchased leads, affiliate marketing networks, or multi-seller lead forms must audit their consent workflows to ensure compliance with these new requirements. Failure to do so creates significant litigation exposure.
Take Action
Is Your Business at Risk?
Now that you understand the TCPA, the question is whether your current practices are compliant. Get a TCPA compliance review from Apello Consulting.