Coauthored Blog: Do You Really Know Your Customer’s Number?

  • Post author:
  • Post category:legal


In text messaging, consent is the golden ticket to outreach. If there is implied consent in subscriber-initiated communication or in emergencies, then outbound communication, especially around marketing, requires explicit consent. This type of consent has a time limit. CTIA guidelines say you should verify consent every 30 days, but what if that’s not enough? The cost of getting it wrong is very high.

Editor’s note: This post is co-authored with Alexis Buese, co-leader of Gunster’s Class Action Defense team. An accomplished attorney, Alexis has been both protecting brands against frivolous FTCA claims as well as working with the Florida legislature to ensure the law reflects the state-of-art in the industry and doesn’t find itself flat-footed like the TCPA has. In fact, the most recent updates to the FTSA were, in large part, due to the advocacy work that she and her team did at the Florida legislature. 

The Challenge in Outbound Texting

The Telephone Consumer Protection Act (TCPA) is the primary federal law governing the regulation of telephone solicitations. Any person, business, or entity that conducts telephone solicitations should comply with the TCPA. The TCPA covers voice calls, faxes, VoIP calls, and text messages. The TCPA is enforced through a private right of action that provides for $500 in damages per violation or $1,500 if it is willful. Most violations are brought as class actions and cases settledroutinely in the tens of millions of dollars. In 2021, the Supreme Court resolved confusion over the definition of an “automatic telephone dialing system” (ATDS). The decision in Facebook v. Duguid narrowed the type of equipment that constitutes an ATDS and therefore drastically limited the scope of “automated” calls and texts that violate the TCPA. However, the Facebook decision does not impact calls with pre-recorded or artificial voices or Do-Not-Call restrictions. It also does not affect other many state laws governing autodialing that have since gone into effect. For example, other states such as Florida, Oklahoma, and Washington have their own “mini-TCPAs,” which may have broader definitions of ATDS and also contain a private right of action with strict statutory penalties. 

The Top Mistakes Brands Make When Texting

Before we go into the details of the RND, as the matter is so critical and the cost of getting it wrong so high, it is important to list the top reasons why brands get texting wrong. 

  • Not obtaining prior express written consent: Obtain written consent for marketing communications. Do not wait to argue your system is not an autodialer in a lawsuit; obtain written consent before sending a text message, and keep a record of that consent and how it was obtained.
  • Not using a double opt-in: In a perfect, non-litigious world, brands would not need this, but that is not the world we live in. A double-opt in, which requires the consumer to reply “Y,” helps to produce a clear and concise text message history that shows they opted in. If someone makes a typo, you won’t end up with a reassigned number class action lawsuit. Make sure to include “STOP” directions so consumers know how to opt out if they wish—especially when it is a reassigned number.
  • Not using effective terms and conditions: Get your consumers to consent to your terms and conditions, not just saying they “viewed” them. Consider a class action waiver and arbitration provision to limit class action exposure. 
  • Check the Do Not Call Registry: Consumers who do not wish to be called can register their number on the National Do Not Call Registry. If they expressly opt in—and you can prove it (see above)—this will reduce the threat of litigation. Also maintain company-wide procedures for consumers who do not wish to be contacted.
  • Not scrubbing the database: Dirty databases lead to ineffective marketing campaigns and wasted time, but they also lead to potential class action lawsuits. Whether contacts fill in their forms too hastily or someone changes their number, you may end up with bad data in your CRM. Scrub your data monthly against the Reassigned Number Database (RND) to limit information that is outdated or inaccurate.  

How the RND Works

As per an FCC mandate, the RND requires each telephone number provider to report the date of the most recent permanent disconnection for each telephone allocated to the provider. The only data collected is the telephone number and the date of most recent permanent disconnection. Providers are required to report this data on the fifteenth of every month.  

The more quickly a disconnected number is reassigned to a new subscriber, the more likely marketing calls will be made to the wrong person. Therefore, the RND rules require a minimum of forty-five days before a permanently disconnected number can be reassigned.  

When a query is sent to the RND, one of three possible responses to each query is possible:

  • Yes. This telephone number has been disconnected on or after the date provided.
  • No. This Telephone Number queried has not been disconnected since the date of consent. A No response will also be returned if the query contained a consent date of January 27, 2021, or later, and the number has not been reported to the RND as disconnected
  • No data. This telephone number is not in the RND. A No data response will not be returned if the query contains a consent date of January 27, 2021, or later.

To effectively use the RND, it must be pinged once a month; otherwise once a number is recycled, the brand will not get a “yes” result. In other words, there are limitations to the RND.  It can only show a snapshot in time.  Unless a number is disconnected again, the info will be the same month over month, effective use requires using the latest version of the database. 

Additionally, the RND protects callers from TCPA liability in certain circumstances. The safe harbor is available as a litigation defense if three conditions are met. The caller must have (1) obtained consent from the intended call recipient, (2) queried the most recent version of the RND to verify that the intended recipient’s number has not been reassigned since the date of consent, and (3) received confirmation from the RND that the number has not in fact been disconnected (and thus not reassigned) since that date. Protection applies only to the current version of the database, so the maximum length of validity is thirty days (if the caller pings the database on the sixteenth of the month) and the minimum is one day (if the caller queries on the fifteenth of the month).

Finally

Anyone can take anyone to court. This also means there’s no such thing as a TCPA-proof marketing strategy. However, you can reduce the risk of violations. It means that even if someone takes you to court, you have enough safe-harbor provisions to give you good protection against an egregious claim. Checking against the RND database then is just good marketing hygiene.