Had her parents not fronted her the money for her Harvard and Yale applications, Megan Brown might never have ended up at Harvard. Always the pragmatist, she was seriously considering several reputable public institutions. Thankfully, her mother’s advice won out, and the legal world gained the formidable Wiley Rein Partner Megan Brown.

Now, Megan co-chairs the firm’s Privacy, Cyber & Data Governance practice, counseling global clients and associations on emerging cybersecurity and data governance regulations, including new incident reporting requirements and operational mandates. She represents corporations in high-stakes agency investigations and Congressional inquiries related to cyber and network security. A former senior Department of Justice official, Megan has led advocacy in Congress, testified before the U.S. Senate, and currently spearheads a legal challenge to a TSA cybersecurity directive. She also serves on the U.S. Chamber of Commerce’s Cybersecurity Leadership Council, is a Senior Fellow at the George Mason University Antonin Scalia Law School’s National Security Institute, and has co-hosted a cybersecurity podcast with American University’s School of Public Service and CrowdStrike. Beyond that, she sits on the Board of the Women’s High-Tech Coalition.

She takes a pragmatic approach with her clients every day. In this edition of One Expert, One Topic, Megan shares her low-lift way to fix the TCPA.

About The Series

This is the nineteenth installment in the “One Expert, One Topic” series, where field experts select a topic and share essential insights using Matt Abrahams’ What/So-What/Now-What format. Presented in written form, it allows you more time to absorb the topic and guides you on where to go for further learning. We are grateful to our contributors for sharing their wisdom in this format.

What

Megan has spent time thinking about reforming the parts of the TCPA that are most vulnerable to abuse—particularly how class actions are used to extract billion-dollar settlements from companies that made honest mistakes. We’re talking about paperwork issues. List hygiene slipups. The kind of stuff that might merit a fix-it ticket but instead turns into full-scale litigation.

And it’s not just about mistakes. It’s the structure of the law itself. Congress drafted the TCPA decades ago using terms that don’t cleanly apply in a world of mobile messaging and omnichannel outreach. But instead of starting over, Megan suggests two precise, actionable fixes:

1. Cap the damages. Right now, the statutory penalties pile up fast, especially in class actions. One misstep can cost a company hundreds of millions—if not more.
2. Raise the bar for class actions. If Congress won’t eliminate them—it should require actual evidence of willful violations before plaintiffs can bring massive cases forward.

These aren’t sweeping changes. They’re smart safeguards—ones that would preserve the heart of the TCPA while cutting off the worst abuses.

So What

This matters because the current system isn’t catching the real bad guys—it’s catching the ones trying to do the right thing.

Legitimate businesses—brands with compliance plans, audit trails, and opt-in workflows—are getting dragged into court over minor violations. Meanwhile, the overseas spam operations, the robocallers, the actual fraudsters? They don’t care about the TCPA. They’re untraceable, unbothered, and completely outside the reach of US enforcement.

The result is a split screen: on one side, companies drowning in lawsuits over technicalities; on the other, scammers blasting out phishing texts with zero fear of consequence. The law isn’t stopping the problem it was designed to stop. It’s just creating a high-risk compliance burden for the people actually trying to play by the rules.

And that’s not just unfair—it’s unsustainable.

Now What

So what should the industry do?

First, stay compliant. That’s table stakes. Be smart about documentation. Message responsibly. Don’t take shortcuts.

But just as important—speak up. If you’ve ever pulled back a product launch, killed a marketing campaign, or left a messaging feature on the cutting-room floor because of TCPA risk, say that. Put it in writing. Share it with your representatives and regulators. Let them see the real-world impact of a law that no longer fits the way people communicate.

And if you want to get involved in fixing it, connect with Megan. She’s not just sounding the alarm—she’s working on policy reform directly. She can help your company understand what’s at stake and how to engage in the right way.

Also worth your time: read her Senate testimony, where she breaks down how Congress can fix the law without weakening consumer protections. And dig into her whitepaper on the post-Duguid landscape—it’s one of the clearest reads on what changed, and why it matters. This isn’t about rolling back consumer rights. It’s about making the system work again—for everyone.