Over the last 30 years the evolution of consumer protection and data privacy regulations have required organizations to dramatically transform their approach to customer data management.
While most professionals are somewhat familiar with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) due to their more recent public passage and outward-facing impacts to digital storefronts, a surprisingly large number are not as aware of some of the more longstanding regulations, ones that have already had serious consequences for US businesses. These impacts range from outright financial settlements to an economically driven rethinking and modernization of their customer data management practices.
In this post I would like to briefly highlight one law in particular: theTelephone Consumer Protection Act of 1991(TCPA), which presents a surprisingly substantial risk to almost any business, but especially to those with large-scale automation or those companies in the financial services industry.
The TCPA was passed by theUnited States Congressin 1991 and signed into law by PresidentGeorge H. W. Bushas Public Law 102-243. It amended theCommunications Act of 1934.
The TCPA restricts telephone solicitations (i.e.,telemarketing) and the use of automated telephone equipment. The TCPA limits the use ofautomatic dialing systems, artificial or prerecorded voice messages,SMS text messages, andfax machines. It also specifies several technical requirements for fax machines, auto-dialers, and voice messaging systems—principally with provisions requiring identification and contact information of the entity using the device to be contained in the message.
For US-based companies (or potentially those based internationally but doing business with US-based clients, unless the recipient has given prior consent), theseFederal Communications Commission(FCC) rules under the TCPA generally apply:
- Prohibits solicitors from calling residences before 8 a.m. or after 9pm local time.
- Requires solicitors to maintain a company-specific "do-not-call" (DNC) list of consumers who asked not to be called; the DNC request must be honored for 5 years.
- Requires that solicitors honor theUS National Do Not Call Registry.
- Requires that solicitors provide their name, the name of the person or entity on whose behalf the call is being made, and a telephone number or address at which that person or entity may be contacted.
- Prohibits solicitations to residences that use an artificial voice or a recording.
- Prohibits any call made using automated telephone equipment or an artificial or prerecorded voice to an emergency line (e.g., "911"), a hospital emergency number, a physician's office, a hospital/health care facility/elderly room, a cellular telephone, or any service for which the recipient is charged for the call.
- Prohibits autodialed calls that engage two or more lines of a multi-line business.
- Prohibitsunsolicited advertisingfaxes.
- In the event of a violation of the TCPA, a subscriber may (1) sue for up to $500 for each violation or recover actual monetary loss, whichever is greater, (2) seek an injunction, or (3) both.
In the event of a willful violation of the TCPA, a subscriber may sue for up to three times the damages (i.e., up to $1,500), for each violation.
$1,500 may not sound like a lot of money to a multi-billion-dollar conglomerate, but when one considers the liability implied by large-scale automation with the potential to incur thousands or millions of infractions, this can unintentionally present a juicy target for many activist law firms. And indeed, a cursory search reveals there has been a significant track record of law firms aggregating plaintiffs and seeking a settlement under TCPA. My search yielded dozens of settlements since 1991, ranging in amounts from $2 million to even as high as $75 million. Here are just a few:
- $14 million settlement vs. Wells Fargo for 2009-2014
- $7 million for Target
- HSBC: $40 million (Sep. 2014)
This may seem unfortunate for those well-intentioned but perhaps overzealous telemarketers, but the financial risk of protectionist laws such as TCPA, GDPR, and CCPA make such careless approaches to customer data use just not worth the risk. To further illustrate this point, in January president Donald Trump signed the bipartisan Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act into law, which grows the per infraction cost for robocallers by over 500% (from $1,500 to $10,000 per infraction).
In a future where productivity and customer engagement will be increasingly driven by automated and artificially intelligent systems, companies must take every measure possible to ensure they have trusted and actionable data to be actually intelligent enough to avoid these serious financial risks.
- Do you know confidently where you customer’s residence is? Have they moved in the last 48 months? If you can’t find your customer, how do you know what privacy laws to consider in using that customer data?
- Do your automated collections, sales, and marketing staff consider things like customer time zone? Consent? Presence on the national and state Do Not Call registry? According to the TCPA, you need to.
- Do you know if your prospect email data is populated with malicious or suspicious addresses?
- Has your organization established verification and compliance logic for outbound SMS promotions or notifications?
If you answered “no” to any of these questions, your organization could be unintentionally creating a significant financial risk in today’s legal environment.
At Informatica, we believe these are fundamentally data governance problems, and for the last 25 years we’ve been providing tools that empower global enterprises to help grow their revenue while they curtail risk with a more intelligent approach to data.
Informatica Data as a Service (DaaS) helps organizations of all sizes verify and enrich their data so they can confidently engagewith their customers.With customer experience and compliance with applicable law a top focus across all industries, we can help ensure that messages and products make it safely to their intended targets via postal mail, email, or phone while minimizing your exposure to financial risks posed by laws like the TCPA.