The ClickPoint Blog: Lead Management, Sales and Marketing Insights

2025 Guide to TCPA, One-to-One Consent, CAN-SPAM & State Regulations

Written by Anders Uhl | November 15, 2024

A Guide to National and State Regulations, TCPA, One-to-One, and CAN-SPAM

Lead generation and contact regulations are essential for any business handling lead data. As federal regulations tighten and state rules vary, staying informed is vital. If your business involves leads, buying or selling, it's important to understand the regulations.

Companies that sell leads must comply with lead generation regulations, primarily around consent. However, lead sellers also benefit from understanding the sales engagement regulations that their clients face. Call centers face increased regulation in the leads that they procure and in the way that they contact them. Hopefully, this article will be beneficial to any business that works with leads.

The FCC’s recent one-to-one consent ruling has major implications for lead buyers and sellers. This includes lead generation companies, call centers, CPaaS providers, and any platform that relies on lead data.

This ruling establishes a stringent federal standard for telemarketing consent, impacting and, in some cases, superseding state regulations. 

It's important to note that violations can lead to state fines, federal fines, civil damages, and, in some cases, criminal charges. While federal standards supersede certain state regulations, penalties may still apply at both the state and federal levels. So even though One-to-One is more stringent than local regulations, violations are subject to both.

Table of Contents
Overview of Key Regulations
State-by-State TCPA and Consent Compliance

Preemption of Less Stringent State Laws

The FCC ruling requires specific consent for each vendor. This tightens the rules beyond the usual broad consent practices. This consent standard takes priority over any state laws. It does not allow for less specific or more general consent for telemarketing.

States previously permitting broad consent must now adhere to the FCC’s stricter rules. This shift impacts practices like general website opt-ins and shared partner lists. Examples include general website opt-ins or shared partner lists.

Businesses in these states must change their consent practices. They need to follow the new federal rules, even if state laws were less strict before.

Alignment with States with Stricter Consent Laws

In states like Florida and Texas, people must give written consent for automated calls. The FCC ruling makes federal rules more like these stricter standards. Now, all states must ensure individualized consent, similar to what stricter states already enforce. This creates a more consistent approach across state lines, reducing some of the compliance differences for businesses operating nationally.

Additional Compliance Requirements for Companies Operating in Multiple States

The one-to-one rule means companies must get clear consent for each business that contacts a consumer. This applies no matter the state’s telemarketing laws. Businesses in states with Do Not Call (DNC) lists, like Washington or California, must follow DNC rules. They also need to check that each lead has the required one-to-one consent by federal law.

In states like New York and Washington, there are special telemarketing rules. These include limits on calling hours and requirements for immediate identification. Companies must also provide consent documentation that meets FCC standards.

Increased Enforcement Risks and Consumer Litigation

Many states, like Texas and California, allow consumers to sue companies for telemarketing violations. The one-to-one consent rule helps consumers challenge calls that do not follow the rules. This is likely to increase consumer lawsuits across the country.

Companies not meeting the FCC’s one-to-one consent standard may face lawsuits. These lawsuits can happen at both the federal and state levels.

State Attorneys General can now use the FCC’s clearer standard in their enforcement efforts. They can pursue penalties against companies not meeting the federal one-to-one consent requirement. This applies even if there was more freedom under previous state laws.

Necessity for Updated Lead Generation and Consent Practices

The one-to-one ruling affects lead generation companies in all states. They must now get clear consent for each business listed on lead forms or in agreements. Companies must abandon older practices that rely on broad consent covering multiple entities. Instead, forms must list each business individually, allowing consumers to opt in for each one by name.

This affects states like New York and California. These states have strict rules about disclosing the source and use of consumer data. Lead sellers must reveal where they got the data. They also need to show that consumers agreed to each specific business involved in the contact.

Overview of Key Regulations

The Telephone Consumer Protection Act (TCPA)

The TCPA requires prior express written consent—meaning the consumer’s explicit permission, documented in writing—for all telemarketing calls. This rule applies to all marketing calls, whether auto-dialed, prerecorded, or manually dialed. The FCC's one-to-one rule states that this consent requirement applies across all forms of telemarketing calls.

Consent documentation must be obtained and verified before selling leads for telemarketing purposes. Penalties for TCPA violations can be severe. Fines can range from $500 to $1,500 per violation.

The rule applies to all marketing calls, whether auto-dialed, prerecorded, or manually dialed. The FCC's one-to-one rule confirms that this consent applies to all forms of telemarketing calls.

Consent documentation must be obtained and verified before selling leads for telemarketing purposes.

The National Do Not Call (DNC) Registry

The DNC Registry is a core element of telemarketing compliance. It allows consumers to opt out of unsolicited calls, and companies must check the list before contacting consumers.

Established by the TCPA, the National DNC list applies to all telemarketing businesses. It requires them to filter out registered numbers unless prior consent is given. Violations can result in fines of up to $43,792 per call.

CAN-SPAM Act

The CAN-SPAM Act governs email marketing, requiring clear opt-out mechanisms, accurate sender information, and truthful subject lines. While explicit consent is not mandatory, marketers must provide recipients with an opt-out option.

Penalties are imposed per non-compliant email sent. Each email violating CAN-SPAM requirements carries fines of up to $46,517

State-by-State TCPA and Consent Compliance

TCPA restrictions can vary by state. Some states, like Florida, have stricter consent requirements that go beyond federal law. Be aware of these additional state regulations to avoid violations.

Key considerations include:

States with more restrictive laws, such as Florida, require extra consent for certain calls.

Time zone tracking is important to ensure calls are made within permitted hours.

Maintaining compliance with state-specific Do Not Call (DNC) lists, in addition to the national DNC list.

Staying informed of these variations is crucial to ensure lead compliance across all regions.

Some specific state regulations include:

California

The California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) gives consumers detailed control over their personal data. The CCPA grants California residents the right to know what personal information companies collect and how they use it. Consumers also have the right to opt out of the sale of their data. Companies must provide an easy opt-out method, often through a visible "Do Not Sell My Personal Information" link.

Do Not Call (DNC) Laws

California enforces its own state Do Not Call list, adding a layer to the federal TCPA’s DNC requirements. Telemarketers must honor both state and federal DNC lists, ensuring compliance with California’s stricter rules. Telemarketers must maintain an internal DNC list for 10 years.

Robocall Regulations

California has strict regulations on robocalls to protect consumers from unwanted automated communications. A business can only make robocalls if it obtains clear, prior consent from the consumer. The law also mandates that businesses disclose when they are recording calls or using automatic dialing systems. Companies that use automated dialing or record calls must inform consumers clearly and transparently before proceeding.

Fines and Penalties

Under the CCPA, companies face fines of up to $2,500 per violation or $7,500 for intentional breaches. Consumers have the right to sue for damages between $100 and $750 per incident if negligence leads to a data breach.

Telemarketers who violate California’s Do Not Call list face fines of up to $11,000 per violation. Unauthorized robocalls and lack of proper disclosures can result in civil penalties ranging from $2,500 to $7,500 per infraction. The California Attorney General actively enforces these standards, pursuing additional sanctions or lawsuits for repeat or serious offenders.

Connecticut

Consent Requirements for Automatic Dialing

Connecticut enforces strict consent requirements for telemarketing calls involving automatic dialing systems or prerecorded messages. Telemarketers must obtain prior express consent from consumers before initiating auto dials. This law is similar to federal One-to-One standards but with additional state-level oversight.

Do Not Call Compliance and Record-Keeping

Connecticut has its own Do Not Call (DNC) list. Companies must ensure they are not violating the DNC list and maintain accurate and up-to-date records.

Connecticut law also mandates that callers retain records of consent and call details. Telemarketers must make this data available for inspection if required. This focus on record-keeping ensures accountability and transparency in telemarketing practices.

Telemarketing Disclosure Requirements

Connecticut law requires disclosures at the beginning of each call. The caller must clearly identify their business, state the purpose of the call, and provide a contact method for the business.

Fines and Penalties

Connecticut imposes penalties for violations of its telemarketing laws, particularly for breaches involving automated dialing without consent or failures in DNC compliance.

Standard fines range from $500 to $1,000 per violation, with additional penalties for repeat offenses or deceptive practices. In serious cases, the Connecticut Attorney General may pursue civil penalties and restitution orders to compensate affected consumers and ensure compliance.

Florida

Florida Telephone Solicitation Act (FTSA)

The Florida Telephone Solicitation Act (FTSA) enforces strict telemarketing regulations, requiring prior express written consent for marketing calls and texts to Florida residents. The FTSA applies to communications involving auto-dialers, prerecorded messages, and other automated systems. These regulations are more stringent than the TCPA, and Florida authorities rigorously enforce them.

The TCPA, particularly with One-to-One consent, focuses on telemarketing practices specifically, while the FTSA extends its reach to cover a broader range of automated communications. Businesses must secure clear, written consent from each consumer prior to any outreach. The TCPA requires consent for telemarketing texts, but Florida’s strict emphasis on SMS documentation and enforcement heightens compliance requirements.

Telemarketing Identification and Consent Requirements

Under the FTSA, Florida mandates that telemarketers identify themselves and disclose the purpose of the call or message. This extends to both automated calls and text messages, with a requirement for individual consent for each business entity. SMS marketing to Florida residents requires express written consent, and companies should maintain detailed records of all obtained consents. Thorough documentation is essential to defend against potential claims or disputes that may arise from non-compliance.

Private Right of Action

The FTSA grants Florida residents a private right of action, allowing consumers to sue businesses that violate consent requirements. This provision has led to increased consumer lawsuits, including class actions, particularly targeting businesses that bypass or inadequately document consent procedures. To mitigate these risks, companies must retain thorough and accessible records documenting each instance of consumer consent.

Do Not Call Compliance

Florida enforces its own Do Not Call (DNC) list in addition to the national DNC list. Telemarketers can not contact individuals who have opted out through the state or federal DNC list. For lead generation and telemarketing companies, this necessitates effective DNC management practices, including regular list updates, to avoid inadvertent violations. Compliance with both state and national DNC regulations is essential to maintain lawful telemarketing practices.

Fines and Penalties

Florida imposes substantial penalties for telemarketing violations under the FTSA. Standard violations incur a fine of $500 per instance. Willful non-compliance can result in penalties of up to $1,500 per violation. These penalties serve as a deterrent, encouraging strict adherence to the FTSA’s telemarketing laws and consent protocols.

Attorney General Enforcement

The Florida Attorney General enforces compliance with the FTSA, holding authority to investigate violations and impose civil penalties. The Attorney General’s office can pursue fines, seek injunctions, and impose additional penalties on repeat offenders.

Illinois

Consent Requirements for Telemarketing Calls and Automatic Dialing

Illinois enforces strict consent requirements for telemarketing calls, particularly those made using automatic dialing systems or prerecorded messages. Prior express consent is required prior to calling, adding a state-specific oversight to federal One-to-One. Illinois law emphasizes clear, documented consent to prevent unsolicited automated outreach, with substantial penalties for non-compliance.

Illinois Biometric Information Privacy Act (BIPA)

Illinois’s Biometric Information Privacy Act (BIPA) includes protections relevant to telemarketing, especially for companies that use biometric data, such as voiceprints (voice identification). BIPA requires businesses to obtain written consent before collecting, using, or storing biometric data. Additionally, companies must inform consumers about the purpose and duration of data use. Violations of BIPA can lead to significant penalties, including both civil damages and private right-of-action lawsuits.

Do Not Call Compliance and Disclosure Requirements

Illinois requires telemarketers to adhere to both the state and federal Do Not Call (DNC) lists. Illinois also mandates disclosure requirements for seller identity and nature of call.

Restricted Call Hours

Illinois restricts telemarketing calls to certain hours, allowing calls only between 8:00 AM and 9:00 PM. All calls must be made within these hours, regardless of the time zone of the caller or recipient.

Fines and Penalties

Illinois imposes substantial fines and penalties for violations of its telemarketing laws. Standard fines can reach $1,000 per violation. Additional penalties apply to repeat offenses, deceptive practices, or failures to comply with BIPA. Under BIPA, violators may face civil damages of $1,000 for each negligent violation and $5,000 for each intentional violation.

The Illinois Attorney General is also authorized to pursue civil penalties, injunctions, and restitution for consumers.

Maryland

Effective January 1, 2024, Maryland's "Stop the Spam Calls Act" requires prior express written consent for telephone solicitations via automated systems. It also imposes call time and frequency restrictions and provides a private right of action for violations.

Massachusetts

Consent Requirements for Telemarketing and Automatic Dialing

Massachusetts enforces strict consent requirements for telemarketing, particularly for calls made with automatic dialing systems or prerecorded messages. Telemarketers must obtain prior express consent before initiating these calls, in line with federal One-to-One standards. Massachusetts law emphasizes the need for clear, documented consent to prevent unsolicited communications, holding companies accountable for proper compliance.

Do Not Call Compliance and Record-Keeping

Massachusetts has its own Do Not Call (DNC) list in addition to the federal DNC list. Massachusetts also requires that companies keep consumer consent and DNC compliance records and make them available for state inspection. This focus on comprehensive record-keeping enhances transparency and accountability in telemarketing practices.

Telemarketing Disclosure Requirements

Telemarketers must clearly state their identity, the name of the business they represent, and the purpose of the call.

Restricted Call Hours

Massachusetts restricts telemarketing calls to specific hours, allowing calls only between 8:00 AM and 8:00 PM. Telemarketers must comply with these time restrictions regardless of the time zone to respect consumers’ daily routines and privacy. Calls made outside these hours are violations subject to penalties.

Fines and Penalties

Massachusetts imposes significant fines and penalties for violations of its telemarketing laws, particularly for breaches involving DNC compliance and failure to obtain proper consent.

Standard fines can be up to $5,000 per violation, with additional penalties for repeated infractions or deceptive practices. The Massachusetts Attorney General has the authority to pursue civil penalties, injunctions, and restitution orders on behalf of consumers. In cases of egregious violations or patterns of non-compliance, telemarketers may face higher fines and increased regulatory scrutiny.

Michigan

Michigan Do Not Call (DNC) Law

Michigan enforces its own Do Not Call (DNC) requirements, mandating that telemarketers update their DNC lists every 30 days. This is a more frequent schedule than the federal TCPA’s 31-day update requirement. Telemarketers should regularly review and adhere to the latest version of Michigan’s DNC list to avoid inadvertent violations. 

Michigan Home Solicitation Sales Act (HSSA)

The Michigan Home Solicitation Sales Act (HSSA) is designed to protect consumers from deceptive or high-pressure sales tactics. This is critical when purchases or contracts are made at the consumer’s home or over the phone.

Telemarketing Disclosure Requirements

Under Michigan law, telemarketers must meet specific disclosure requirements during each call. At the beginning of every call, the caller must clearly identify the seller’s name and state the nature of the call.

Fines and Penalties

Failure to comply with Michigan’s DNC and disclosure requirements can lead to prosecution by the Michigan Attorney General.

Civil Penalties

Violations of the Home Solicitation Sales Act, which encompasses telemarketing activities, are considered unfair or deceptive practices under the Michigan Consumer Protection Act. Such violations can result in civil penalties, including fines and potential lawsuits from the Attorney General, county prosecutors, or individual consumers.

Criminal Penalties

Certain violations are misdemeanors, punishable by imprisonment for up to six months, fines up to $500, or both. These penalties apply to specific acts defined as unfair or deceptive under the law. This includes misrepresentations by telephone solicitors.

Mississippi

As of July 1, 2024, Mississippi has enacted amendments to its telephone solicitation laws, imposing stricter regulations on calls related to Medicare Advantage plans. This effectively bans telemarketing for Medicare supplement plans. These changes are unique and may face legal challenges.

Nevada

Consent Requirements and Opt-Out Options for Telemarketing

Nevada law requires prior express consent from consumers before calling, especially for automated dialing or prerecorded messages. This is in addition to federal One-to-One, so fines may compound. Additionally, Nevada mandates an opt-out option for consumers at the start of each call.

Nevada Privacy Opt-Out and Data Management

Nevada’s privacy laws are similar to California’s CCPA but with a narrower scope. Consumers have the right to opt out of selling their personal information. Lead generation companies that collect or handle personal data must provide an opt-out mechanism on their websites. Companies must track and honor opt-out requests to remain compliant.

Do Not Call Compliance and Record Maintenance

Nevada enforces both the state and federal Do Not Call (DNC) lists. Companies must routinely update their contact lists to exclude DNC registrants and maintain records of DNC compliance. Nevada requires lead generation businesses to document consent and compliance practices thoroughly. Like other states, records must be readily accessible to meet regulatory requirements and assist in state audits or inspections.

Telemarketing Disclosure Standards

Nevada requires disclosures at the beginning of each call. This includes the identity of the caller, the name of the business represented, and the purpose of the call.

Fines and Penalties

Nevada imposes substantial penalties for telemarketing violations. Standard fines for non-compliance can reach up to $1,000 per violation. Penalties increase for repeated offenses or patterns of non-compliance.

The Attorney General’s office can seek civil penalties, injunctions, and additional remedies to enforce compliance. Lead generation companies and call centers found in violation face significant fines and additional oversight.

New Jersey

Consent and Disclosure Requirements for Telemarketing

New Jersey also requires explicit consumer consent before calling leads. Non-compliance with consent requirements exposes companies to substantial penalties under state law. Effective December 1, 2024, New Jersey requires telemarketers to make specific disclosures within the first 30 seconds of a call. Failure to comply will result in fines and legal action if the call involves misleading or deceptive practices.

Do Not Call Compliance

New Jersey enforces its own Do Not Call (DNC) registry in addition to the federal DNC list. Companies must maintain up-to-date records that reflect both registries.

Violations of DNC requirements can lead to substantial fines and additional regulatory scrutiny. Accurate compliance records are necessary to avoid penalties resulting from even unintentional contact with restricted numbers. Regularly updating DNC lists and documenting each compliance step is essential to limit legal exposure and financial liabilities.

Robocall Regulations and Recording Notification

New Jersey has stringent regulations regarding robocalls, requiring documented consent for all automated calls. Telemarketers must also inform consumers if calls are being recorded. Failure to do so results in potential fines and penalties. Non-compliance with these requirements increases the risk of state fines and may trigger lawsuits.

Data Protection and Privacy

Under the New Jersey Consumer Fraud Act (CFA), telemarketers must use strict data protection standards when handling consumer data. The CFA bans misleading practices in data use. It also stops companies from sharing personal information without clear disclosure and consent.

Fines and Penalties

Violations of New Jersey’s telemarketing regulations carry significant financial consequences. Under the Consumer Fraud Act, companies can face civil penalties of up to $10,000 for a first offense. Fines for subsequent offenses can be as high as $20,000.

Consumers have the right to bring private lawsuits under the CFA. Private litigation can result in treble damages (triple the actual damages). This means companies can face substantial payouts in cases of willful or repeated non-compliance.

The Attorney General can also pursue restitution for affected consumers, injunctions, and further civil penalties, particularly for deceptive practices or patterns of misconduct.

New York

Data Breach Notification Law

New York enforces several regulations to protect consumers in lead generation and lead sales. The SHIELD Act (Stop Hacks and Improve Electronic Data Security) requires businesses to protect personal data. Required security measures include encryption, secure access protocols, and regular security assessments.

Lead generation companies that collect and store consumer data are also subject to these requirements. In the event of a data breach, businesses must promptly notify affected New York residents. This makes secure data handling essential for any company involved in lead sales.

New York General Business Law

New York General Business Law Section 399-Z establishes strict telemarketing rules. Telemarketers must identify themselves and the purpose of their call at the beginning of each interaction.

Do Not Call Compliance

Consumer requests to be added to internal Do Not Call (DNC) lists must be honored. This ensures that those who opt out are not contacted again. These rules support transparency and consumer choice, which are crucial for lead buyers relying on telemarketing.

Disclosure

For lead sellers, disclosure requirements promote transparency about how consumer data was obtained. This includes disclosing whether data came from web forms, third-party vendors, or purchased lists. Understanding the origin of leads is important for buyers and strengthens consumer trust.

Fines for Telemarketing Violations

Companies that fail to comply with Section 399-Z requirements can face fines. Each violation may result in fines of up to $11,000.

Businesses not implementing the required data security measures (e.g., encryption, secure access, and regular assessments) may face civil penalties. The New York Attorney General can impose fines of up to $5,000 per violation.

Oregon

Consent and Automated Call Restrictions

Lead generation companies and call centers in Oregon must obtain explicit, documented consent before making calls using automated dialing systems or prerecorded messages. This consent must be specific to each business that contacts the consumer. It should follow the federal One-to-One consent standard.

Calls made without required documented consent violate Oregon’s regulations and are subject to enforcement actions and fines. Manual calls must still comply with Oregon’s Do Not Call (DNC) list requirements and disclosure obligations.

Do Not Call Compliance

Oregon enforces both the state and federal Do Not Call (DNC) lists, regardless of the call type. Lead generation companies must regularly update their calling lists to exclude registered numbers, ensuring adherence to opt-out regulations. Oregon also mandates detailed record-keeping of DNC compliance, including documentation of list updates and procedures.

Caller Identification and Disclosure Requirements

Under Oregon law, telemarketers must clearly identify themselves, the business they represent, and the purpose of the call. Additionally, callers must provide accurate contact information if requested. All telemarketing calls must include these disclosures, regardless of whether they involve automated dialing.

Fines and Penalties

Oregon imposes significant penalties for violations for non-compliance with consent, DNC, or disclosure requirements. Each violation may result in fines of up to $5,000.

Companies with repeated or severe infractions may face increased penalties. The Oregon Attorney General has the authority to pursue injunctions, restitution for affected consumers, and additional civil penalties to enforce compliance with state laws. For calls involving automated systems or prerecorded messages, non-consent penalties are compounded by federal One-to-One requirements.

Pennsylvania

Lead generation companies and call centers in Pennsylvania must adhere to specific regulations to avoid substantial penalties.

Telemarketer Registration Act Compliance

Pennsylvania's Telemarketer Registration Act requires businesses that telemarket in the state to register. Companies must complete registration with the Attorney General's office at least 30 days before making calls. This requirement applies to entities making or receiving calls to or from Pennsylvania residents, regardless of the company's location.

Do Not Call Compliance

Telemarketers are required to honor both the federal and Pennsylvania state Do Not Call lists. The state list is updated quarterly, call lists must be cleaned within 30 days of receiving it.

Violations result in civil penalties of up to $1,000 per incident. If the consumer is 60 years of age or older, penalties can be as high as $3,000 per violation.

Caller Identification Transparency

Pennsylvania law prohibits telemarketers from blocking or misrepresenting their caller identification information. The caller's name and phone number must be accurately displayed on the recipient's caller ID. Violations of this provision are subject to penalties under the Telemarketer Registration Act.

Time Restrictions on Telemarketing Calls

Telemarketing calls to Pennsylvania consumers are restricted to the hours between 8:00 AM and 9:00 PM. Calling outside these hours is illegal and can lead to penalties.

Enhanced Penalties for Senior Citizens

Pennsylvania imposes higher penalties for telemarketing violations involving consumers aged 60 or older. Fines can be increased to up to $3,000 per violation for senior citizens.

Record-Keeping Requirements

Telemarketers must maintain records of all telemarketing activities, including call logs, consumer consents, and Do Not Call compliance documentation. Companies must retain records for at least two years and make them available to the Attorney General upon request.

Fines and Penalties

Non-compliance with Pennsylvania's telemarketing regulations can lead to substantial penalties. Standard violations of DNC or disclosure requirements may incur fines of up to $1,000 per violation. For calls targeting seniors, fines may increase to $3,000 per violation.

For repeat or serious infractions, the Attorney General’s office can pursue civil penalties, injunctions, and additional enforcement actions. Severe violations or patterns of non-compliance may lead to criminal charges.

Tennessee

Extension of Telephone Solicitation Rules to Text Messages

Effective July 1, 2024, Tennessee has expanded its telemarketing regulations to cover text message solicitations in addition to traditional telephone calls. Under this new law, businesses must comply with Tennessee’s existing prohibitions and requirements related to consent, DNC compliance, and disclosures, whether the communication is made via phone call or text message.

Specific Definitions and Exceptions

The law introduces clear definitions for "telephone solicitation" to encompass both calls and text messages that promote goods or services. Text message solicitations are treated with the same legal weight as calls, meaning businesses must obtain prior express consent before sending marketing text messages. Exceptions to the law apply for non-commercial communications, emergency notifications, and messages from political or charitable organizations. However, even these entities must follow basic DNC requirements when contacting consumers.

Do Not Call Compliance

The law requires all telemarketers, including those using text messages, to adhere to Tennessee's DNC list. Businesses must regularly update their contact records to ensure that consumers who have opted out of marketing communications are excluded. Failure to respect DNC preferences for text messages is treated as a violation equivalent to a prohibited call.

Disclosure Requirements

Telemarketers must provide clear and accurate information in text messages, just as they would in a phone call. The initial text must include the identity of the sender, the nature of the solicitation, and an easy opt-out mechanism. This is essential to ensure transparency and give consumers immediate control over further communications.

Fines and Penalties

Non-compliance with Tennessee’s expanded telemarketing regulations can lead to substantial penalties. Each unsolicited or improperly sent text message counts as an individual violation, and fines can be imposed for each offense. Standard fines range from $500 to $1,000 per infraction, with higher penalties for willful violations or repeated infractions. Tennessee’s Attorney General has the authority to enforce these regulations, which includes pursuing civil penalties and injunctive relief to halt non-compliant practices.

Texas

Consent Requirements for Telemarketing Calls

Texas law mandates prior express consent for all telemarketing calls made with an automatic dialing system or prerecorded message. However, the FCC’s One-to-One consent standard overrides Texas’s consent requirements with a federal mandate. Telemarketers in Texas must comply with federal and state standards by obtaining and documenting separate consent for each business.

Despite the federal One-to-One requirement, Texas’s existing consent laws and penalties still apply. Federal and state penalties for non-compliance both apply. Businesses must document consent to avoid violating both Texas law and the FCC’s ruling.

Call Recording Requirements

Texas requires one-party consent for recording calls. One party on the call must consent for the recording to be legal. This rule applies to telemarketing and sales calls, allowing recordings as long as at least one party agrees.

Enhanced Protections for Senior Citizens

Texas law includes additional protections for senior citizens, defined as individuals aged 65 and older, to safeguard against telemarketing fraud and deceptive practices.

Telemarketers are prohibited from using coercive or high-pressure sales tactics when interacting with seniors. This includes practices such as repeatedly contacting individuals, using aggressive language, or creating urgency to push immediate decisions. Violations of this provision can result in significant penalties, particularly if they involve elder abuse or manipulation.

Fines and Penalties

For fines imposed by the state, particularly through enforcement actions by the Texas Attorney General, amounts vary depending on the violation's severity and specifics. Texas law does not set fixed fines for each telemarketing violation, but standard fines typically start at $1,000 per violation. These fines can increase significantly with each additional infraction.

Private Right of Action

Texas grants consumers the right to sue companies that fail to comply with telemarketing laws. For each violation, consumers may seek damages ranging from $500 to $1,500 per violation. Penalties increase for willful or intentional breaches. When violations target or exploit senior citizens, courts may award triple damages in cases of severe misconduct.

Enhanced Penalties for Targeting Seniors

Enhanced fines can apply to cases involving senior citizens or egregious deceptive practices. These fines can exceed $5,000 per violation in cases involving willful, repeated, or severe misconduct, particularly when elder exploitation is involved. The state can also revoke business licenses and, in extreme cases, pursue criminal charges under elder protection statutes. 

By leveraging both federal standards and state-specific penalties, Texas enforces a rigorous consumer protection strategy, especially for senior citizens. 

Washington

Robocall Scam Protection Act

Effective July 23, 2024, Washington's "Robocall Scam Protection Act" expands the scope of the Consumer Protection Act. This expansion includes injuries arising from transmitting commercial solicitations using automatic dialing and announcing devices. The law also aligns state telemarketing regulations with federal do-not-call registry restrictions.

Washington State Privacy Act

Washington imposes strict privacy laws similar to the California Consumer Privacy Act (CCPA). Businesses that collect personal data from Washington residents must be transparent about data collection. Consumers hve the right to access, correct, or delete their information. This regulation affects lead generation companies, requiring clear disclosure on how consumer data will be used.

Telemarketing Identification and Consent Requirements

Washington requires that telemarketers identify themselves and state the purpose of their call within the first 30 seconds. They must obtain clear consent for any recorded calls and ensure consumers know they are speaking to a telemarketer.

Data Breach Notification Law

Requires that affected consumers are notified within 30 days of breach discovery. Lead generation companies should dedicate themselves to secure data handling. This helps prevent breaches and ensures they meet notification requirements if a breach happens.

Do Not Call Compliance

Washington has its own state Do Not Call (DNC) list, which must be honored alongside the federal DNC list. Telemarketers must ensure they respect both lists and avoid contacting individuals who have opted out of marketing communications. For lead buyers and sellers, this means thorough DNC list management is essential to remain compliant. Washington imposes strict penalties for Do Not Call (DNC) violations to encourage telemarketing compliance:

Fines and Penalties

Telemarketers who violate Washington's DNC laws can face civil penalties of up to $5,000 per violation. This is considerably higher than penalties in many other states and emphasizes Washington’s strict stance on telemarketing compliance.

Consumer Right to Sue

Washington allows consumers to bring a lawsuit against companies that violate DNC rules. Consumers can recover actual damages or a statutory amount. Statutory damages can increase significantly if the violations are willful.

Attorney General Enforcement

The Washington Attorney General actively enforces DNC compliance. They can also can seek additional penalties or injunctions to stop companies from further violations. This can include heightened fines and legal action against repeat offenders.

Lead buyers and sellers in Washington must follow state and federal Do Not Call (DNC) lists. To reduce the risk of fines, organizations must keep compliance records.

West Virginia

In 2024, West Virginia introduced two new bills targeting telemarketing practices to enhance consumer protection. These bills—House Bill 4886 and Senate Bill 500—set clear consent rules. If passed, they will limit calling practices and make businesses more responsible for violations.

Senate Bill 500: Amendments to the WVCCPA

Senate Bill 500 amends the West Virginia Consumer Credit and Protection Act (WVCCPA). It places stricter regulation on telemarketing consent standards and practices. Key provisions of this amendment include several strict requirements.

Prohibited Deceptive Practices

Senate Bill 500 bans deceptive practices such as caller ID masking and voice alteration to prevent fraud and misrepresentation.

Restricted Calling Hours and Call Attempt Limits

Telemarketers can only call between 8:00 AM and 8:00 PM in the consumer's time zone. Calls on the same topic are restricted to three attempts within a 24-hour period.

Fines and Penalties

Companies face $1,000 fines per violation if they fail to provide callback options as required by House Bill 4886. Senate Bill 500 further strengthens consumer protections, imposing penalties for telemarketers who disregard consent requirements or engage in deceptive practices.

The West Virginia Attorney General can also impose civil penalties and take legal action against repeat offenders.

Consumer Right to Sue

Senate Bill 500 enhances consumer rights by allowing individuals to take legal action against companies that violate these regulations. Consumers may seek up to $200 for each violation or claim actual damages, whichever is higher.

 

The FCC’s one-to-one consent ruling raises the compliance standard for all states. This means every state’s businesses must follow the highest level of telemarketing consent. For states with strict telemarketing laws, this means better alignment with federal rules.

For other states, it requires them to adopt tougher standards. To stay compliant, businesses must update their consent practices nationwide. This ensures individualized consent for each seller and thoroughly documenting each instance to meet both state and federal requirements.

You can learn more about state calling on our Telemarketing Calling Restrictions & Hours by State blog.

Disclaimer: This content is provided as a guide and is not intended to replace legal counsel on compliance matters. Telemarketing regulations and requirements vary and evolve. Each business's obligations differ based on specific operations and state(s) of operation. Please consult with appropriate legal counsel for advice or clarification on your unique compliance needs.

 

DATA REFERENCES

Federal Communications Commission (FCC).
"Telephone Consumer Protection Act (TCPA)." FCC. Accessed November 6, 2024. https://www.fcc.gov/general/telemarketing-and-robocalls.

Federal Trade Commission (FTC).
"National Do Not Call Registry." FTC. Accessed November 6, 2024. https://www.ftc.gov/business-guidance/advertising-marketing/telemarketing.

Orrick, Herrington & Sutcliffe LLP.
"FCC Closes TCPA Lead Generator Loophole, Requires One-to-One Consent." Orrick.com. December 2023. https://www.orrick.com/en/Insights/2023/12/FCC-Closes-TCPA-Lead-Generator-Loophole-Requires-One-to-One-Consent.

Nolo.
"The TCPA: Protection Against Robo-Calls & Prerecorded Calls." Nolo. Accessed November 6, 2024. https://www.nolo.com/legal-encyclopedia/the-tcpa-protection-against-robo-calls-prerecorded-calls.html.

FindLaw.
"CAN-SPAM Act and Telephone Marketing Laws." FindLaw. Accessed November 6, 2024. https://www.findlaw.com/consumer/consumer-transactions/telephone-marketing-laws.html.

Pennsylvania Office of Attorney General.
"Telemarketing in Pennsylvania: Requirements and Do Not Call Compliance." Office of Attorney General. Accessed November 6, 2024. https://www.attorneygeneral.gov/protect-yourself/consumer-advisories/telemarketing-information-you-need-to-know/.

California Office of the Attorney General.
"California Consumer Privacy Act (CCPA) Compliance Requirements." OAG.ca.gov. Accessed November 6, 2024. https://oag.ca.gov/privacy/ccpa.

Texas Office of the Attorney General.
"Texas Telemarketing Laws and Consumer Protection." Texas Attorney General. Accessed November 6, 2024. https://www.texasattorneygeneral.gov/.

West Virginia Consumer Credit and Protection Act.
"West Virginia Telemarketing Laws and Consumer Rights." West Virginia State Legislature. Accessed November 6, 2024. https://www.wvlegislature.gov/.