TCPA compliance for modern outbound calling, the operator's checklist

The law in one paragraph

The Telephone Consumer Protection Act of 1991, as updated, governs how businesses can call and text consumers in the United States. The short version that operators need to internalise. If you use an automatic telephone dialing system or an artificial or prerecorded voice to call a mobile number, you need the called party's prior express written consent, except in narrow emergency or non-marketing relationship circumstances. Texts are treated as calls. Consent must be unambiguous, specific to your business, and recorded. The penalty is statutory damages of $500 to $1,500 per call. Class actions are easy to file and expensive to settle.

Everything below is how you operationalise that paragraph.

Consent that holds up to scrutiny

The single biggest mistake we see is consent that the operator believes is sufficient and a court would not. Three rules.

One. Consent must be a separate, affirmative action. A pre-checked checkbox is not consent. A consent buried in a terms-of-service blob is not consent. A consent that says "by submitting this form you agree to receive calls" without an explicit checkbox the user must tick is not consent.

Two. Consent language must name your business and the technology used. The phrase that has held up well in practice is something close to this. "I authorize [Business Name], its affiliates, and their service providers to contact me at the phone number provided, including by automated technology and prerecorded messages, for the purpose of [specific purpose]. Consent is not a condition of any purchase. Message and data rates may apply. I can revoke consent at any time by replying STOP or contacting [email or address]."

Three. Consent must be receipt-stamped. The record you keep must show the exact language, the timestamp, the source URL, and any contextual data your platform captured. The day a regulator asks, you produce that record without searching.

The consent receipt schema we use

At Dina Holdings every contact form ships with a consent receipt that we store independently of the lead record. The schema is straightforward.

• timestamp_utc in ISO 8601 format
• source_url the exact page the consent was given on
• consent_text the literal language the user read
• consent_version a hash of the language at submission time
• channels an array of channels consented to, such as email, phone, sms
• ip_context hashed origin context for fraud and dispute review
• user_agent the browser the consent was submitted from

This is not optional infrastructure. It is the single most defensible artifact in a dispute.

The list discipline that keeps you out of trouble

Consent gets you in the door. List discipline keeps you there.

Maintain an internal do-not-call list keyed by phone number. Anyone who opts out goes on it within ten business days, by federal rule, and we treat ten business days as the worst-case latency, not the target. Our target is the next call cycle, usually within the hour.

Scrub against the National Do Not Call Registry on a recurring schedule. Subscription is mandatory for most outbound programs, and the registry rules apply even when you have consent for a different purpose, unless the consent specifically overrides for the purpose of the call.

Honor state-level lists where applicable. Some states maintain their own registries with stricter rules.

Train every caller to identify themselves and the business on every call, before the pitch. This is a basic identification rule that is enforced under TCPA and several state laws.

Calling windows

You may not place telemarketing calls before 8:00 AM or after 9:00 PM in the recipient's local time. State law sometimes tightens these windows. We default to 9:00 AM to 6:00 PM in the recipient's local time as an operating policy, not because the law demands it, but because the calls made at the edges of the window perform worse and complain more.

The dialer technology choices that matter

Predictive dialers are subject to abandonment rate caps. If your dialer connects to an agent and the recipient picks up but no agent is available within two seconds, that is an abandoned call. The FCC and FTC both cap abandonment rate at three percent. Most modern platforms enforce this for you, but you are still on the hook if a configuration mistake breaks the cap.

Caller ID must accurately identify the originator. Calling under a misleading or rotating caller ID is unlawful and will also get you blocked by major carriers within days.

Branded calling registration is an underrated investment. When carriers display your business name on the recipient's screen, answer rates rise and complaint rates fall. Enroll through the major carrier registries and keep your registration current.

How we translate this into product

Every Dina Holdings form ships with three consent checkboxes by default, none pre-checked. Privacy, phone and text, and optional marketing. The phone and text checkbox is only required if a phone number was entered. The exact consent language is stored as a versioned artifact, and every submission generates a consent receipt that is independent of the CRM record. When an agent dials a number, the platform shows the consent record on the screen.

This is how compliance becomes architecture, not a manual checklist. The operator does not have to remember the rule. The product enforces it.

Consent is a system, not a checkbox.

What to do if you have already started outbound without this discipline

Stop the program. Audit every record on the call list. Re-consent every record before you call it again. Document the audit. The cost of stopping for two weeks is dramatically smaller than the cost of a class action that pulls fifty thousand records into discovery.

The reading list we point new operators to

The text of the TCPA, the FCC Consumer and Governmental Affairs Bureau guidance, the FTC Telemarketing Sales Rule, the relevant state attorney general advisories, and one good plaintiff-side blog so you see how the other side reads ambiguity. We update the internal reading list quarterly.

This essay is operator commentary, not legal advice. Consult counsel before launching any outbound program. Dina Holdings runs outbound calling enablement engagements through the service line documented on the services page.