- Background ---
- Protecting Your Own Interests
- P2P vs P2A Messaging
- Complying with CTIA/TCPA Guidelines--
Disclaimer: The following article is only provided as a general overview. It may not necessarily include or be up to date with all the related requirements or apply to all situations. It is also not intended as legal advice. We recommend you do additional reading and carefully review the CTIA guidelines on this page. The text of the TCPA is available as a PDF here.
Background
The CTIA Guidelines
The Cellular Telecommunications Industry Association (CTIA) is a trade association that represents and advocates the U.S. wireless communications industry at federal, state, and local levels and also aims to improve the overall experience of cellular users.
It has published and updated a d messaging principles and best practices to help reduce spam, with an emphasis on implementing hassle-free and clear methods for consumers to stop receiving unsolicited messages.
The TCPA Law
There is also the consideration of the Telephone Consumer Protection Act (TCPA) which established rules for the way businesses can connect with consumers. It was created by the FCC in 1991 with the initial intention of dealing with the excessive amount of telemarketing calls that were bothering consumers around that period. In 2012 it was updated to include text messaging and SMS marketing compliance.
The TCPA and CTIA are similar in terms of how you should communicate with consumers by SMS. However, while the CTIA only offers guidelines, the TCPA actually provides a legal framework for consumers to act against offenders and sue for damages starting at $500 (and up to $1500) per violation (meaning per SMS message)!
Protecting Your Own Interests
Even if your products and services and completely legitimate, not following the CTIA guidelines may irritate the recipients of unwanted messages and potentially harm your business image.
It may also cost you money since, as mentioned above, under the TCPA consumers are entitled to sue you for damages.
You should be aware that Telebroad's SMS/MMS Messaging Terms Of Service come with certain restrictions that you need to follow to avoid fines and penalties and not have your service limited, suspended, or even completely terminated.
Furthermore, a mobile carrier of a number where a message of yours has been delivered may also have additional regulations in this regard and may impose additional fees and fines.
P2P vs P2A messaging
The CTIA guidelines are based on the distinction between two types of messaging communication:
P2P (Person-to-person) – messages that are sent/exchanged from one consumer/user to another consumer/user and are generally not applicable to their offered guidelines.
(A2P) application/agent-to-person (A2P) – messages that are sent to consumers by businesses and organizations of any size either directly or by their agents. The meaning of the phrase comes from the fact that most of this type of communication traffic utilizes automation and applications to carry out a large volume of messaging to recipients.
The CTIA guidelines apply to any A2P communication between your business/organization and consumers.
Complying with CTIA/TCPA Guidelines
We have summarised the main points of the CTIA recommendations below, but you should always refer to the CTIA website for updates, changes, and additional information. The full text of the guidelines is available as a PDF on the linked page.
Generally speaking, you need to make it transparent and clear to consumers that they are signing up to receive SMS messages from you. You also need to make it easy and quick for them to opt out of continuing to receive SMS messages.
Express and Clear Written Consent
Whenever and wherever consumers provide you with their mobile phone numbers, you have to obtain express written consent that makes it clear they agree to receive informative or marketing SMS messages from your business or organization.
The text of the consent doesn't necessarily need to be lengthy. You should prioritize clarity and inform the consumers about what messages they will get from you and the expected frequency they will receive those messages.
Keep a record or proof of any consent you obtain.
You need to ensure the consent is clear, easy to understand, and stands out or completely separate from any other information or terms you provide the consumer with!
How to Obtain a Consent?
There are different ways to obtain consent. It can take place on your website or social media page, a link on a landing page, a physical point of sale, or when a consumer sends you an SMS with an opt-in keyword. The mechanism doesn't need to be complicated and it's fine to ask a consumer to simply click an opt-in link. But you must always include the text of express consent.
If a consumer reaches out to you during a support or sales call, you can verbally ask for their number but the consent itself still needs to be obtained in a written form, usually by following up the call with a single SMS message inviting the consumer to opt-in.
Limitations of the Express Consent
The express consent you obtain only applies to the specific purpose it was obtained for. This means you cannot sell or transfer the consent to any other entity. And you also cannot use it to send messages that are not related to the company/organization/product/services mentioned when the consent was obtained.
Furthermore, you cannot get a consumer's consent by buying or renting opt-in lists. You must obtain consent directly from the consumer.
Consent for other communication methods (emailing, calling, etc.) does not apply to SMS messaging. You still need to obtain separate consent to send SMS messages even if the consumer agreed to receive other communication and provided their phone number to you.
If a consumer has agreed to receive messages for a specific campaign or duration you must stop sending messages with regard to the relevant expiration without waiting for the consumer to opt out.
Make it Easy to Opt Out
Include a clear and free opt-out/unsubscribe option in every message you send. This is usually implemented by informing the consumer to reply or message a certain word (like "STOP" or "UNSUBSCRIBE") or by clicking a link in the message.
You should have a system that accounts for errors and typos in opt-out requests sent to you as SMS and also takes into account requests received by other channels – email, calling your customer service line, your chat platform, etc.
Honor opt-out requests promptly and send an opt-out confirmation. Avoid sending any further messages until the consumer voluntarily opts back in.
Quiet hours
Avoid sending messages during quiet hours —generally 9 pm to 8 am but in some states starting at 8 pm or ending at 9 am— in the recipients time zone.
Since mobile devices allow consumers to easily move between time zones, you should consider avoiding sending messages between 8 pm-11 am EST which will cover the continental USA and some parts of Canada. If you have a broader client base, outside these time zones, you can create a separate messaging schedule for additional time zones.
State Specific Compliance
As mentioned in regard to quiet hours, some states have or will introduce additional compliance requirements. To date, there are two notable states to consider – Florida and California. These requirements apply if you have clients in these states, but it's probably a good idea to consider implementing them regardless.
Florida’s Mini-TCPA
The Florida Mini-TCPA has two main requirements:
- Avoid messaging a consumer more than 3 times within a 24 hours period.
- Always identify your business or organization and do not block or hide your phone number.
California’s CCPA
The California Consumer Privacy Act (CCPA) is not about how you contact consumers, but rather about what you do with the information you collect about them (in our case, presumably after they opt-in to an SMS campaign).
To comply you need to inform consumers about what personal data is collected, how it is used, and whether or not it is being shared or sold to other parties. You also need to allow them access to their personal data and you are obligated to delete it upon their request. It is also prohibited from discriminating against anyone in regard to these privacy rights.
The CCPA and TCPA have an interesting conflict, because if a consumer asks you to delete their information then technically you cannot keep a record of their opt-in consent. To address this you would need to give consumers an opt-out option from having their data sold or shared with anyone by adding a clear privacy link on your website titled “Do Not Sell My Information".