As we have previously discussed, the Federal Communications Commission (the “FCC”) recently issued a Declaratory Ruling (“Declaratory Ruling”) that, among other things, likely exposes companies to even greater liability under the Telephone Consumer Protection Act (the “TCPA”).

The TCPA regulates communications, from companies to their consumers, that utilize an automatic telephone dialing system (“ATDS”).  Under the TCPA, before contacting a consumer via an ATDS, a company must obtain prior express consent.  (If the communication is for “telemarketing” purposes, the company must obtain this prior consent in writing.)  TCPA lawsuits have been brought not only against predictable defendants, such as telemarketing firms and debt collectors, but also against social networking companies, sports franchises, schools and universities, pharmaceutical companies, travel and entertainment companies, retailers, and online service providers.  Companies that outsource their telemarketing services to third-party vendors, it is important to note, are not immune from TCPA liability and, in fact, may be held directly liable for their vendors’ TCPA violations.  Faced with the prospect of staggering, uncapped statutory damage liability, companies have routinely settled TCPA class actions for tens of millions of dollars.

Even in single-plaintiff cases, damages under the TCPA can accumulate in a hurry.  In a recently decided case, a U.S. District Court granted partial summary judgment in favor of a TCPA plaintiff, awarding her $229,500 in damages.  Beyond the high damages figure, the case raises concern for companies that utilize ATDS because it demonstrates the breadth of TCPA liability.  In this case, Plaintiff alleged that Defendant made over 163 automated or prerecorded calls to her mobile phone without her consent.  Defendant moved to stay trial, arguing that the Court should await interpretive guidance from the FCC on the definition of “called party” under the TCPA.  This definition is significant, Defendant argued, because, although it ultimately called Plaintiff, it had intended to call the previous owner of Plaintiff’s number – a customer who had consented to receive calls regarding his past due account balance.  The Court denied Defendant’s motion, holding that “called party” unequivocally refers to the party actually called.  Defendant’s intent, the Court held, was only relevant on the issue of willfulness.

The Court also rejected Defendant’s argument that the system it used to call Plaintiff was not an ATDS because it did not generate numbers to dial at random or in sequence, but instead made a list of customers that met certain criteria – in this instance, customers who were behind on their bills – and dialed them.  Whether Defendant’s system actually dialed Plaintiff’s number randomly, however, the Court found, was irrelevant.  Because the system had the capacity to dial numbers at random, it was an ATDS.  Period.

Defendant’s next argument – that it was only liable for the 70 calls it made that were connected – was likewise unavailing.  Defendant, the Court held, “violated the statute each time it placed a call using its ATDS without consent, regardless of whether the call was answered by a person, a machine, or not at all.”

Although it resulted in only a nominal victory for Defendant, the Court drew an important distinction in the area of consent.  Between July 3 and October 3, 2013, Defendant placed 10 calls to Plaintiff via its ATDS.  Plaintiff was not the intended recipient of these calls – the prior owner of Plaintiff’s number was.  Following the tenth call, Plaintiff informed Defendant that she had assumed ownership of the number previously held by the customer that Defendant was attempting to reach, and asked Defendant to stop calling her.  Defendant did not do so, but instead called Plaintiff an additional 153 times.  The Court found that the first 10 calls – those preceding Plaintiff’s request that Defendant cease calling her – were covered by the broad consent given to Defendant under its Service Agreement (“We may call you . . . for any purpose . . .”), and thus were not violative of the TCPA.   Once Plaintiff requested that Defendant stop calling her, however, she effectively revoked her consent, and all calls thereafter violated the TCPA.  The Court held that Defendant’s violation of the TCPA was knowing and willful because it had ignored Plaintiff’s request that it cease calling her.  The Court thus awarded Plaintiff treble damages.

Had the Court issued its decision after the Declaratory Ruling was released, it likely would have tagged Defendant with an additional nine TCPA violations.  To encourage businesses to institute new and/or better safeguards against calling reassigned numbers, the Declaratory Ruling limits companies to one call following reassignment before liability begins to accrue.  To avail itself of even this narrow safe haven, a company must have a reasonable basis for believing that its one call was consented to.

In sum, the Declaratory Ruling has opened the door to even greater liability under the TCPA.  Additionally, as we covered back in May, the U.S. Supreme Court will soon decide the fate of a valuable strategy to limit TCPA liability – offers of judgment under Rule 68 of the Federal Rules of Civil Procedure.  If the Court rules that TCPA defendants may no longer utilize this tool, the settlement leverage of TCPA plaintiffs will be dramatically enhanced, and the plaintiff’s bar will be emboldened in its search for TCPA plaintiffs.  In light of the present breadth of liability under the TPCA, and the possibility that it may soon become even more expansive, companies should strongly consider the following preventative measures, among others:

  1. Review the policies and practices of third party vendors to ensure that they are not sending communications violative of the TCPA;
  2. Either obtain written consent for all ATDS communications, or be sure to carefully delineate between telemarketing and non-telemarketing campaigns, obtaining written consent prior to sending any ATDS communication in connection with the former;
  3. Utilize consent forms that are conspicuous and easily understood, thereby mitigating the risk that the form will be deemed invalid;
  4. Maintain all consent records for at least four years (the statute of limitations period for TCPA claims);
  5. Assess the efficacy of current safeguards against calling reassigned numbers and, if necessary, improve or replace those safeguards; and
  6. Provide consumers user-friendly mechanisms– such as texting “STOP” or “UNSUBSCRIBE” – to opt-out of receiving TCPA-covered communications.

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jason C. Gavejian Jason C. Gavejian

Jason C. Gavejian is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and co-leader of the firm’s Privacy, Data and Cybersecurity practice group. Jason is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jason C. Gavejian is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and co-leader of the firm’s Privacy, Data and Cybersecurity practice group. Jason is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Workplace Privacy, Data Management & Security Report blog.

Jason’s work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Jason represents companies with respect to inquiries from the HHS/OCR, state attorneys general, and other agencies alleging wrongful disclosure of personal/protected information. He negotiates vendor agreements and other data privacy and security agreements, including business associate agreements. His work in the area of privacy and data security includes counseling and coaching clients through the process of investigating and responding to breaches of the personally identifiable information (PII) or protected health information (PHI) they maintain about consumers, customers, employees, patients, and others, while also assisting clients in implementing policies, practices, and procedures to prevent future data incidents.

Jason represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination, and wage and hour claims in both federal and state courts. He regularly appears before administrative agencies, including the Equal Employment Opportunity Commission (EEOC), the Office for Civil Rights (OCR), the New Jersey Division of Civil Rights, and the New Jersey Department of Labor. Jason’s practice also focuses on advising/counseling employers regarding daily workplace issues.

Jason’s litigation experience, coupled with his privacy practice, provides him with a unique view of many workplace issues and the impact privacy, data security, and social media may play in actual or threatened lawsuits.

Jason regularly provides training to both executives and employees and regularly speaks on current privacy, data security, monitoring, recording, BYOD/COPE, biometrics (BIPA), social media, TCPA, and information management issues. His views on these topics have been discussed in multiple publications, including the Washington Post, Chicago Tribune, San Francisco Chronicle (SFGATE), National Law Review, Bloomberg BNA, Inc.com, @Law Magazine, Risk and Insurance Magazine, LXBN TV, Business Insurance Magazine, and HR.BLR.com.

Jason is the co-leader of Jackson Lewis’ Hispanic Attorney resource group, a group committed to increasing the firm’s visibility among Hispanic-American and other minority attorneys, as well as mentoring the firm’s attorneys to assist in their training and development. He also previously served on the National Leadership Committee of the Hispanic National Bar Association (HNBA) and regularly volunteers his time for pro bono matters.

Prior to joining Jackson Lewis, Jason served as a judicial law clerk for the Honorable Richard J. Donohue on the Superior Court of New Jersey, Bergen County.