Panic not necessary for compliant SMS messaging programs
October 11, 2013
Target text asking for re-opt-in as part of new TCPA rule
Have you received one these text messages lately from a short code program?
"BRAND: Still want to get our alerts? New law requires you to reply "YES" to stay on this list.
Txts r autodial. Not required for purchase. New law takes effect 10/16 so don't delay! Msg&Data rates may apply."
Why are we getting these messages?
While the CAN-SPAM Act of 2003 authorizes the Federal Communications Commission (FCC) to consider mobile messages when developing guidelines, the FCC has taken the position that text messages sent by automated broadcast systems are "automated calls" and are therefore best covered under the Telephone Consumer Protection Act (TCPA) of 1991.
On Feb. 15, 2012 the FCC amended the the Telephone Consumer Protection Act (TCPA) of 1991 to remove any ambiguity surrounding consent requirements for SMS and MMS messaging.
These changes are finally going into effect 20 months later this week on Oct. 16, and are creating a flurry of last-minute messaging campaigns aimed at existing subscribers who may have already given prior affirmative consent.
So what about TCPA has changed?
Simply put, TCPA now makes it mandatory for businesses to receive “prior express written consent” before auto-dialing or texting consumers.
Assuming everyone already understands that the Electronic Signatures in Global and National Commerce Act (ESIGN) makes electronic signatures and records just as good as their paper equivalents, the noteworthy changes are:
1. New requirement for prior express written consent to deliver a prerecorded marketing message to a residential landline, which is now consistent with the Federal Trade Commission’s existing rules on residential telemarketing.
2. “Prior express written consent” will require (1) a clear and conspicuous disclosure that by providing consent, the consumer will receive auto-dialed or prerecorded calls or texts on behalf of a specific seller; and (2) a clear and unambiguous acknowledgment that, having been informed about the consequences of consent, the consumer agrees to receive such calls at the mobile number provided.
3. The consumer’s consent to receive calls cannot be required as a condition of allowing the consumer to make a purchase of any good or service.
4. The caller (content provider for SMS) will bear the burden of establishing, by clear and convincing evidence, that prior express written consent was obtained.
5. No “grandfathering” provision for implied consent i.e. just because you have a business relationship or have been messaging a consumer before Oct. 16, companies will need prior express written consent to send texts or make prerecorded calls.
So what is the controversy?
The FCC’s language raises two important questions.
While anyone with a certified short code knows that handset-initiated opt-in and Web-initiated double opt-in have always been a fundamental tenant of the industry’s self-regulatory framework, the FCC does not say how their new rules apply to content providers who already adhere to these long-standing practices.
In other words, there is a small minority of marketers that is interpreting the new rules to imply everyone must start over and re-opt-in everyone in their database, essentially wiping out years of investment in Mobile Marketing Association (MMA) and CTIA:The Wireless Association (CTIA) compliant, consumer-centric, best-practice marketing.
So who in the world would destroy their database?
First, there are many companies that have played fast and loose with the CTIA's self-regulatory framework.
Just ask Aegis Mobile or WMC Global, the CTIA's and wireless carrier agent auditors who proactively search for non-compliant calls to action (CTAs) in marketing channels and who have issued thousands of audit violations on behalf of the wireless carriers.
Every brand and content provider should stop now and thank the CTIA, the auditors, their partner aggregators and their application providers for forcing them to include all of those descriptive, upfront disclosures next to their phone number collection fields and mobile T&Cs.
Brands should be equally upset with all those application providers who let them build subscriber lists with Web forms or sign-up sheets that did not follow (enforced) industry standards.
By failing to comply with self-regulation, some brands did not take advantage of the immediate verified/double opt-in processes prescribed by the CTIA.
Some did not authenticate their subscribers using the handset - which satisfies ESIGN - or make it clear to recipients for what they were signing up.
But even the most compliant programs run by the most compliant marketing departments can still be prone to panic-induced myopia. And some organizations with ultra-conservative general counsels would rather be safe than self-audit or worry about how good of a job their marketing team did in following existing industry standards.
If you are compliant with the CTIA, you are compliant with TCPA
The CTIA's self-regulatory schema has evolved steadily over the past seven years. It began with the 2003 MMA Consumer Best Practices, the MMA Code of Conduct, and is currently administered by the CTIA under a consolidated Common Shortcode Monitoring Compliance Playbook.
Those of us that have followed these rules know that this gold standard already goes far above and beyond even the new TCPA rules.
Are you compliant with CTIA Playbook?
While wiping out your database and starting over is not an admission of guilt. There are a few questions to ask yourself before you panic and attempt to emulate what brands such as Target and Sonic have done.
1. Was the call to action in our advertising clear to the consumer and compliant with MMA and CTA guidelines?
2. Was the opt-in confirmation message we sent new subscribers compliant with MMA and CTA guidelines?
3. Is our current messaging content still related to the original program the subscriber opted in to?
4. Do we include "Reply STOP to opt-out" at the end of our messaging campaigns?
5. If we used a webform for opt-in, did we provide an empty check box with a link to our Mobile T&C's?
6. If we used a webform for opt-in, did we immediately send a double-opt in confirmation request to verify the handset?
7. If we used a webform for opt-in, did we receive the handset verification as a PIN number or "YES"?
8. Do we still have all single or double opt-in confirmation message on file with a time-stamp?
Questions that the CTIA and the FCC should clarify
Are we certain that the way the new TCPA rules are written, that these disclosures would even make sense to consumers opting in to an SMS messaging program?
Are we certain that the FCC intended for its new conditions to be disclosures and not merely rules of the road?
There is a current petition on its way to the FCC seeking clarification on these and other questions. And we believe the FCC will respond similarly to their Nov. 30 statement that clarified that MMA-prescribed confirmation messages were not in violation of the TCPA.
According to FCC Commissioner Ajit Pai, “Hopefully, by making clear that the Act does not prohibit confirmation texts, we will end the litigation that has punished some companies for doing the right thing, as well as the threat of litigation that has deterred others from adopting a sound marketing practice.”
THOSE WHO HAVE refused or neglected to follow the CTIA's self-regulatory framework in the first place have always been at risk of lawsuits.
We totally concede that these programs would absolutely need to reconfirm their subscribers and update their disclosures and terms moving forward. What nobody should concede is that this somehow invalidates other, valid consent agreements.
This is the problem with the rash, new best practices that some third-party attorneys and self-appointed interpreters of TCPA have recently prescribed. They are rooted in the cost-analysis of litigation.
Frivolous lawsuits are going to happen whether you destroy your database and start over or not. But best practices are not written or followed to prevent lawsuits. They are written and followed to protect consumers, provide a high standard of care, and provide companies the tools to defend their business practices and ultimately win lawsuits.
Tim Miller is president of Sumotext, Little Rock, AR. Reach him at .
Tim Miller is president of Sumotext