Over the past couple of months, we have been waving the caution flag in the air while attempting to warn businesses about the potential liability for violations under the TCPA. In our previous posts, we noted the numerous consumer lawsuits that have been filed against businesses throughout the country, a list which continues to grow on a weekly basis (see our TCPA Update for more recent filings). On May 19, 2014, the Federal Communications Commission (“FCC”) announced a record $7.5 million fine against Sprint Corp. (“Sprint”) in a settlement for violations of the “Do-Not-Call” law, which should send a clear message to telemarketers that class actions are not the only threat to a telemarketer’s bottom line. Indeed, the FCC’s statement on the settlement explicitly states:
We expect companies to respect the privacy of consumers who have opted out of marketing calls. When a consumer tells a company to stop calling or texting with promotional pitches, that request must be honored. Today’s settlement leaves no question that protecting consumer privacy is a top enforcement priority.
First, a brief refresher of the “Do-Not-Call” law’s history and basic statutory framework may be helpful. Under 15 U.S.C. § 6151, the “Do-Not-Call Registry Act of 2003” went into effect in 2003, establishing a national registry for consumers to opt out of telemarketing calls for free. The statute formally ratified the FTC’s do-not-call registry provision of the Telemarketing Sales Rule, 16 C.F.R. § 310.4(b)(1)(iii). The “Do-Not-Call Implementation Act of 2003,” 15 U.S.C. § 6152 et seq. authorized the FCC to issue do-not-call regulations under the Telephone Consumer Protection Act (“TCPA”), 47 U.S.C. § 227 et seq. As a result, in June 2003, the FCC supplemented its TCPA rules to also include a national Do-Not-Call list. As a result, businesses must comply with both FCC and FTC regulations when making telemarketing calls. Note that the FCC Guide on Unwanted Marketing Calls indicates the law applies only to personal landline and wireless phones—not business phones. The “Do-Not-Call” law also exempts calls made with express prior written consent, calls made by nonprofit organizations, or calls from a person or organization with an established business relationship.
So why exactly did the FCC negotiate its largest fine ever for a “Do-Not-Call” violation against Sprint? The consent agreement states that the FCC had also settled with Sprint in 2011 for consumer complaints that the company had made telemarketing calls to consumers who had requested to be placed on the company’s internal do-not-call list. Under 47 C.F.R. § 64.1200(d), this list is separate from the national registry, as the FCC also requires an entity making telephone solicitations to maintain a record of direct requests from the consumer to not receive future telemarketing calls for five years. The 2011 settlement required Sprint to pay $400,000 to the U.S. Treasury and report any noncompliance with the consent decree for two years. On March 2, 2012, Sprint disclosed that it had “discovered additional issues that resulted in possible violations of the Rules.” These violations were said to be the result of “various issues involving human error and technical malfunctions with respect to Sprint’s or its vendor’s DNC processes.” Most of these “additional issues” had occurred before the issuance of the 2011 consent decree, but Sprint claims that it did not know about them at the time. Other issues involved unrecorded do-not-call preferences for requests not to receive SMS messages.
Despite Sprint’s assertion it was undertaking “significant steps to improve oversight” of its do-not-call databases and its assertion that it had “conducted a thorough, top-to-bottom evaluation of its DNC data management systems,” the FCC obtained a fine of $7.5 million. Further, the settlement requires Sprint to put into place within 60 days a robust plan to help ensure future compliance and requires Sprint to develop a compliance manual and training program within 90 days to distribute to all compliance personnel. Finally, Sprint must submit compliance reports 90 days, 12 months, and 24 months after the effective date.
Although we have no glimpse into the settlement negotiations, it seems likely that the large fine was the result of a second violation of the TCPA. The FCC may have chosen to come down hard on what it considered to be a repeat offender. Regardless, the large settlement shows that the FCC is not making idle threats in identifying consumer privacy as a top enforcement policy. Now, businesses have 7.5 million reasons to remember to carefully honor requests by consumers to opt out of phone and text marketing communications.