Last week, companies engaged in debt collection were not-so-gently reminded that making calls using an automated dialer to any number other than the one provided by the consumer is incredibly risky—and in Rash Curtis & Associates’ case, a $267 million risk.

Calls made to phone numbers with the consumer’s prior express consent are not prohibited by the TCPA. The FCC and courts have long considered phone numbers provided by consumers in a transaction (such as opening a credit card account) as “in bounds,” reasoning that consumers implicitly give consent to be reached on those telephone numbers in connection with the transaction or account. However, this does not extend to phone numbers obtained through other means, including “skip tracing,” commonly used by third-party collectors and debt buyers who often touch the accounts after many months or even years after the original transaction.

Following a May jury verdict in favor of the plaintiffs in a class action brought against a debt collection firm, a judge last week entered a judgment against the firm for $267 million ($500 per illegal call made).

I’ll leave it to my colleagues Dan Blynn and Stephen Freeland to opine on the TCPA and class action implications here, but as someone who advises debt collectors on regulatory issues, this case is a stark reminder that trying to get a hold of hard-to-reach consumers continues to be fraught with risk because of the multi-layered regulatory and statutory schemes governing debt collection. It also is a cautionary tale of how the use of technology to optimize collections must be carefully analyzed for first, second, and third order effects. And while the CFPB’s upcoming rulemaking, which is seven years in the making, should modernize the Fair Debt Collection Practices Act and provide some clarity on consumer contact, it will not supersede conflicting state laws and certainly will not address the 800-pound gorilla in the room, the TCPA. For that, we continue to look to the FCC with our fingers crossed.