In our recent webinar “Call if you get lost: A roadmap to interstate TCPA navigation”, our Director of Privacy, Security, and Compliance, Benjamin Farrar, and our Director of Professional Services, Michael Peronto, got the chance to sit down with Aaron Weiss, lawyer and shareholder at Carlton Fields, to explore the nuances of state-specific Telephone Consumer Protection Act (TCPA) requirements.

State telemarketing regulations differ significantly from federal regulations, underscoring the perpetual challenge businesses face: Understanding and complying with these frequently updated rules.

Some examples of state-specific regulations

Aaron opened the discussion with a deep dive into some state-specific communication requirements.


As Aaron explains, in Florida there is something called the Florida Telephone Solicitation Act, which has been in place for many years. However, it was revised a few years ago to include a private right of action and to alter the definition of an auto dialer.

Recently, the regulations have been slightly relaxed, introducing a safer harbor provision. Despite these changes, Florida remains a state where extra caution is advised when making outbound marketing calls.


Oklahoma, unlike Florida, has not amended its laws. When both Florida and Oklahoma passed their laws a few years ago, Florida eventually scaled back its regulations after facing thousands of lawsuits, leading to an amendment. Oklahoma, however, maintains a law similar to Florida’s original, including a private cause of action, and it remains unchanged.

Although Oklahoma isn’t as large and may not have the same concentration of consumer protection lawyers, it’s still a state to be cautious about, as Aaron advises.


Recently, within the past few weeks, Maine, which does not offer a private right of action, introduced a new requirement. Maine now mandates that numbers be checked against the reassigned numbers database. According to Aaron, this is the first state known to implement such a specific regulation. Under Maine law, failing to verify numbers against this database now constitutes a violation.

Ultimately, you might be aware of the TCPA and the complexities it involves – which is great – but it’s crucial to remember that there are 50 different states, each with its own laws targeting outbound calling. When referring to outbound calling, it’s important to note that most of these state laws also cover texting, though not all do.

Differences between federal and state regulations

As Aaron says, “the good news is there isn’t too much that’s too different.” However, here are the main differences you should know between the federal and state TCPA requirements and some best practices to help you manage them effectively.

Call time restrictions

Call time restrictions are crucial, especially since many states have specific regulations on permissible calling hours, separate from the TCPA’s guidelines.

Roughly half the states have their own rules regarding calling times and holidays. If you’re making outbound calls, whether for debt collection or marketing, using a Client Relationship Management (CRM) system to manage these restrictions is essential. 

Manually tracking the varying state-specific restrictions is impractical. If you’re only calling within your state, local calls might seem straightforward. However, if your calls span multiple states, it’s vital to ensure your CRM adjusts for these differences in time and holiday restrictions across states.

For example, as Aaron says, “I didn’t know until I was preparing for this call that you can’t call people in Louisiana on Acadian Day.”

You might want to be extra careful about this especially because, as Michael points out, many CRMs lack the functionality to adjust the settings for permissible calling times to the state level, offering just a single setting. Consequently, users might unknowingly be non-compliant with state laws.

Here’s a warning from Aaron regarding time-of-day restrictions: If you’re sending bulk text messages close to the end of the allowed time, such as at 8:50 p.m. in a state like Minnesota with a 9 p.m. cutoff, and you’re not opting for high throughput services, there’s a significant risk. For example, if you send out 200,000 text messages at that time – all to consented, quality leads – without high throughput, many of these messages may not be delivered until after the cutoff time. This is a major compliance risk to be aware of when scheduling bulk communications.

Do Not Call (DNC) lists

As Aaron explains, there are 11 states with their own DNC lists: Colorado, Florida, Indiana, Louisiana, Massachusetts, Missouri, Oklahoma, Pennsylvania, Texas, Tennessee, and Wyoming. 

Managing compliance can be tricky, especially if you’re already subscribing to the national DNC list and checking numbers against the federal reassigned numbers database. The challenge arises because these 11 states require separate registration for their lists, and consumers might register their numbers on a state list but not on the national list.

Additionally, a significant legal question often arises regarding whether the federal DNC list applies to cell phones. The law specifies residential lines, and while the FCC assumes this includes cell phones used primarily for residential purposes, this isn’t uniformly accepted across all states. 

Therefore, if you’re involved in a class action lawsuit related to a state DNC list, you might not have access to the same defenses that are typically used in national cases, as Aaron explains.

Recorded calls

According to Aaron, this issue is crucial and revolves around what is known as one-party versus two-party consent. Essentially, the rules for recording phone conversations differ based on whether the state requires one-party or two-party consent.

In a one-party consent state, only one person involved in the call needs to agree to the recording, which could be either the person making or receiving the call. For example, New York is a one-party consent state, where you’re not obligated to inform the other party that the call is being recorded.

Conversely, states like Florida require two-party consent, meaning both parties must agree to the recording, often at the start of the conversation, which can be particularly awkward for incoming calls. The complexity increases as the requirement may depend on the location of the call’s origin, such as where the call center is based, or the location of the person on the other end of the line.

Therefore, unless you are certain that both the originating and receiving locations are within one-party consent jurisdictions, it’s generally safer to implement a policy that secures consent to record right at the beginning of the call, as Aaron advises.

To this regard, Micheal offers a tip.

General red flags to look out for

Aaron then focuses the attention on some general “red flags,” as he calls them, that you should look out for when conducting outbound marketing communications.

Call transfers

A potential issue to watch out for is call transfers. You may have addressed the recording policies for inbound and outbound calls, but transfers can complicate matters, as Aaron warns.

Often, an inbound call might start in one department where calls aren’t recorded and then get transferred to another department that automatically records all calls.

For example, imagine a call initially directed to customer service, which doesn’t record calls, gets transferred to the collections department, which does. If the customer service representative transfers the call to collections, which then automatically records, this can lead to compliance issues. This is because – as Aaron explains – the transfer should be treated as a new inbound call, requiring fresh consent for recording, something that many might overlook.

Call data storage

As Aaron explains, recent amendments to the Telemarketing Sales Rule (TSR), which took effect just a little over a month ago, have introduced more stringent storage requirements.

The key change is that the responsibility for storing consent now falls squarely on the caller. Previously, if someone challenged a call, claiming it was made without consent, typically through a demand letter, the caller would then coordinate with their vendor to locate the consent. Under the new regulations, however, it is mandatory for the outbound caller to have consent already securely stored and readily accessible.

Gain and store proof of consent with TrustedForm

TrustedForm provides independent proof of consent, which can help in reducing the risk of TCPA litigation.

First, you can use TrustedForm Certify to create a record of consent and review a session replay to see precisely when and where the consent to contact was given on the lead form. Then, you can use TrustedForm Retain to store this proof of consent for five years, making it available whenever you need it.

Begin certifying leads with TrustedForm today! It’s straightforward. Simply:

TrustedForm will immediately begin documenting lead consent! Watch this short video to see how TrustedForm works.

Keep your consent disclosures up-to-date with TrustedForm Verify

TrustedForm Verify allows you to monitor and manage your TCPA consent language disclosures in real time.

This tool enables you to detect and sort different consent variations across your partners or lead buyers, and it automatically updates the disclosure language when a new lead comes in.

When you create a consent record using TrustedForm Certify, TrustedForm Verify allows you to swiftly approve or reject the disclosures. This means if the disclosures from a new lead don’t match your criteria, you can actively review and adjust them as needed.

Filter and enhance incoming leads with LeadConduit

ActiveProspect also offers another tool, called LeadConduit, which helps you automatically enhance and filter leads in real time to deliver the highest-quality prospects to your CRM or lead buyer.

Here’s how it works: After the consumer has submitted the form and you’ve captured the proof of consent via TrustedForm, the lead data is transferred to LeadConduit, which performs additional checks through real-time integrations and add-ons.

You can conduct a fraud check to verify the identity of the consumer. It’s also possible to confirm the accuracy of the phone number and email address. Most importantly, LeadConduit provides a known litigator scrub.

As you may know, there are individuals who frequently fill out online forms with the intention of initiating class action lawsuits against companies, potentially resulting in lawsuits worth millions of dollars. LeadConduit offers a preventive measure to filter out these known litigators before they reach your CRM system, helping you avoid inadvertently contacting someone who could trigger a class action lawsuit.

Key takeaways

Here are the main takeaways from the webinar “Call if you get lost: A roadmap to interstate TCPA navigation”:

  1. Don’t presume that state-specific telemarketing regulations align perfectly with federal TCPA laws. While federal TCPA regulations provide a broad framework, individual states often have additional or more restrictive rules that you need to consider.
  2. Leverage automated technology to maintain compliance as much as possible. Avoid manual processes, as they can be extremely cumbersome. It’s best to utilize automated solutions offered by third-party providers like ActiveProspect.
  3. Just because a system claims to be compliant with state and federal regulations doesn’t mean it should be taken at face value. Request detailed explanations on how the system meets each compliance requirement. Additionally, it’s crucial to conduct regular audits of the system.
  4. If you’re unsure where to access information on state-specific telemarketing laws, it’s advisable to consult with legal experts. There are firms that specialize in these regulations. You might start with your internal legal team, but they might also recommend consulting with external legal counsel for further guidance.

Wrapping up the discussion, both Michael and Aaron advocate for businesses to take a proactive stance in maintaining compliance and to stay on top of the topic as much as possible. To never miss an FCC TCPA update, make sure to subscribe to our FCC webinar series now!

DISCLAIMER: This page and all related links are provided for general informational and educational purposes only and are not legal advice. ActiveProspect does not warrant or guarantee this information will provide you with legal protection or compliance. Please consult with your legal counsel for legal and compliance advice. You are responsible for using any ActiveProspect Services in a legally compliant manner pursuant to ActiveProspect’s Terms of Service. Any quotes contained herein belong to the person(s) quoted and do not necessarily represent the views and/or opinions of ActiveProspect.