In the video above, Tatango CEO Derek Johnson shares the requirements that brands need to meet in order to text message their customers. Prefer to read instead? No problem, please see the post below. You can also find answers to all of your SMS marketing questions in our Q&A video library.
Compliance for Text Messages—What Does It Mean to Be Compliant?
To be compliant in the text messaging environment, you must ensure that your text message marketing campaign follows the rules and regulations laid out within the industry. Whether you’re new to the industry or already have an existing text messaging campaign, we understand it’s easy to feel overwhelmed with being compliant. We created this article to help filter out the noise and help you run a successful, compliant campaign.
How to Run a Compliant SMS Campaign—3 Things to Consider
Have you heard terms like TCPA, CTIA, HIPAA, PII and don’t understand what they mean? Let us clear the water.
What Is the TCPA and How Does It Impact SMS Marketing?
The Federal Communications Committee (FCC) regulates communications across the United States. Within the FCC, the FCC enforces a law called the Telephone Consumer Protection Act (TCPA). The TCPA protects consumers from various types of electronic communication solicitation, such as automatic dialing systems, artificial or prerecorded voice messages, unwarranted SMS messages, and more.
TCPA compliance entails numerous types of regulations, such as prohibiting solicitors from calling residences during certain hours, requiring solicitors to honor do-not-call requests. Additionally, SMS providers must keep a record of the text messages they send. If a brand or organization violates the TCPA, consumers can take legal action and even sue for $500 to $1,500 per unwanted text message.
Below we’ve outlined two important things to consider when being TCPA compliant.
1. Prior Express Written Consent—Prior Express Consent
According to the TCPA, companies are required to receive “prior express written consent” from their customers before being legally allowed to send them marketing text messages. Since the passing of the E-Sign Act in 2000, written consent can be obtained and qualified through website opt-in forms and text messages. At Tatango, we always recommend brands use the double opt-in method.
How to be compliant:
- When asking your customers to participate in your text marketing program (either through a web form, point of sale, mobile device, or even pen and paper), you must disclose the following: “By participating, you consent to receive text messages sent by an automatic telephone dialing system.”
- This “automated telephone dialing system” disclosure must be made “clear and conspicuous” to your customers before they opt into your SMS campaign. All you need to do is display the “automated telephone dialing system” disclosure in close proximity to wherever you’re asking your customers to enter their mobile numbers. Display that disclosure right in front of the consumer by tying it to the initial participation SMS communication request, as shown below.
Example #1: “By submitting this form, you agree to receive up to 5 autodialed marketing msgs/mo.”
Example #2: “You consent to the use of an electronic record to document your opt-in.”
2. Consent Is Not a Condition of Purchase
Another important regulation to consider required by the TCPA is “consent is not a condition of purchase.” This means that a consumer can consent to receive text messages, but that doesn’t mean that the consumer has to make a purchase. Conversely, a brand can’t make you consent to receive text messages to make a purchase.
To illustrate an example, let’s say you want to purchase a phone. As a part of your purchase process, you go to a phone store. At the point of sale, the cashier states, “Before we allow you to purchase a phone, you must consent to receive our text message marketing messages.” This is a TCPA violation, which states that requiring consent as a condition of purchase is against the law, and thus the retailer can’t force a consumer to opt into their program before they purchase.
How to be compliant:
- When asking your customers to join your text program, clearly and conspicuously state that “consent is not a condition of purchase” in your calls to action, as shown in the example below.
What Is the CTIA and How Does It Impact SMS Marketing?
Below is some helpful information about the CTIA and how it impacts SMS marketing.
The CTIA is an acronym for the Cellular Telecommunications Industry Association. The CTIA was established in 1984 as a nonprofit trade organization that represents wireless carriers (such as AT&T, T-Mobile, and Verizon) and manufacturers and providers of wireless products and services. What does the CTIA have to do with SMS texting? In the United States, most SMS marketing happens over SMS short codes, which are 5- or 6-digit phone numbers. The CTIA essentially oversees all aspects of SMS short codes, hence their importance to the text marketing industry.
CTIA Text Messaging Program Requirements
The CTIA and wireless carriers require brands to adhere to a set of opt-in and opt-out program requirements to provide the consumer with the essential information such as the program name, instructions to opt out, and where to receive help if they need it.
Requirements upon opt-in:
Opt-out requirements a program must respond to:
Example #2: “TxtStop2stop, TxtHELP4help”
Other Text Messaging Compliance Considerations
Along with the TCPA and CTIA guidelines, it’s important to understand other SMS compliance considerations such as HIPAA and PII and how they impact your text messaging marketing campaign. Below we touch on each of these SMS compliance regulations and give you some tips for navigating your way through them while running a successful SMS program.
Medical—Health Insurance Portability and Accountability Act of 1996
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. In HIPAA-compliant texting, you need to meet HIPAA regulations when creating and sending SMS messaging; this means, at minimum, refraining from sending any patient information such as sensitive health information, a doctor’s name (covered entity), or even a mobile phone number. If you fail to adhere to guidelines, you can potentially receive a HIPAA violation, bringing consequences to your campaign. Before sending any SMS messaging or transactional messages with any healthcare organizations, we always recommend consulting with a HIPAA-compliant texting app expert to ensure your campaign sets messaging principles and guidelines for HIPAA compliance, EPHI (electronically protected health information), access controls, and audit controls.
The message below is an example of a compliant transactional message text:
Industries—Personally Identifiable Information
According to the U.S. General Services Administration, Personally Identifiable Information refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information linked or linkable to a specific individual. Similar to HIPAA, PII has regulation implications within the text marketing industry. PII SMS compliance guidelines aren’t defined to one industry or category as personally identifiable information relevant to different industries such as financial, medical, e-commerce, and more. In PII-compliant messaging, you must refrain from including any information that can be used individually or in conjunction with other information to identify an individual.
The message below is an example of PII-compliant texting within the finance industry:
Can I Text Message My Customers?
Yes, brands that work with an SMS software provider to obtain consent and a proper opt-in process are definitely able to text message their customers. But, the answer is not so simple for those who have an existing database that they collected outside of an SMS software provider. Usually, brands that collect customer phone numbers outside of an SMS software provider don’t have proper documentation proving that each customer has given legal consent to received auto-dialed text messages from the brand. So, in that instance, the answer is no.
What Are the Legal Requirements for Brands to Text Customers?
There are several legal requirements brands must meet in order to text message their customers. These requirements are based on federal law, under the FCC. The FCC has established the Telephone Consumer Protection Act (TCPA), which allows consumers to sue brands that violate legal guidelines with their text marketing practices.
When a consumer provides their phone number to a brand, they have to opt in by agreeing to receive auto-dialed marketing messages. This has to be clearly disclosed to the consumer. It’s important to note that if a consumer provides their phone number when making a purchase but did not agree to receive auto-dialed marketing messages, the brand is not legally able to text message that consumer.
Without consent to receive an auto-dialed marketing message and proper opt-in by your customers, you are not even legally allowed to text your consumers and ask for their consent. Doing so would be a violation and could leave your company vulnerable to being sued under the TCPA.
What is the Best Way to Build a Phone Number Database?
The best practice and safest way to build your phone number database is to use an SMS software provider, like Tatango. An SMS software provider will ensure that you are obtaining consent and using the right disclosures in your marketing efforts. Often, when a brand has a list that they’ve been building with their own methods, SMS software companies will not use those numbers without a record of proper consent.
Another issue that can come up is the verification of phone numbers. This isn’t a law, but it’s definitely a best practice for collecting subscribers and a reason why you should use a software provider. For example, if a concert attendee fills out a paper card at an event, even if they give proper consent, outside of SMS software, the venue can’t verify that it, in fact, belongs to that individual. This is especially true for numbers that were collected some time ago outside of an SMS software system.
SMS software providers like Tatango are the safest and best way to go when starting an SMS marketing journey. Partnering with an expert like Tatango will ensure that the entire process is simple and quick. This includes everything from getting a short code to growing your subscriber list.
Learn more about Tatango and what you can do with our software here.