Top 10 TCPA Misconceptions

(and What the Law Actually Says)

The Telephone Consumer Protection Act (TCPA) is a federal law passed in 1991 to limit unwanted telemarketing calls and protect consumer privacy. It was passed in response to a surge in unsolicited telemarketing practices and empowered individuals with tools to control who can contact them that included private rights of action for violations.

The TCPA was originally intended as a consumer protection statute to limit nuisance calls, but over time it has become a major source of litigation exposure for businesses that communicate with customers via calls or text messages.

Below are ten misconceptions that most often lead to real financial exposure for businesses.

 1. “I/We don’t place telemarketing calls.”  

Why people believe this: People have a clear idea of what “telemarketing” means to them; usually a scripted sales pitch or cold call from a call center.

But that everyday understanding is not the legal definition which makes this one of the most dangerous assumptions.

Where it goes wrong: Under the TCPA, “telemarketing” is broadly defined as: A call or message encouraging the purchase or rental of, or investment in, property, goods, or services.

It does not need to be a ‘hard sell’ conversation to qualify as a telemarketing call.

If a call:

• Promotes a service
• Seeks to generate interest
• Is part of a sales funnel
• Encourages a future transaction

It may qualify as telemarketing.

Companies frequently misclassify follow up calls, lead qualification calls, appointment-setting or confirming calls, and promotional text reminders. Note that text messages are also subject to TCPA.

If the purpose includes encouraging a sale, the telemarketing rules likely apply including stricter consent requirements.

Some informational calls may fall under different rules, but mixed-purpose communication is heavily scrutinized. If a message contains promotional elements or encourages future purchases, it may be treated as telemarketing.

Considering a call “informational” does not determine how a court will classify it.

What to check:

• Does this outreach encourage the purchase of goods or services — even indirectly?
• Is it part of a broader sales or marketing process?
• Are you using prerecorded or automated technology?
• What level of consent was obtained for this type of communication?
• Is the message purely informational — or mixed-purpose?

Classification often determines the consent standard required.

 2. “Lawsuits like these don’t affect businesses like ours”  

Why people believe this: You’re not a national telemarketing operation. You’re a healthcare provider, lender, insurance agency, real estate team, or service-based business etc. You’re following up with applicants, patients, members, or customers.

It doesn’t feel like your outreach resembles the kind of activity that triggers high-profile TCPA lawsuits.

Where it breaks down:
Most TCPA exposure does not begin with federal enforcement or mass regulatory action.

It begins with:

• An individual consumer filing a lawsuit
• A demand letter from a plaintiff’s attorney
• A small series of calls that allegedly violated consent or DNC rules

The TCPA and state TCPA laws includes a private right of action, which means individuals can sue directly, regardless of company size or industry.

Damages are calculated per call or per text. Even modest outreach volume can compound quickly.

Healthcare practices, mortgage brokers, insurance agencies, and other “relationship-driven” operations are not exempt simply because they do not consider themselves telemarketers.

Exposure is determined by conduct, classification, and documentation, not by brand size or industry reputation.

What to check:

• Are consent practices documented and defensible?
• Are DNC and suppression processes applied consistently?
• Would you be able to reconstruct outreach history if challenged?
  

 3. “They Were Expecting Our Call.”  

Why people believe this: The consumer filled out a form, started an application, or they’re an existing patient, member, or customer. They initiated contact.

It feels reasonable to assume outreach is permitted.

Where it breaks down: Expectation is not the same as legally sufficient consent.

Risk may still exist if:

• The disclosure language did not meet telemarketing consent standards
• The number has been reassigned
• The consumer is on a Do-Not-Call list
• They previously revoked consent
• The outreach goes beyond the original scope of the interaction

 Consent must be evaluated based on how it was obtained, what it covered, and whether it remains valid at the time of contact. Expectation does not override statutory requirements.  

What to check:

• Does the original disclosure meet the level of consent required for your outreach?
• Has the number been validated for reassignment?
• Are DNC and internal suppression lists still applied?
• Is the outreach purely informational or does it contain promotional language?

 4. “If We Bought the Leads, Consent Is Covered.”  

Why people believe this: The lead vendor assured you that consent was obtained.

Where it goes wrong:
Consent must be:

• Clear
• Conspicuous
• Specific to your brand (in many cases)
• Properly documented
• Do you have the original consent capture language?
• Is your brand specifically named?
• Can you reproduce the timestamped record?
• And if the above is true, is it still valid? Consent expires.

Courts frequently examine the exact disclosure language shown at the time of sign-up. If your brand wasn’t clearly identified, consent may not extend to you.

Buying a lead does not transfer liability.

What to check:

• Do you have the original consent capture language?
• Is your brand specifically named?
• Can you reproduce the timestamped record?
• And if the above is true, is it still valid? Consent expires.

 5. “One Call Can’t Hurt Us.” 

Why people believe this: It doesn’t feel like one call should create meaningful risk.

Where it goes wrong: Since the creation of the Reassigned Numbers database, one call can be enough.

If a phone number has changed hands and the new subscriber never provided consent, a single call may create TCPA liability. There is no broad, automatic grace period.

When dialing at scale, even small percentages of reassigned numbers can translate into meaningful exposure.

• What to check: Are numbers validated against reassignment data before outreach?
• How frequently are lists refreshed?
• Is validation documented and timestamped?
• Are older records reviewed before re-engagement campaigns?

 6. “We’re B2B, So the TCPA Doesn’t Apply.”  

Why people believe this: People believe that when they’re calling a business line the TCPA doesn’t apply.

Where it breaksdown: If that number is a wireless line, even if used for business, TCPA protections may apply.

Additionally, internal do-not-call obligations often apply regardless of consumer/business status.

Many B2B-focused companies are surprised when mobile numbers fall under scrutiny.

What to check:

• Are you identifying wireless numbers?
• Are B2B campaigns applying suppression rules consistently?

 7. “If Our Vendor Dialed It, It’s Their Responsibility.”  

Why people believe this: The vendor controls the technology and execution.

Where it goes wrong:
Courts evaluate:

• Who benefited from the communication
• Who approved the messaging
• Who had control over targeting
• Whether the caller acted on your behalf

Businesses can face vicarious liability for third-party campaigns.

Vendor relationships do not eliminate responsibility.

What to check:

• Are vendor compliance processes documented?
• Are suppression files shared and verified?
• Is oversight clearly defined?

(We explore vendor-related exposure in more detail in our TCPA vendor liability newsletter.)

 8. “Only the Federal Government Enforces the TCPA.”  

Why people believe this: The TCPA is a federal statute.

Where it breaks down:
TCPA risk does not depend solely on federal enforcement.

Exposure can come from:

• Private plaintiffs filing individual or class actions
• State Attorneys General
• State-level telemarketing statutes
• State mini-TCPA laws
• State-specific dialing or consent restrictions
• Expand definitions of automated dialing
• Impose additional requirements
• Allow private rights of action
• Set their own penalties

Some states:

• Expand definitions of automated dialing
• Impose additional requirements
• Allow private rights of action
• Set their own penalties

Compliance evaluated only at the federal level can miss relevant state-level exposure.

What to check:

• Are state statutes being monitored?
• Are campaigns analyzed by state residency?
• Do vendors apply federal rules only or state overlays as well?

 9. “We’re Collecting a Debt. The TCPA Doesn’t Apply to Us.”  

Why people believe this: It’s true that traditional debt collection calls are generally not considered telemarketing.

Where it goes wrong: Calls and texts that fall under debt collection not completely free from TCPA risk.

• Calls to wireless numbers using certain technologies may still require consent.
• Artificial or prerecorded voice rules may apply.
• State laws may impose additional restrictions.
• Reassigned number risk still exists.
• DNC and internal suppression obligations may still be relevant in certain contexts.

Additionally, if a call includes promotional cross-selling (for example, offering refinancing, credit repair, or additional services), it may shift into telemarketing territory.

Debt collection is not a blanket exemption from TCPA risk.

What to check:

• Are you contacting wireless numbers?
• Are prerecorded messages used?
• Are state-level requirements monitored?
• Does any outreach include promotional language?

 10. “Surely Our Intent Counts for Something.”  

Why people believe this: It feels like good faith should matter.

Where it breaks down: TCPA court outcomes are not determined by intent. They are determined by compliance processes and documentation.

In litigation, the focus often becomes:

• What consent language was shown
• When it was captured
• Whether it was valid for the type of outreach conducted
• Whether revocations were honored
• Whether DNC and suppression processes were applied

If records are incomplete, fragmented, or unavailable, intent becomes difficult to rely on as a defense.

What to check:

• Can you reproduce the exact consent disclosure used?
• Are timestamps and records retained?
• Are opt-outs logged and traceable?
• Would your documentation withstand external review?

Compliance is operational, not philosophical.

 *Bonus Misconception “TCPA & DNC Compliance Automatically Protects Call Deliverability.”  

Why people believe this: Compliance should equal performance. If you follow TCPA rules and scrub DNC lists, it’s fair to think your calls should go through.

Where it breaks down: Legal compliance and carrier analytics are not the same.

Calls may still face:

• Spam labeling
• Call blocking
• Reputation scoring impacts
• Reduced answer rates

Carriers evaluate calling behavior using separate technical and behavioral criteria that do not always align with TCPA standards.

Being compliant does not automatically guarantee deliverability.

What to check:

• Are answer rates declining despite compliance efforts?
• Are SIP codes being monitored?
• Is call reputation being evaluated separately from legal compliance?
• Are remediation strategies in place if labeling occurs?

Compliance reduces legal exposure. Deliverability requires additional operational oversight.