Home Features Compliance Back to Basics – Four Compliance Rules to Remember
Back to Basics – Four Compliance Rules to Remember

Back to Basics – Four Compliance Rules to Remember


By Gayla Huber, President, IntegriShield

As marketers, we are always on to the next big thing that will put our client or company on top. It’s not shocking to come across forgotten domains which were compliant at one time, but are no longer relevant – or new pages that are not compliant because the old regulations are not top of mind. Don’t forget to stop and look back, to close the book on old offers, correct sites not up to regulatory standards, and scrub data that could land you in court or in a regulator’s cross hairs. This article will go back to basics on four commonly overlooked regulations: TCPA, DNC, CAN-SPAM and Disclosures.

1. Telephone Consumer Protection Act (TCPA)

What is TCPA? It was passed in 1991 to regulate autodialers and pre-recorded messages. In 2012, Federal Communications Commission (FCC) revisions required marketers to gain prior express written consent from consumers. It also took away the ability for marketers to establish business relationships to skirt the rule. Lastly, it requires marketers to provide some type of automated “opt-out” mechanism for each contact attempt so the consumer can opt-out at any time.

One thing we see overlooked is the rule clearly defining robocall as a call taking place from a phone that has the capacity to robodial.

The way the new ruling is written, nearly any individual can be classified as a robodialer with a mobile phone. This is open to interpretation in the court of law. Most mobile phones are smart enough to be robodialers, should the business choose to use the function. Even if you aren’t using your phone system to its full capacity, you need consent to place the call if it’s capable at all. It would be up to a court to decide otherwise – should it make it that far.

TCPA also states businesses may be held liable for third-party marketing. Now you may be wondering: How am I going to be held liable for inquires if I don’t know where they come from? Practice some level of compliance, or have a standards and guidelines process with your vendors to ensure they are following proper protocol as it pertains to all regulation, not just TCPA.

At the end of the day, you have to be diligent in your practice. Ensure everyone you’re working with are clear on the standards and guidelines you expect them to follow. Show the due diligence on your part that your vendors are protecting the consumer.

TCPA penalties

The FCC can issue a citation if they receive a complaint.

If TCPA violations continue to occur after the citation, it could result in $16,000 fine per instance, up to $112,500 for any single act.

For example, if you receive a citation, but continue five more days dialing the number, every single time you dial that number is an instance.

What happens if the consumer changes phone numbers and someone who did not opt-in now has the line reassigned? In this case you get a one call exemption, but remember it’s considered a call even if they don’t answer. As a best practice you should scrub your list and retrieve updated consent to contact an old records every six months.

Ensure the consumer is shown a compliant disclosure at the time of inquiry – opt-in boxes should not be pre-selected. Additionally, comply with the FTC’s .com Disclosure requirements such as 12-point legible font size with at least 40 percent contrast between text and background color.

According to data released by WebRecon, LLC, TCPA lawsuits have risen by 45 percent from 2014-2015. Several industry associations are practicing self-regulation by accepting consumer complaints on their website – getting ahead of complaints to the FCC. A quick online search will reveal that there are websites coaching individuals on how to make money off TCPA lawsuits. The fact is, you have liability here. If you’re not running a “check” program and double-checking your compliance program, then you’re at risk.

2. Do Not Call Registry (DNC)

In 2003 the FCC revised TCPA and created the DNC. This allows consumers to add their name to a list and try to avoid telemarketing calls. If someone is on the DNC, he or she has to inquire for you to contact them. After three months, they need to opt-in again or you must scrub them out of your list. If you have an existing business relationship, you have 18 months under DNC. If they are not on the DNC registry and have opted-in to TCPA, best practice is to keep them in your list for six months then require opt-in again or remove them.

Let’s not forget the penalty increases for breaking DNC rules should you receive a cease and desist. Penalties went from $16,000 to $40,000 Aug. 1, 2016. And those fines are per instance, per day.

From a marketing standpoint, you should be running some level of remarketing strategy. Near the end of your contact window invite your expiring database to re-engage with your brand and opt-in to continue receiving your messages. Remember to collect and store a record of request for each inquiry.


In 2003, the Federal Trade Commission (FTC) released the CAN-SPAM Act. Unlike the two previous rules, email does not require prior consent. It does; however, give consumers the right to tell you to stop emailing them.

If you use third party publishers for your email campaigns then you are still legally responsible for what they do on our behalf.

Monitor just as you would any other third-party advertiser. Below is a snapshot of seven tips from the FTC to maintain compliance with the CAN-SPAM Act.

  • Don’t use false or misleading header information.
  • Don’t use deceptive subject lines.
  • Identify the message as an advertisement.
  • Tell recipients where you’re located.
  • Tell recipients how to opt-out of receiving future email from you.
  • Honor opt-out requests promptly.
  • Monitor what others are doing on your behalf.

Consumers understand opting-out is a standardized processed. “Unsubscribe” is the typical wording placed at the bottom footer of your emails above your postal address and disclaimer – clear and conspicuous. Any opt-out mechanism you offer must be able to process requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days.

4. Disclosures

Regulators care if it impacts the consumer’s health or pocketbook. Disclosures vary by industry, marketing channel and message. Several items to consider include:

  • Privacy Policy
  • Terms and Conditions
  • Remarketing Policy
  • TCPA
  • Industry Disclosures by Product Offering
  • Availability Statements

Depending on the accrediting body or state you are with, you may need to list the actual Gainful Employment disclosure on the program page. On the other hand, some accreditors allow you to link out to this information as long as it’s available from any page. Understand the rules specific to your organization. Availability Statements are another element that can be easily overlooked, but are critical to maintaining compliance. For example, some institutions may offer programs in some locations or online in some states but not others. Disclose this or any other service that may not be available to someone based on their location or other variable. A recent trend is removing the term “lifetime” from claims regarding placement support and lifelong learning opportunities.

At IntegriShield, an in-house study found almost 9 percent of violations for brands across the internet are disclosure violations, 50 percent of those are consumer consent violations. Audit the content of all your disclosures quarterly because things change. When it comes to claims, disclosures, etc., be sure to present it as clearly as possible to the consumer.

Any claims made need to follow federal, state and or local regulations – and be available to everyone or noted otherwise. Any requirements or rules to gain an offer should be legibly outlined, again following .com Disclosure guidelines.

Understand the differences between puffery versus misleading statements.

Puffery is defined as anything that a reasonable person would not consider to be factual or true, i.e., “World’s Best Motel.”

Another example is Chobani yogurt which has been under recent scrutiny for its use of “0%” on product packaging, although they are not directly claiming anything to be “0%.”

Disclosure best practices with social media and referrals

Influencer marketing has had its fair share of scrutiny the last few months. Until recently, using #spon was an accepted disclosure. Now regulators are looking for posts to clearly say it’s sponsored or that the influencer has been paid or given something for making a particular post or claim. In a report by Polar, “State of Native Disclosure,” 137 native ad placements across 65 publishers were analyzed. Only 55 percent of them utilized the term “sponsored” and 4.5 percent used the term “advertisement.” The most likely reason is the negative impact on click through rate (CTR). Polar also published findings showing how these disclosures lowered CTR when used.

Overall, it is important to have a compliance strategy and understand what tools you’re using to protect your brand. Automate as best you can to ensure compliance across brands, locations, and work groups. Develop a process to monitor and remediate daily. Implement audits on content, consent, suppression files, and contact processes. Despite efforts to maintain industry compliance on a daily basis, you may feel exposed on many fronts. To help mitigate risks everyone must take an active role and reduce exposure.


GAYLA HUBER, IntegriShield president, helps brands monitor, track and enforce regulation for compliant marketing.

Contact Information: Gayla Huber // President // IntegriShield // 816-994-1313 // ghuber@integrishield.com // Social Media: @IntegriShield


Your email address will not be published. Required fields are marked *