The Virginia Governor recently signed into law amendments to the Virginia Telephone Privacy Protection Act that significantly increase the exposure of businesses that place marketing calls or text messages to Virginia residents.

The amendments take effect July 1, 2020, and address four topics: (1) the definition of a “telephone solicitation call,” (2) caller identification, (3) the private right of action, and (4) Attorney General enforcement.

  1. Telephone Solicitation Call: The amendments clarify that the definition of a “telephone solicitation call” includes text messages, in addition to calls to landline and wireless numbers. Notably, the definition is drafted broadly. First, the Act will apply to calls and text messages to any number with a Virginia area code, regardless of whether that number belongs to a consumer or a business, potentially introducing another point of exposure for alleged do-not-call violations for B2B calls. Second, it will apply to numbers with non-Virginia area codes that are registered to a natural person who is a resident of Virginia. Identifying state of residence is already a difficult task, particularly if businesses do not collect address information, and relying on area code alone will no longer be sufficient once the amendments take effect.
  2. Caller Identification: The amendments will expressly prohibit telephone solicitors from “engaging in any conduct that results in the display of false or misleading caller identification information.” While the Act will retain language that allows telephone solicitors to display the name and telephone number of the person or entity on whose behalf the call or text is being made, provided the telephone number displayed is that entity’s customer service number, these amendments introduce a new source of liability for businesses – particularly those that contract with third-party service providers to send text messages (often from short codes).
  3. Private Right of Action: The amendments will significantly increase the damages individuals may recover for violation of the Act, including the new caller identification provisions, as well as the existing do-not-call and call abandonment provisions – from $500 per violation under the current law, to $500 for a first violation, $1,000 for a second violation, and $5,000 for each subsequent violation under the amendments. The increased liability is based on calls and texts received in violation, regardless of any intent or actual damages. A single call or text message constitutes a violation, so these payments can add up quickly, particularly if Virginia state law claims are allowed in addition to claims under the Telephone Consumer Protection Act (which also provides for up to $500 per violative call or text message) for a single call or text message.
  4. Attorney General Enforcement: The amendments will similarly increase the penalties that the Attorney General can seek on behalf of aggrieved individuals – from $500 per violation under the current law, to $500 for a first violation, $1,000 for a second violation, and $5,000 for each subsequent violation under the amendments. A court may also assess up to $5,000 in civil penalties for each willful violation of the Act (even if it is the first or second violation).

Telemarketing remains a high-risk area, in part due to the varying requirements at the federal and state levels, which states continue to update. Consumers and plaintiffs’ attorneys also recognize the potential for high-dollar payouts, and we expect that these amendments, and the increased penalties available, could make Virginia an appealing forum. These amendments also emphasize the benefits of relying on valid consent to place marketing calls and text messages, as well as ensuring compliance with federal and state requirements throughout the lead flow process. If you have questions about specific campaigns or practices, please do not hesitate to reach out to us for guidance.

Advertising and Privacy Law Resource Center

On another new episode of the Ad Law Access PodcastAlysa Hutnik starts at the beginning and explains a few of the issues you need to think about before starting a telemarketing texting campaign.

For additional information see the Ad Law Access blog posts:

To stay current on TCPA (and related) matters, case developments and petitions pending before the FCC, visit our monthly TCPA Tracker.

For a deeper focus on TCPA-related issues at the FCC, listen to the “Inside the TCPA” series on Kelley Drye Full Spectrum.

The Ad Law Access podcast is available now through Apple PodcastsSpotifyGoogle PodcastsSoundCloud, and other podcast services.

The CFPB released its proposed rule governing debt collection, which would impose new requirements for debt collectors related to when and how a consumer can be contacted, what can and must be said when a consumer is reached, and the procedures to validate and verify a debt.  Industry and other stakeholders have long anticipated the proposed rule, which follows a July 2016 outline of proposals and November 2013 Advanced Notice of Proposed Rulemaking, previously discussed here.  The immediate response to the proposed rule has been mixed from both industry and consumer advocates – with provisions addressing call frequency and texting generating the most attention, as discussed more fully below.

The proposed rule generally applies only to “debt collectors,” as that term is defined under the Fair Debt Collection Practices Act (FDCPA), and thus would not apply to creditors or so-called “first-party” collectors seeking to collect a debt owed directly.  Additionally, certain requirements would apply only to those who collect debt related to a consumer financial product or service, based on the Bureau’s interpretation of its authority to promulgate rules under the Dodd-Frank Act to implement the FDCPA.

Notable substantive aspects of the proposal include:

  • Call frequency limitations. The proposed rule would generally prohibit collectors from calling consumers more than seven times per week regarding a specific debt and require a collector to wait at least a week before calling the consumer once a conversation takes place. While consumer advocates have argued that this provision would effectively green light seven calls per week in connection with each consumer debt, debt collectors would continue to be subject to preexisting laws that already prescribe requirements for contacting consumers by phone generally, such as the Telephone Consumer Protection Act (TCPA).  Some in industry, on the hand, have countered that an absolute call frequency limit would neither be workable nor practical, and have asserted that appropriate call frequency should instead be determined on a case-by-case basis.
  • Text messages and emails as acceptable communication methods with new limitations.  The proposed rule acknowledges that emails and text messages are regularly used for debt collection purposes and permits that use subject to certain restrictions, such as requiring instructions that permit the consumer to opt out from receiving messages.  The rule would impose new limitations that would operate in addition to existing requirements under the TCPA and state laws, which are not preempted under the proposal.  The proposed rule would also create a new category of messages called a “limited-content message,” which would only contain certain information and not be deemed a “communication” for purposes of general limitations under the FDCPA.
  • Disclosures and validation notices.  The proposed rule provides more details regarding the information that must be included in written notices following an initial communication a debt, and requires collectors to provide prompts that a consumer could use to dispute a debt, request information about the original creditor, or take certain other actions.  The proposal offers a model validation notice that could be used to comply with these requirements and creates a safe harbor if a collector complies with certain steps when delivering the validation notice.
  • Recordkeeping.  The proposed rule would also require collectors to retain evidence of compliance, including records evidencing that collectors perform the actions and made the disclosures required under the rule.  The rule allows such records to be retained by any method that reproduces the records accurately (including electronically) and that ensures that the debt collector can easily access the records.

Interested parties should review the proposed rule closely to assess how the new requirements could impact current and future practices.  Comments on the proposed rule are due 90 days from publication in the Federal Register, which should take place shortly.

A plaintiff recently filed a class action lawsuit against Google and its subsidiary, Slide, alleging that the companies violated the Telephone Consumer Protection Act by sending text messages to consumers without their consent.

Google and Slide recently released Disco, a “group texting” service that allows consumers to send text messages to up to 99 people at the same time. Message recipients can also respond via text to all members of the group simultaneously by sending a single message. Messages can quickly accumulate, and the named plaintiff alleges he received more than 100 text messages in a single day. According to the complaint, members of a group do not provide consent to be part of the group or receive messages; instead, group members must opt-out if they want to stop receiving group messages.

As we’ve noted before, various courts have generally held that companies must obtain express consent before they can send text messages to consumers. In this case, the defendants are likely to argue that they did not send the messages themselves, but that argument has yet to be tested. Companies should check with their counsel before sending text messages or implementing any promotion that allows consumers to send text messages to determine what consents may be necessary.

The Federal Communications Commission (“FCC” or “Commission”) is seeking comments on a Notice of Proposed Rulemaking (NPRM) to refresh its customer proprietary network information (“CPNI”) data breach reporting requirements (the “Rule”).  Adopted earlier this month by a unanimous 4-0 vote of the Commission, the NPRM solicits comments on rule revisions that would expand the scope of notification obligations and accelerate the timeframe to notify customers after a data breach involving telephone call detail records and other CPNI.  The FCC cites “an increasing number of security breaches of customer information” in the telecommunications industry in recent years and the need to “keep pace with today’s challenges” and best practices that have emerged under other federal and state notification standards as reasons to update the Rule.

According to the current Rule, a “breach” means that a person “without authorization or exceeding authorization, has intentionally gained access to, used, or disclosed CPNI.”  As summarized in the NPRM, CPNI includes “phone numbers called by a consumer, the frequency, duration, and timing of such calls, the location of a mobile device when it is in active mode (i.e., able to signal its location to nearby network facilities), and any services purchased by the consumer, such as call waiting.”  (The NPRM does not propose any changes to the definition of CPNI.)

Continue Reading FCC Seeks Comments on Updates to CPNI Breach Reporting Rule

In a much-anticipated announcement last week, the FTC amended the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, and proposed a further amendment requiring certain financial institutions to provide the FTC with notice in the event of certain security events.  Although these changes were announced after FTC Commissioner Chopra left the agency to lead the CFPB, he apparently voted prior to leaving to ensure 3/2 approval of the amendments in a Commission that remains divided.

What is GLBA Safeguards?

For nearly 20 years the Safeguards Rule has required financial institutions to develop, implement, and maintain comprehensive information security programs to protect their customers’ personal information.  Such programs must be appropriate to each entity’s “size and complexity, the nature and scope of [its] activities, and the sensitive of the customer information at issue.” For a generation, the Rule’s requirements have influenced data security standards in other sectors, emphasizing a flexible, process-based approach.  The amended Rule replaces some of that flexibility with more specificity. Continue Reading GLBA Safeguards Gets a Makeover: Why it Matters for Businesses with Customer Information

Kelley Drye ThanksgivingBarring an advertising or privacy law emergency, like you, we’ll be taking the next few days off to give thanks and spend time with family. Next week, please join us for:

  • Made in USA claims – navigating FTC’s ‘all or virtually all’ standard
    WebinarConsumers continue to demand goods manufactured in the United States and will pay a premium for such products. At the same time, the Federal Trade Commission (FTC) continues its high-profile focus on US origin claims, launching dozens of investigations, announcing various noteworthy settlements and advocating for a proposed rule that would include the possibility of civil penalties over $43,000 per violation. This webinar will explore Made in USA claims and discuss:

    • What types of claim have attracted regulatory attention;
    • How to comply with the FTC’s requirements; and
    • What to do if the FTC contacts you.

Register here to Join Christie Grymes Thompson on 3 December 2020 at 1:00pm EST (6:00pm GMT).

While we’re away:

Some of our post popular episodes include:

In this time of Thanksgiving, we express sincere appreciation for our clients and all friends of the firm. While holiday celebrations this year will be very different, without the usual gatherings and traditions, we are focused on the underlying spirit of giving thanks. Wishing you good health, time with family and friends (even if that’s FaceTime), and optimism for the future.

Advertising and Privacy Law Resource Center

On the same day that the FCC set a call blocking declaratory ruling for vote at its July 2020 Open Meeting, the FCC’s Consumer and Governmental Affairs Bureau issued rulings in two long-pending petitions for clarification of the requirements of the Telephone Consumer Protection Act (“TCPA”). Although these clarifications do not address the core questions regarding the definition of an autodialer and consent requirements that were remanded two years ago in ACA International v. FCC, they may signal an effort to clean up TCPA issues in what is expected to be the waning months of FCC Chairman Pai’s tenure at the Commission.

In the first ruling, P2P Alliance, the Bureau ruled that an automatic telephone dialing system (“ATDS”) is not determined by whether the equipment has the capability to send a large volume of calls or texts in a short period of time. Instead, the Bureau, while recognizing that the Commission’s interpretation of the ATDS definition remains pending, ruled that “whether the calling platform or equipment is an autodialer turns on whether such equipment is capable of dialing random or sequential telephone numbers without human intervention.” The Bureau also provides an illuminating discussion of the so-called “human intervention” element of prior FCC statements regarding autodialers.

In the second ruling, Anthem, Inc., the Bureau denied a petition to exempt certain healthcare-related calls from the TCPA’s consent requirements. In this order, the Bureau breaks less new ground and instead reiterates that prior express consent must be obtained before a call (or text) is made and that the supposed value or “urgency” of the communication does not necessarily make it permissible.

Besides these two petitions, the Commission has nearly three dozen petitions pending before it on a variety of matters relating to exemptions from the TCPA’s consent requirements, the collection and revocation of consent, the “junk fax” provisions, and other questions raised by the flood of TCPA class action litigation in the last five years. If the FCC begins addressing these other pending petitions, the course of TCPA class action litigation could change significantly.

In March 2018, the United States Court of Appeals for the D.C. Circuit issued a landmark rebuke of the FCC’s interpretation of the TCPA. The case, ACA International v. FCC, reviewed a 2015 Omnibus Declaratory Ruling on a variety of matters, the most notable of which was the FCC’s expansive interpretation of an “automatic telephone dialing system” (“ATDS”), the use of which triggers therobo TCPA’s prior express consent requirements and private right of action provisions. In ACA International, the court found the FCC’s interpretation “impermissibly broad” and remanded the case to the FCC for further consideration.

Since that time, the FCC has taken comment twice on the ACA International remand, but FCC Chairman Pai has focused the agency’s efforts on identifying and reducing illegal robocalls rather than addressing the remand. Chairman Pai has repeatedly said that unwanted automated calls is a top consumer complaint and he has pursued a multi-faceted approach to preventing or blocking those calls before they reach consumers.

The Commission has

authorized voice service providers to block incoming calls that “reasonable call analytics” identify as likely illegal calls,

mandated that service providers implement a call authentication framework to prevent unlawfully spoofed calls,

directed specific service providers to block certain calls or have their own calls blocked by other providers,

proposed multiple fines exceeding $100 million each for illegally spoofed calls, and

authorized a comprehensive database to identify when telephone numbers have been reassigned from a subscriber who may have given consent to a new subscriber.

Indeed, on the same day as the rulings we will discuss, the Commission set for a vote a proposal to provide a safe harbor for voice service providers that erroneously block calls in good faith and to establish protections against blocking critical calls by public safety entities.  According to an FCC staff report issued the same day, these actions are helping to reduce illegal robocalls.

The Anthem and P2P Alliance Rulings

Against this backdrop, the flood of TCPA class action cases has powered a rising tide of petitions for declaratory rulings addressing specific aspects of the TCPA’s requirements, from when consent is needed, how it may be obtained, and how it may be revoked. At Kelley Drye, we have chronicled these developments in our monthly TCPA Tracker and its accompanying FCC Petitions Tracker of the nearly three dozen pending petitions. The total number of petitions has risen slightly over time, as new petitions have modestly outnumbered decisions issued by the Commission.

P2P Alliance Petition (Two-Way Texting With Manual Intervention). In May 2018, the P2P Alliance, a group that represents providers and users of “peer to peer” text messaging services, sought a declaratory ruling that peer to peer messaging services did not involve an ATDS and thus were not subject to the restrictions on ATDS calls/texts contained in the TCPA. The petition sought a ruling with respect to text messaging services that enable two-way text communication, requiring a person to manually send each message. Although the Bureau declined to rule with respect to any specific platform – citing a lack of sufficient evidence regarding the how the platforms operate – the Bureau issued a ruling with several important clarifications.

First, the Bureau ruled that the ability of a platform or equipment to send “large volumes of messages” is not probative of whether that platform or equipment constitutes an ATDS under the TCPA. The Bureau declared that “whether the calling platform or equipment is an autodialer turns on whether such equipment is capable of dialing random or sequential telephone numbers without human intervention.”

This conclusion effectively puts to rest ambiguous statements in some prior orders that TCPA plaintiffs had argued brought any high-volume calling platform within the scope of the TCPA. Furthermore, the Bureau’s conclusion appears most consistent with decisions by several U.S. Courts of Appeal that have ruled an autodialer must employ a random or sequential number generator to meet the TCPA’s definition of an ATDS. The Bureau noted, however, that the “details” of the interpretation of an ATDS were before the Commission in ACA International so, until the Commission addressed that issue, the Bureau was relying solely on “the statutory definition of autodialer.”

The Bureau’s ruling contains an illuminating discussion of the so-called “human intervention” element of prior FCC statements regarding autodialers. Per the Bureau’s ruling, “If a calling platform is not capable of dialing such numbers without a person actively and affirmatively manually dialing each one, that platform is not an autodialer.” The Bureau explained the “actively and affirmatively” dialing standard as requiring a person to manually dial each number and send each message one at a time. Use of such technologies is not an “evasion” of the TCPA, the Bureau commented, because the TCPA “does not and was not intended to stop every type of call.”

Thus, while the full contours of the ATDS definition are still to be defined by the Commission, the Bureau’s P2P Alliance ruling helps to clarify that an “active and affirmative” manual process for sending calls or messages removes a platform or piece of equipment from the ambit of the TCPA. This ruling could buttress many district court rulings that have found sufficient human intervention in the operation of many calling or texting platforms.

Anthem Petition (Prior Express Consent for Healthcare-Related Calls). The Anthem petition addressed by the Bureau was filed in June 2015, one month before the FCC released the Omnibus Declaratory Ruling addressed in ACA International. (Anthem has a more recent petition addressing post-Omnibus order issues that remains pending.) In the June 2015 petition, Anthem asked the Commission to create an exemption for informational healthcare-related calls/texts initiated by healthcare providers and sent to existing patients, arguing that such communications were beneficial to patients and could be protected by an opt-out process it believed the Commission was then considering for ATDS calls. The Commission received limited comment in September 2015 (while the ACA International appeal was being litigated) and has received virtually no filings discussing the petition since that time.

In the ruling, the Bureau denied virtually all of Anthem’s requests, emphasizing instead the TCPA’s requirements for prior express consent for ATDS calls. Specifically, the Bureau ruled that “makers of robocalls generally must obtain a consumer’s prior express consent before making calls to the consumer’s wireless telephone number.”  (emphasis in original). It rejected Anthem’s request for an exemption permitting such calls, subject to opt-out, and repeated that the “mere existence of a caller-consumer relationship” does not constitute consent. Importantly, however, the Bureau affirmed prior statements that a consumer who has knowingly released their phone number for a particular purpose has given consent to receive calls at that number.

To the extent that the Anthem petition sought an exemption based on the “urgency” of healthcare-related communications, the Bureau declined to create such an exception, emphasizing, however, that the “emergency purposes” exception could apply to the extent the calls/texts satisfied the Commission’s rules and its recent COVID-19 Declaratory Ruling.

In the end, the ruling likely will not change the status quo for calls and texts being made today. The Bureau emphasized previous rulings requiring prior express consent and endorsed previous statements about how such consent may be obtained. Further, the Bureau affirmed the “emergency purposes” exception, although declining to expand its scope. Thus, entities making calls or texts following prior FCC guidance should not need to make any changes as a result of the Anthem ruling.

Looking Ahead

These decisions are not the broad rulings that many hoped for when ACA International was remanded to the FCC in March 2018. Chairman Pai was highly critical of the 2015 Omnibus order from the FCC (from which he dissented) and welcomed the ACA International decision. He has focused the agency on reducing unwanted calls prior to addressing the legal interpretations called for by the remand. Now, however, with those actions at an advanced stage and with his expected time as Chairman of the FCC about to end, many are wondering if the Pai Commission will revisit the ATDS definition, revocation of consent, and safe harbor questions remanded to it. Even if it does not, however, the Commission has nearly three dozen other petitions still pending, which could provide needed guidance on discrete issues that have arisen in TCPA litigation.

We don’t know at this time which way the FCC is likely to go, or even if it will address more TCPA issues during Chairman Pai’s tenure, but enterprises and service providers should watch the FCC closely over the next few months.


Advertising and Privacy Law Resource Center

In 2019, Ad Law Access published 124 stories on a wide range of topics. However, two topics stood out above the others:

  • California Consumer Privacy Act (CCPA)
    CCPA was far and away the most popular topic of 2019 and, as mentioned in one of our last posts of the year, “businesses and privacy professionals would do well to catch their breath over the holiday season. Next year is going to need focus and investment to reach the [CCPA] finish line (which, yes, will continue to move because this is privacy law, after all).​” Here are a few CCPA related posts you may want to read if you haven’t already:

Stay tuned for more installments of the “Section 13 (b)log.”

Other posts that resonated with readers:

Stay tuned to Ad Law Access in 2020 for more updates on these issues and other advertising and privacy law issues. Subscribe to our Ad Law News and Views newsletter and other Kelley Drye publications here to receive email communications tailored to your interests.


2019 also saw the launch of the Ad Law Access podcast. Top episodes included:

You can find the Ad Law Access podcast and other Kelley Drye podcasts wherever you get your podcasts.

The current and future definition of what qualifies as an automatic telephone dialing system (ATDS or autodialer) remains a hotly debated and evaluated issue for every company placing calls and texts, or designing dialer technology, as well as the litigants and jurists already mired in litigation under the Telephone Consumer Protection Act (TCPA).  Last year, the D.C. Circuit struck down the FCC’s ATDS definition in ACA International v. FCC, Case No. 15-1211 (D.C. Cir. 2019).  Courts since have diverged in approaches on interpreting the ATDS term.  See, e.g., prior discussions of Marks and Dominguez.  All eyes thus remain fixed on the FCC for clarification.

In this post, we revisit the relevant details of the Court’s decision in ACA International, and prior statements of FCC Chairman Ajit Pai concerning the ATDS definition to assess how history may be a guide to how the FCC approaches this issue.

Continue Reading Taking Stock of the TCPA in 2019: What is an “Autodialer”?