Meeting the requirements of federal and state Do-Not-Call laws (DNC) is a key component of telemarketing compliance. The National Do-Not-Call Registry is a national database that permits consumers to register their telephone numbers to prevent unsolicited calls from telemarketers and others. The DNC rules generally prohibit companies from placing telemarketing calls to consumers whose numbers are listed in the National DNC Registry, subject to certain exceptions. In addition, consumers may elect to be added to a company’s internal, company-specific DNC list.

How do companies effectively monitor the National DNC Registry to ensure compliance and avoid litigation under the Telephone Consumer Protection Act (TCPA) and related state laws? This legal alert discusses five key tips for implementing and maintaining an effective DNC compliance policy.

1. DNC Compliance Requires Checking Both Federal and State Registries

Federal regulations require that companies engaged in telemarketing scrub their calling lists and databases to avoid calling numbers listed on the National DNC Registry. While many states have adopted the National DNC Registry as their official statewide registry, 12 states including Colorado, Florida, Indiana, Louisiana, Massachusetts, Mississippi, Missouri, Oklahoma, Pennsylvania, Tennessee, Texas and Wyoming continue to implement separate state registries. Residents in these states may register their telephone numbers on their state’s DNC list, and companies must abide by state DNC rules in addition to federal rules. A handful of states permit a consumer to file a private lawsuit for state law violations of the DNC rules, similar to TCPA litigation under federal law.

As a result, companies seeking to implement an effective DNC compliance policy must ensure that their employees and third-party vendors check their call lists against all applicable DNC databases before placing calls to consumers.

2. Put It In Writing: A Company-Specific DNC List Requires a DNC Compliance Policy, Implementation and Tracking of Opt-Outs

Under the TCPA, companies may not make telemarketing calls to consumers who have requested not to receive calls made by or on behalf of specific companies. Companies must, therefore, maintain company-specific DNC lists. Companies may not make telemarketing calls (or have third-parties make calls on their behalf) unless, and until, they have implemented procedures to maintain their internal DNC list. Stated differently, companies must honor requests to stop calling, and maintain procedures for doing so.

TCPA rules articulate minimum standards for company-specific DNC compliance, including:

  • A written policy. Companies or third-party vendors engaged in telemarketing should have a written policy, available on demand, for maintaining a company-specific DNC list;
  • Recording DNC requests. If a company making a call for telemarketing purposes (or on whose behalf the call is made) receives a request from a consumer not to receive calls from that company, the company should record the request and place the subscriber's name, if provided, and telephone number on the company-specific DNC list;
  • Honor DNC requests promptly. The consumer's DNC request must be honored within a reasonable time, but no later than thirty (30) days from the date of the request;
  • Affiliated person or entities. The consumer’s DNC request applies to affiliated entities, if the consumer reasonably would expect them to be included, given the identification of the caller and the product or service being advertised;
  • Training of personnel. Personnel participating in telemarketing must be informed and trained in the existence and use of the company-specific DNC list;
  • Confidentiality. A consumer's DNC request may not be shared with any third-party, other than the entity on whose behalf a telemarketing call is made or its affiliate, without the consumer's prior express consent; and
  • Maintenance of DNC Lists. Under federal law, a company-specific DNC request must be honored for five years from the time the request is made (state laws vary).1

3. Know the Limits of the Established Business Relationship Exception

Federal DNC regulations provide an exception for calls to current consumers or those who have recently requested information from a company. Companies may call a consumer listed on the National DNC Registry when, the seller or telemarketer “can demonstrate that the seller has an established business relationship (EBR) with such person, and that person has not stated he or she does not wish to receive outbound telephone calls.”2 Under DNC rules, a company has an established business relationship with a consumer if: (a) the consumer has entered into a transaction with the seller within the previous 18 months, or (b) the consumer inquired about the seller’s goods/services within the previous three months.

State DNC rules can vary, however, on the scope of the EBR exception. Although many state laws are harmonized with federal laws, certain states have imposed EBR rules that are more restrictive than the federal rules. There are generally two areas of divergence between the state and federal EBR rules. First, some states implement an EBR exception that extends for a shorter amount of time than the 18-month period provided under the federal rule (generally 12 months). Second, some states implement a more restrictive EBR definition that does not permit communication based solely on a consumer inquiry.

4. Maintain DNC Compliance Policies and Procedures to Avoid Litigation Risks

DNC violations can create significant litigation risk under the TCPA. Class action lawsuits are common, and with statutory damages of $500 per call (and up to $1,500 per call for willful violations), exposure can escalate rapidly into the millions of dollars. In one notable (and extreme) series of cases, courts have entered judgments for more than $300 million against a company for systemic DNC compliance failures. The wave of litigation is likely to continue.

One key mitigation strategy for DNC is to qualify for the “safe harbor” provision for bona fide errors. FCC rules permit companies to avoid liability for inadvertent calls to numbers on the National DNC Registry, provided each company has certain procedures in place. In order to invoke the TCPA’s safe harbor provision, companies must demonstrate that, as part of the seller’s or telemarketer’s routine business practice, they have:

  • Established and implemented written procedures;
  • Conducted employee training;
  • Maintained and recorded a list of telephone numbers the seller or charitable organization may not contact;
  • Established a process to prevent telemarketing to any telephone number on the National DNC Registry;
  • Checked call lists against a version of the National DNC Registry obtained within the past month;
  • Maintained records documenting this process;
  • Monitored and enforced compliance with the procedures; and
  • Purchased the National DNC Registry without participating in an arrangement to share costs of access.3

This safe harbor provision, although limited to calls made as a result of bona fide error, underscores the need for companies to implement a comprehensive DNC compliance policy.

5. Keep it Straight: DNC Compliance is in Addition to TCPA Autodialer Compliance

One common misconception is that compliance with DNC rules alone is sufficient to avoid TCPA liability. The DNC compliance is only half the battle. The TCPA requires that companies obtain consent – written or express – prior to autodialing, sending prerecorded messages, or blast texting. These requirements are separate and distinct from, and in addition to, DNC requirements.

For instance, companies may not make autodialed telemarketing calls to consumers, even after checking the National DNC Registry, unless the consumer has provided signed written consent to receive autodialed calls. Similarly, companies calling consumers under the EBR exception (consumers with whom the company has recently done business) are permitted to make manual calls under DNC rules, but cannot make autodialed calls without prior express written consent. TCPA regulation is a multilayered set of requirements; therefore, an effective compliance program must consider both DNC and autodialer rules.


DNC compliance is an important part of any telephone marketing campaign. With the ongoing wave of lawsuits alleging DNC violations, companies will need to maintain a focus on its compliance efforts to mitigate their potential risks under the TCPA.