S2 E14: Telemarketing Regulations Update Spring 2024

S2 E14: Telemarketing Regulations Update Spring 2024

Transcript

Jordan Eisner: All right. Welcome to Compliance Pointers. I’m your host, Jordan Eisner. We’re back from spring break and got an exciting show podcast listening session today with Steve Gniadek who’s been on previously, and Tony Jarnigan, both have been on previously.

Steve’s been with CompliancePoint for over 20 years, I’d say is quite the resource in the telemarketing compliance space. I know it’s what he always dreamed of as a child.

Steve Gniadek: You called me Guru last time.

Tony Jarnigan: Mr. Compliance. He was called Mr. Compliance.

Jordan Eisner: Mr. Baseball, Pittsfield, Massachusetts, you name it, you got it.

Tony, let’s see, four or five years of CompliancePoint.

Tony Jarnigan: Wow. We’ve doubled my time since the last time we were together.

No, I did celebrate my two-year anniversary since the last time we were together, Jordan. But last time it was coming up on two years and now it’s just over two years.

Jordan Eisner: Last time I think I got it right.

Tony Jarnigan: You did.

Jordan Eisner: I have egg on my face. I thought you had been here before the pandemic, but maybe not.

Steve Gniadek: I think last time I just chimed in, although he’s only been here two years, he has been in this compliance space a lot longer than that.

Jordan Eisner: Well, today we’re talking about some potential rule changes with the FCC’s TCPA, Telephone Consumer Protection Act, and the FTC’s Telemarketing Sales Rule. Some small things like calling time restrictions, record-keeping obligations, maybe some rules around B2B calls, and then like everybody else, they’re trying to jump on the AI before it becomes too prevalent and make sure we’ve got some rules or at least guardrails around that.

We’ll talk about those things, but first and foremost, have you set time aside to watch the solar eclipse today? Are you both going to be working right through that?

Steve Gniadek: Got my glasses right here.

Jordan Eisner: Nice. Tony?

Tony Jarnigan: Got my glasses ready to go as soon as we get done with this podcast.

Jordan Eisner: I think I was told about three o’clock here. It’s the best time outside of Atlanta, but you’re in Florida, what were you told?

Tony Jarnigan: It’s going to be shortly after three. So what? We’re about 600 miles south, or 400 miles south of you guys. Around the same time, but I’ve got a couple more calls in between this and the eclipse, so we need to get rocking and rolling here.

Jordan Eisner: We need to get through this podcast so we can stare at the sun for a few minutes.

Well, good deal. Looking forward to that. We’ll dive right in. Let’s talk about the Do Not Disturb Act. That’s a federal bill proposed in the House, it includes TCPA amendments. Give us a rundown of what this bill would do if it is indeed passed.

Tony Jarnigan: Yeah, it was proposed, as you said, it’s proposed in the House on the federal level in Congress on January 29th. So it’s important to note at the outset that it’s not passed. We don’t know where it’s going yet. We’re tracking it feverishly though, rest assured. But the different portions are currently in different committees and subcommittees. But yeah, it would be very significant if it passes.

It would present a new model as to how I think we would look at things. Just as a backdrop first, we’ve seen and talked about a number of different new FTC and FCC rules recently. The one-to-one consent rule that we talked about the last time that we were together on the podcast, the revocation of consent rule that’s been featured in our blog posts. Those, as we’ve noted specifically, seem to apply to robocalls and robotexts or those using automated technology. But as I pointed out on the other podcasts and I’ll point it out again, as we know that under the 2021 Facebook decision, when the Supreme Court narrowed the definition of what constitutes an ATDS, it didn’t leave many platforms or any of that we know of that are in scope. So we’ve been wondering how these rule changes would impact our clients who arguably are not using an ATDS under that SCOTUS definition.

But I think this proposed law would level set things and bring more of those platforms into scope and I think that’s the intent is to bring more in scope for what the rules are applied to. So how would it do that?

So it changes some important definitions or would report to change some important definitions. The bill is specific and such terms as automated telephone equipment, calls, automatic telephone dialing system are to be replaced with the term robocalls. It would specifically define robocall as a call or a text set using equipment, including an automatic telephone dialing system or an ATDS that calls or texts a stored telephone number or a telephone number produced using a random or sequential number generator. Or an artificial or pre-recorded voice message or an artificially generated message.

But it also says it does not include one that requires substantial human intervention.

Steve Gniadek: And the problem with that is they have not defined substantial.

Tony Jarnigan: So yeah, so we’re back to having a great amount of subjectivity in play. It seems to me like that we’d be back to different courts ruling differently as to how much human intervention is enough or not enough to constitute a robocall.

So again, just to sort of sum up there, we’re looking potentially at a different paradigm or model, in my view, of dialing platforms and what would be in scope under the new definition. It seems to me that if this bill passes, we could be talking about what constitutes a robocall, right, versus what constitutes an ATDS.

Jordan Eisner: Which must be just the way they like it.

Tony Jarnigan: Right.

Jordan Eisner: Because we had that lack of clarity, uncertainty, different courts previously. The Facebook situation seemed to put that to rest for a little while. Now here we are. I know states have been passing different laws. Now this is being proposed. Now, of course, this isn’t in play yet. So perhaps nothing happens of it. But to me, this is a step back into that and maybe even more. You know, looking at some of the other parts of the proposed bill, maybe even more restrictive.

Tony Jarnigan: Oh, absolutely. To your very point, I mean, that’s just the beginning of it, right? There’s a whole lot more to it. If that wasn’t enough, it also proposes shortening federal call times. Currently, federal call times are 8 a.m. to 9 p.m. But if this law passes, they would be 9 a.m. to 5 p.m. I know that’s shocking to a lot of people listening. So it would shave off an hour at the beginning and four hours at the end. Total of five hours of less calling time. Obviously, this would have a huge impact on businesses and connect rates. Who’s going to answer phone calls during business hours?

So just to run through a number of other different provisions here, we see a lot of focus on deception and abuse on outbound calls. This law would also impose standards on inbound calls. So if you’re using advertising to generate inbound calls, you’re no less expected to use to make sure you’re being above board. In terms of not being deceptive or abusive on those inbound calls, just the same as you are on outbound calls.

It would require you to disclose, as you pointed out earlier, Jordan, at the beginning of the call or the text if you’re using AI and it would impose doubled penalties under the TSR.

Jordan Eisner: And does it define AI?

Steve Gniadek: Probably any artificial voice.

Jordan Eisner: Yeah, because I’m thinking the usage of AI. And not just necessarily a voice on the call, but it seems like even in the back end, AI could be utilized to generate these calls or texts or something to some nature. I just wonder how far that can go and be used should this be passed.

Tony Jarnigan: Right, and if there’s any, you know, and again, we could be the same place there as we have been with ATDS, right? What constitutes AI? But, you know, if there’s any question, you know, the point is to make sure you’re disclosing it up front. Again, either on the call or the text.

Also, significantly, it redefines telephone solicitation. I think that this could be a good thing here. It’s been defined as a call or a message to encourage the purchase of property, goods or services. But this law, if passed, would amend the definition of a telephone solicitation to be calls or text messages transmitted for the purpose of deception, fraud, or wrongfully obtaining anything of value.

So from that perspective, it seems to me, at least, that there’s an attempt to sort of make these certain portions of the proposed law applying more to the bad actors out there instead of inadvertently capturing the good guys, it seems to me.

Jordan Eisner: I guess maybe repeat that piece just there. So what definition is it changing?

Tony Jarnigan: The definition of a telephone solicitation. Telephone solicitation, that’s interesting. Because I know historically, right, telemarketers have been given a pretty bad name over the years. But a lot of times in our work, we’ll talk with prospective customers or even current customers and we’ll say, well, you know, that’s a telemarketing call. No, we’re not telemarketers. We don’t telemarket. And we’ll say, well, actually, technically, under the definition, right, if you look at it in this state, if you look at it in this federal requirement, you are a telemarketer per this definition.

But this really seems to sort of adopt the public perspective of a telemarketing call these days, which is almost not a legitimate call, one to deceive or something of that nature. Or I know it’s a solicitation, but still, to me, that’s a pretty brave definition.

Tony Jarnigan: Again, just to be clear for our listeners, it would include calls or text. Telephone solicitation would include calls or text messages transmitted for the purpose of deception, fraud, or wrongfully obtaining anything of value. So I will have to see how it plays out, but I think to your point, it could be potentially a good thing to sort of weed out the bad guys as opposed to the good guys.

Steve Gniadek:  If it works, though, you know, I think a lot of these rules are intended to curb those bad actors, but the bad actors don’t necessarily always care about compliance. So it’s just to see what happens there.

But, you know, that’s the thing, Jordan, too. You mentioned this, and that is a common misconception even when we’re dealing with, like you said, prospects. A lot of people don’t think they’re telemarketing because someone has asked them about goods or services and are given consent to get calls. So they don’t feel that they’re telemarketing. They think telemarketing is only placing cold calls from purchase lists or something like that, where that’s not necessarily true. It’s if you’re trying to sell goods or services over the phone. So we’ll see what happens with that.

Tony Jarnigan: I heard that again just last week from a potential client.

But again, just to sort of put a bow on this one, they are a long ways from passing the House, let alone both Houses of Congress. But, you know, my personal opinion is if there’s anything potentially that both parties could agree to, it could be an attempt to curb unwanted phone calls and targeting bad telemarketing actors. So we’ll see. But as I mentioned before, we’re tracking this one for sure.

Jordan Eisner: No good information there, Tony. Thank you.

So moving along to the record-keeping requirement obligations and new rules at the FTC is established with the TSR. I think before we talk about what the new rules are. And what records we’re talking about, it probably be, I don’t know, maybe I’ll put you on the spot here a little bit, but. Just a quick, a lot of times people don’t even know what rules are supposed to be already or what records are already supposed to be maintaining right in the minimum time periods.

Maybe just a quick synopsis on what was in place previously or what are the record-keeping requirements? Then what are the new rules under the FTC TSR now?

And then what are those specific records that we’re talking about?

Jordan Eisner: Yeah, well, thanks. Thanks for putting me on the spot there, Jordan. No, just kidding.

No, that’s a great point. You’re absolutely right. We hear it all the time. Wow, these are already been in place. I need to be keeping that record?

And not only that, but even if clients know the records that they’re supposed to be keeping, one of the things that we’ve seen is an inability to produce those records. So this goes to there’s under this new rule will be enhanced accessibility, right? So, you know, you got to make sure your records are accessible and you can produce them.

We’ve seen many clients that sure, they can tell you details around if you give them a specific phone number, they can give you details around that number. But if you ask for comprehensive dial records, say for a specific month or larger time period, they have a big challenge. So you have to make sure that not only do you keep the records, but you can easily produce them.

Also, certainly a wider, what is expanded scope? There’s a wider array of records that you’re going to be expected to produce, some fairly eyebrow-raising in our view. We’re going to look at those.

The retention period requirements have been have been two years and now you’ll need to keep those for five years. And also where there’s been a requirement around, you know, between sellers and BPO’s or even figure employees, it’s five years from the end of the contract or the end of the employee’s employment. So, yeah, five years from the end of those time periods.

Steve Gniadek: Just to add some clarification of the retention period, there were some things, you know, for example, some things that were at two years opposed to five years, some things are at five years, some are at 10 years.

You know, an example might be keeping records of expressed written consent for two years. We’ve always advised our clients that they should do to, you know, the statute of limitations to keep records for a period of five years. So a lot of records, I think they may. By they, I mean, clients that are placing these outbound calls might already have a lot of these records. But like Tony just alluded, it’s a matter of compiling them and getting them in an adjustable format and matching up the records with each call and things like that. So there is going to be some lifting here. But, you know, I don’t know how much heavy lifting for a lot of these companies that are already keeping decent records.

Tony Jarnigan: Yes, if they are, in fact, doing it for five years, like we’ve been recommending. But Steve mentions format too, right? So one of the formats, one of the new formats, especially for international numbers, is you need to be keeping your records in UTC time or coordinated universal time. Anybody know what that is? That’s that’s where you, you know, you start with Greenwich. Meantime, I don’t know if we can get into the weeds or not, but you can look it up, but coordinated universal time or UTC time. And it’s where each time zone is allotted a number of minus or plus, you know, Greenwich mean time. So anyway, so you have to be able to keep this. Again, especially for those international numbers, you need to be keeping your records in UTC time.

So and then also, I would just add to it goes into effect around six months. So we’re looking at 180 days after publication in the Federal Register. I don’t think it’s been published in the Federal Register yet. I just checked again recently, but it could be presumably any day and then 180 days from that. So we’re looking at about six months or so from now.

Jordan Eisner: And Steve, you made a good point, right, for you don’t think the new obligations are going to be too difficult for companies that already have good record-keeping processes?

Steve Gniadek: It, you know, obviously, storage capacity and storage space and depends on what you’re keeping. So it could, from that perspective, cause people to have to spend a little bit more money for storage and things like that. You know, but again, if you’re keeping good records, it should be a matter of just being able to go into the dialing platform where your CRM and Polos record that and just make sure they’re organized and good.

So I don’t want to downplay it. It will be for some, but it’s also not as huge as changing the definition of what an ATDS is, for example. I wouldn’t think.

Well, tell me this then. Organizations that maybe are struggling, right, with our requirements are now and now it’s even more rigorous than it was. Right. What do you recommend? Right. How can they bolster processes, policy training, yada, yada, yada, right, to help comply with the record-keeping requirements?

Steve Gniadek: Well, obviously, they’re going to need to do audit and review and see what records do we have, how quickly can we get them and also just match it off the list of these are the records that are supposed to be kept. Just make sure they have it.

You know, for example, caller ID. You’ll need to be able to demonstrate what caller ID number was displayed on each and every outbound call at the time that call was placed.

So, again, something like that should be able to pull that from the CRM, you know, might be a little bit more difficult for some than others. But it’s again, it’s a matter of, you know, don’t blow away or delete your records after 60, 90 days. You’re going to have to keep them for those five years.

Training and educate. You know, your staff, probably IT department and what records are kept and how quickly you can get to them. And you might have to invest in a little bit more in your compliance infrastructure and just, you know, like I said, just go through the list, compare what records are required to be kept and how easily can I access and get those records?

You know, things like internal do not call requests. For example, typically now we say if someone makes that request, you just accept it, honor it and don’t call it again. Right. But even with the internal DNC request, if you have the name, you have to make sure you keep track of that name. If you again, even with that outbound call, what the time that request was made, what was that call about? Things like that. So the clients really just going to need to go through their record-keeping retention documents. And the processes and just making sure they’re able to meet these new requirements when they went into effect.

Tony Jarnigan: Right. But just to be sure, I mean, there are some very specific or additional requirements. I mean, Steve just mentioned internal do-not-call requests. Right. So, you know, now they’re saying that you have to be able to include in your records the goods or services that were being offered at the time the internal do not call request was made. Right. So, I mean, if you’re a seller and you’re you only sell specific kind of widgets or whatever, it’s probably pretty easy. But if you’re a BPO calling on behalf of a number of different clients and you’re offering a lot of different goods and services, you got to keep records now of the goods and services that were being offered on that specific phone call.

Jordan Eisner: And so for the listeners that are only placing B2B calls that have been anxiously waiting for this update. What was the real change in impact to B2B calls?

Steve Gniadek: I don’t think when I first saw that headline or the tagline or whatever you want to call it, I got to move because I initially thought, okay, well, this just means that B2B calls are now going to need to suppress against the federal DNC list as well as DNC list. And that wasn’t necessarily the case. What they’re trying to do again, to go back to those bad actors out there is prohibit misrepresentations and false or misleading statements on these B2B calls. Again, anyone that’s listening to this podcast or one of our clients or looking at our website probably aren’t doing false or misleading things when it comes to B2B calls. So, I’m not quite sure that that would have as big of impact as what some are making it out to be.

Tony Jarnigan: Exactly right. And to Steve’s point too, right, nothing near changes regarding or any kind of requirement to scrub true business numbers against the federal DNC. You don’t have to do that. Pennsylvania is the only state that requires that on their internal or on their state DNC list. By the way, though, Missouri has a current proposed law where they could become the second state that requires you to scrub against their do-not-call list for business numbers.

Jordan Eisner: And we’re probably dipping a little bit into opinion here too, but doesn’t Colorado, historically, don’t we advise something around Colorado too, just because there’s been some case law in the past where a personal number was put or a business number that was also a personal number was put on that DNC list?

Steve Gniadek: Yeah, yeah, there’s just not too much clarity when it comes from Colorado on that. That was one case that was many, many years ago. It was an at-home-based business. There was like a realtor using their cell phone, posted it on or even their landline. I don’t remember which it was back in 2007, I think, but they listed their business number or their personal number on a business website. Therefore, people were treating as a B2B call when it was actually the residential line. It was on Colorado State do not call list. And so there was an enforcement action there.

Jordan Eisner: Back in 2007. So what you had been on compliance point for three years at that point. So you are much like a young Tony Jarnigan.

Steve Gniadek: Four years at that point.

But let me point out Mississippi also not to get into the weeds. I know it’s not really a topic of this conversation, but Mississippi also had a state DNC list along with Pennsylvania that would allow business numbers to be put on the Mississippi state DNC list. They did away with that state DNC list about this time last year. There was a proposal to come out with a new Mississippi state DNC list. It would be a no exclusions list, meaning. If the numbers on that list, you can’t call it even if you had express written consent.

We just recently became aware did fail the second part of that test, so it passed the House vote, but it did not pass the Senate vote. So as of now, we’re Mississippi is not coming out with a new state DNC list, but we could see other states in the future come out with something like that. So we’re just we’re keeping our eyes out on things like that.

Jordan Eisner: OK. Lots of good information Steve Tony. Thank you guys. I think that’s a wrap for today for our listeners and I want to thank everybody for listening.

As a reminder, we produce content like this regularly, so please subscribe, leave us a review and if you have interest in what else CompliancePoint has to offer or inquiring about our services and how we might be able to help your organization. Please don’t hesitate to reach out. You can go to our website compliancepoint.com. You can reach out to Steve, Tony or myself on LinkedIn.

We’ve got a basic email that you can email into connect@compliancepoint.com. You could even schedule a meeting from a website, so many different avenues and ways to connect with us.

Please don’t hesitate if you have questions or concerns until next time. Thanks everyone. Thanks everyone. Thank you.

Let us help you identify any information security risks or compliance gaps that may be threatening your business or its valued data assets. Businesses in every industry face scrutiny for how they handle sensitive data including customer and prospect information.