It’s easy to understand why businesses are texting their customers more. SMS messages generate open and response rates as high as 98% and 45%, respectively, in contrast to 20% and 6% for email, and the average text click-through rate is 19.3%., compared to 4.2% for emails.
Quick, effective, personalized – there's no better or easier way to reach and engage your customers than through texts. Despite this, business text messaging is still subject to federal regulations which companies need to comply with, especially if they want to avoid costly penalties and damage to brand reputation. Whether using texting as a marketing, customer service or onboarding tool, knowing how to safely text your customers ensures your outreach strategy is both effective and compliant.
Without understanding proper legal protocol, you may unknowingly send unsolicited text marketing messages or spam your audience with irrelevant information, products, services, or offers. Regulations like TCPA, CAN-SPAM, GDPR, and CASL have stringent requirements and guidelines for businesses to follow before and while they text their customers.
In this post, we’ll look at these laws that govern business text messaging, the consequences for failing to abide by them, as well as the best SMS compliance practices for your company’s texting strategy.
What are the text message marketing laws?
The Telephone Consumer Protection Act (TCPA) is the primary anti-telemarketing law and the leading regulator of SMS marketing. TCPA is governed by the Federal Communications Commission (FCC) and has been amended numerous times to protect consumers from receiving unsolicited and unregulated calls or messages, including from any business that communicates with consumers via text.
Under the TCPA, businesses cannot send messages to consumers without their express written consent. This means that even in cases where the consumer has provided their phone number, or has an existing relationship with the company, the business still needs to ask for permission before texting the individual.
The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) was developed by the Federal Trade Comission (FTC) to supplement the TCPA and combat businesses from sending unsolicited messages containing explicit or offensive content. In other words, CAN-SPAM makes it illegal for businesses to send unwanted text messages to wireless devices.
CAN-SPAM dictates that business text messages must be easily identifiable as an advertisement or sales pitch by consumers and must include the option to unsubscribe. Consent to sent business text messages is required for all messages with the exception of informational messages such as purchase status, delivery notifications, etc.
The General Data Protection Regulation (GDPR) applies to any company doing business within the European Union (EU). It is the central regulation for the protection of all EU citizens’ personal data.
While not explicitly about business text messaging, GDPR has principles that businesses must adhere to when choosing to text customers in the EU. Regulations such as obtaining consent, reporting security breaches within a set timeframe, consumer rights to access their personal data and/or ask for it to be removed and more all must be considered before texting EU customers. GDPR applies to all business text messaging and data security in general.
Canada's Anti-Spam Legislation (CASL) regulations apply to any commercial electronic message sent to or from a Canadian computer or wireless device. This includes emails, instant messages, SMS text messages and some social media messages that contain a message related to business activities. It is set to protect consumers and businesses alike from the misuse of digital technology and communications.
Best Practices for SMS Compliance
Each of the above regulations has specific criteria to determine compliance, but there are several common themes or requirements across these regulations that your company should consider to maintain best practice compliance.
Get written consent.
Most regulations require consent to contact consumers. Some, like TCPA, require ‘Express Written Consent’. This doesn’t mean customers need to sign a formalized form, but instead means that customers must give their explicit consent in a manner that must be documented and saved. This can be either an online or paper form stating the customer is subscribing to receive communication or customers can text a keyword from their phones that serves as consent to join your SMS database. Essentially, regardless of the form it is presented in, the consent statement must be clear and conspicuous, so the recipient knows what they’re signing up for.
Send opt-in disclosure message.
Once a customer expressly consents to receiving messages, best practice is to follow up with a comprehensive disclosure message including your company name, the purpose of messaging, the frequency of messages and data rate notices, as well as instructions for both requesting help and opting out.
Communicate terms and conditions.
Customers need easy access to the legal terms and conditions of your SMS communications policy. You can provide this with a link in the initial disclosure text and also notify your subscribers whenever terms and conditions change.
Include business info in all messages.
Whenever you contact a customer, provide them with your name, the name of your company, and a phone number or email address where they can reach you. Also be sure to only communicate with customers during business hours; usually after 8:00 AM and before 9:00 PM.
Give customers ways to opt-out.
Your messages must always provide a clear way for people to opt-out. For example, set up response capabilities so that customers can text the word ‘STOP’ to cease all text communications and/or frequently alert subscribers on how to opt-out.
Respect the Do Not Call Registry.
Businesses are not allowed to contact people listed on the national Do Not Call Registry, created by the TCPA to prevent unwarranted messages. And to respect the privacy of customers who don’t wish to hear from you but are not on the Registry, maintain your own “Do Not Contact” list and honor requests for at least five years.
To maintain the safest compliance posture, always stay current on regulatory updates that affect how your business is legally required to interact with customers through text and phone.
Be careful of how you import/export contacts. Consent given to receive communication in one channel doesn’t mean blanket consent across all channels. For example, if you export phone numbers from your CRM to add to a texting account, you need to obtain consent to message these people since texting is a new marketing channel.
Consequences of Breaking Business Text Messaging Laws
Even just one mistake with text messaging compliance can result in sustainable penalties and fines.
For instance, noncompliance with TCPA regulations – whether failing to obtain consent, disclose marketing terms or protect consumer privacy – potentially subjects your business penalties up to $500 for each text or phone call, a staggering amount if you consider that some companies send out millions of business text messages per month. Health supplement provider ViSalus for example, was recently fined $925 million after making approximately 1.8 million unsolicited robocalls.
Violations of CAN-SPAM, CASL and GDPR all come with their own potential hefty fines:
- CASL - your business may be required to pay an administrative monetary penalty (AMP), with a maximum amount, per violation of $10 million.
- CAN-SPAM - each separate violation is subject to fines up to $46,000.
- GDPR - Infringements on GDPR are marked by two tiers. The first could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year. The second, for more serious infractions, could result in fines up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year.
In addition to potential fines, your company may also be subject to class-action lawsuits. More recent infamous instances include Uber’s $20 million settlement for sending unsolicited text messages to drivers and riders and Jiffy Lube’s $47 million settlement for sending unsolicited text messages advertising a discount on oil change.
Beyond the easily tracked financial hits that come with non-compliance, violating these regulations puts your company at risk damaging your brand and churning customers.
Always use protection
Text messaging is arguably the most powerful way to reach your clients and engage with them on a channel they prefer. With countless opportunities to upsell, provide seamless onboarding, deliver exceptional customer support, and more, business texting is the foundation of an effective, ROI-proven outreach strategy – as long as you stay compliant.
Statflo’s leading business text messaging platform was designed with safe texting and compliance in mind. With built-in features like smart filtering to block inappropriate language and content, as well as DNC management tools to automatically handle opt-outs, Statflo is the only fully compliant SMS platform available on the market.
More than this, with a dedicated customer success manager for each account and coaching tips so your staff always fully understands legal and best practices, Statflo is always there to support you and make sure your business texting strategy follows industry standards and local and national regulations.
For more information, download our Text Messaging Compliance Whitepaper now.