How to Fully Adhere to Do-Not-Call Legislation

Whether you're a small business or large enterprise, the requirements imposed by the Do-Not-Call Act and similar state statutes can create considerable strife within your company's internal ecosystem. In this eGuide, you'll discover how to fully manage your Federal, State and Internal DNC list scrubs, protect against compliance violations, and take advantage of exemptions like Established Business Relationships (EBR) to maximize contacts.

Within this mobile-friendly guide, you'll discover:

  • The 4 broad IT undertakings required by DNC regulations
  • What impact each can have on your business
  • How to fully adhere with DNC & TCPA compliance requirements to avoid penalties, fines & lawsuits
  • Why it could make sense to outsource to an expert

Experience this guide now.


How to Avoid Do Not Call 
Violation Penalties & Fines

In 2003, the United States government signed the Do Not Call Implementation Act into law. This law was designed to address growing consumer frustration with telemarketer calls by imposing limits on who telemarketers are allowed to call and how. Consumers were given the opportunity to add their numbers to a national Do Not Call (DNC) registry that would generally make their phone numbers off-limits to telemarketers.
Under the federal telemarketing regulations, companies engaged in telemarketing are required to get a Subscription Account Number (SAN), which functions as their license to access the DNC database of what is currently over 240 million phone numbers. The database is updated every 24 hours and may be downloaded fresh each day to replace the previous day’s database file, as new phone numbers are continually being added.
It’s a simple system in principle, but in practice it can be a complicated law to comply with. Whether you’re a small business or a large enterprise, the requirements imposed by the DNC Act and similar state statutes can create considerable strife within your company’s internal ecosystem. The DNC tentacles can be especially invasive in your IT department, where 4 broad undertakings are required in order to comply: Federal, State, and Internal DNC compliance, as well as determining whether you qualify for the important Established Business Relationship (EBR) exemption.
In this guide, we’ll take a look at each of these 4 broad IT undertakings required by DNC regulations, what impact each of them has on businesses (including internal resources), and how businesses might benefit from outsourcing DNC compliance operations to an expert.



National Do Not Call List

The National DNC List is a Federal registry where any consumer can add their phone number at any time. To date, it contains over 240 million numbers.

Telemarketing companies are required to obtain a SAN in order to access the DNC database so they can cross-check their call list against it.  Sellers are also required to pay for the area codes in which they need telephone number data, for every area code after their 5th.

Every 24 hours, the DNC database is updated, and telemarketers really should download the most up-to-date version every day, replacing the file from the previous day.  In order to meet federal safe harbor requirement, sellers must download the updated file at least once every 31 days.

Business Impact

Managing a monthly or daily download of 240 million phone numbers and scrubbing your own call list against it is a task that few small businesses have the necessary IT infrastructure to handle, both in terms of hardware and personnel. It’s a huge data operation, more than you can typically manage with programs like Excel or Access.

Crunching this data on a daily basis requires dedicated servers and IT management; small companies entering the market for the first time may not be aware of the scale of these operations or may assume there’s some alternative to obtaining a SAN and required area code data. There isn’t, and the cost alone—of up to $17,500 for all area codes—can be a major pain point for small businesses.

Whether they’ve developed it internally or outsourced it, any mid- to enterprise-level marketer that engages in outbound dialing has to have a DNC solution. In many cases, however, these are ad hoc solutions that have points of friction with other systems in place, and may be long overdue for evaluation and modifications. Consider what is involved for an enterprise-scale company to maintain and update a massive database like this every day, handle any flags and exceptions, and utilize it to scrub a mission-critical call list. A system developed years ago to manage a download of 240 million contacts is very unlikely to be performing this operation in a reasonably efficient way.

If DNC list management is being outsourced, it can be very difficult to tell if the solution is robust enough or if you’re getting adequate support and related services for the money you’re paying. Even when you can clearly identify problems with your current provider, it can be difficult to leave if you have no alternate solution lined up and are not ready to take on the workload.

When DNC lists are being managed in-house, it is vital that companies have the right infrastructure and IT resources to handle it. Downloading the massive files and scrubbing your call list every day can easily be a full-time job, and as such, it can be a distraction from your core competency and requires you to keep current with DNC legislation updates, their impact, and the best ways to implement processes to stay compliant and avoid costly penalties for violating the law.

Why It Could Make Sense to Outsource

With an outsourced provider, you don’t have to worry about becoming a DNC expert out of necessity, and your business can focus on what it’s best at. You can use them as a dedicated IT resource that fits within your existing process.

If you already have an outside provider and want to switch, the new provider can do the heavy lifting of mapping database fields so that your output files remain the same, and the solutions they offer are generally prebuilt to include all the special features you could ever need, and some you probably haven’t thought of yet—for example, restricting calls on national holidays or during states of emergency.

You might also end up with new ways to slice and process your data, for instance, you could run a list of newly-acquired numbers against the DNC database to flag any that are on it, or you can integrate the provider’s system with your own enterprise-level system to verify your adherence to current regulations and automate the process so that the updated database download and scrubbing occurs nightly in the provider’s ecosystem. By plugging into their system via an API, you can quickly and efficiently update the records in your own database.

An enterprise-level DNC scrubbing solution should include more than just a Federal DNC scrub. It should scrub against all applicable state and internal DNC lists, remove serial TCPA litigators, improve overall data hygiene, and provide sufficient flexibility to align with your current business processes and specific needs.


State Do Not Call List

Twelve states have their own separate DNC lists that must be uploaded and scrubbed against if your business makes any calls to their residents. Some of these states also have local regulations, such as holiday and curfew rules, that differ from those in the federal rules.

These state DNC lists are smaller databases, easier to manage with Excel and Access, but issues can still crop up when IT departments have to integrate the state lists with the larger Federal one, despite the possibility of differing formats, and ensure that the company is adhering to all applicable sets of rules and regulations. You also have to manage state licensing requirements for each database you need to access and keep in mind that state legislation is not static and can change very quickly compared to laws at the Federal level, especially when it comes to things like creating new holidays. (Louisiana is notorious for this—making abrupt changes to legislation, dates, holidays, and so on.)  States also vary on how often you need to download their local list and on what the safe harbor requirements are.

Business Impact

Small companies that sell nationally (or in multiple states) must pay for all the area codes they intend to do business in, and they need to be able to obtain and integrate each of the states’ DNC lists into their primary DNC database for scrubbing. While state lists are smaller and easier to manage, the requirement to integrate them with the Federal list does add another layer of complexity and keeping up with state-level legislative changes can be challenging. Companies that operate locally, or within a restricted list of area codes in their own state, can likely handle DNC management on their own.

For larger companies, all of this is typically handled by their IT departments and requires dedicated resources. They need to be able to accept and programmatically install and manage the state lists (up to twelve of them, in multiple formats that can be anything from data tapes to online downloads) into their own database for scrubbing.

Companies that handle DNC management in-house need to stay on top of all twelve states’ schedules for releasing DNC list information and the process for obtaining it and must load that information into their own scrubbing ecosystem, keeping up with all restrictions, flags, and other exceptions all the while. This may be done at scheduled intervals or automated to occur in real time via an API—a complex process, if not necessarily a difficult one.

Why It Could Make Sense to Outsource

When using an outside provider, you can give them a single list of numbers and they can run both the Federal and State scrubs all at once, flagging the numbers on your list that have matches on any of the included DNC lists and accounting for all relevant rules and regulations. An outside provider can also free you from having to worry about changes to state legislation that impact DNC lists, like the creation of new holidays—experts stay ahead of these changes and make updates in real time so that you’re never caught unprepared.


Internal Do Not Call List

In addition to the external Federal and State DNC lists that consumers can opt-in to, DNC regulations also require companies to maintain internal lists of customers who have directly asked the company not to contact them anymore.

Once such an opt out request is made, the company should enter their information into an internal DNC list and propagate it to their entire system right away; any calls made to one of these customers after 30 days is a violation that results in a fine.  Additionally, internal DNC requests often also constitute revocations of prior consent, which requests must be honored immediately.

Business Impact

Companies must record and maintain all internal DNC requests within their own ecosystem, removing or flagging numbers wherever they might be found. This can pose a significant challenge, as a flagged number may not occur within a dialer system, but could on other corporate lists, in BPO databases, and other hard-to-locate places. If you have multiple offices or branches, that only compounds the problem, and DNC requests may come in through various channels and locations. No matter where the request originates, it has to generate updates at every relevant location within the allotted timeframe.

Why It Could Make Sense to Outsource

If you don’t want to maintain your own DNC list repository within your own IT infrastructure, an outside provider can maintain and manage it for you in one of two ways: either by sending your list as a file replacement, or by sending it as an amendment to the current file. A provider should be flexible enough to do whichever is easiest for you and best fits your company’s processes (i.e. you can upload your list nightly, submit a batch file through Secure File Transfer Protocol, or SFTP, or submit automatically through an API integration).

Your provider should give you a copy of your list at the end of each week for audit purposes (or in case you need to switch to a new provider). With outsourcing, you can provide a single list of customers and get Federal, State and Internal DNC scrubbing done in a single operation rather than having to run multiple processes on your own side.

An outside provider should also run internal cleanses periodically and update internal DNC lists by removing ported, reassigned, or disconnected numbers. This is beneficial because it can potentially add numbers back into your list for marketing and sales purposes, helping you achieve greater ROI.

If you’re outsourcing and you want to maintain your own internal DNC list within your own IT infrastructure, you should be able to SFTP a copy of your file for scrubbing and identify the Federal, State and internal DNC numbers simultaneously. You could do this weekly or monthly, replacing the entire list or amending it to match what your provider has.


Established Business Relationship Exemption

Also covered by DNC regulation is the Established Business Relationship (EBR) exemption: customers of a company often have an implicit established business relationship that supersedes prior federal and state DNC registry submissions.

Companies may call their own customers for up to 90 days from the last product or service inquiry, and up to 18 months from their last purchase or financial transaction.  Remember, some state EBR laws vary.  Also, regardless, companies can generally make non-marketing calls (customer service, delivery confirmations, collections calls, etc.) to their customers even if they are on the DNC list.

Business Impact

Whereas Federal and State scrubbing operations flag and remove contacts from your list, the EBR exclusion allows you to add them back in. Companies with up-to-date customer lists don’t have to scrub them against the DNC database, but they do have to maintain them, often manually, which can be challenging because the EBR exclusion can be overridden by state laws (with varying exemption time periods to keep track of and manage).

Why It Could Make Sense to Outsource

If you’re outsourcing to an outside provider, you can provide a list of customers with whom you have an EBR (and the ending dates of those EBRs) and the provider can refrain from scrubbing entries on that list against Federal, State, and Internal DNC lists.

They should also provide reminders of when your EBRs are coming to an end, including cases where state legislation overrides the DNC act and exclusion time periods are variable, and scrub against them after the time period has expired. With an outsourced provider, you get more than just Federal, State, and Internal DNC compliance—their ecosystem allows them to process everything at once and take advantage of all exclusions and additional flags.

The Right Experts With The Right System

If you’re having trouble maintaining these massive DNC databases and keeping up with all of the relevant exemptions and flags that are required just to cleanse one particular list with all of these elements, there’s a good chance you’d be well-served by an alternative solution. The right specialists, utilizing a solution flexible enough to fit seamlessly with your existing internal processes, can transform your business and eliminate the distractions that can result in costly violations, thus freeing you to focus on the things your business does best.

At Contact Center Compliance, we deploy an advanced do not call scrubbing tool called DNC Scrub®. This solution encompasses all of the legislative compliance requirements we discussed above, helping clients minimize their exposure to DNC and TCPA (Telephone Consumer Protection Act) risk.

Our DNC Scrub® solution includes the right ecosystem and IT resources to fully manage your Federal, State, and Internal DNC scrubs in a single job. We offer simple, flexible processes that allow our customers to come to our website and manually upload a list of phone numbers, schedule nightly SFTP jobs, or set up real-time API connectivity. Additionally, you can get real-time updates and increased efficiency from our enterprise-level integrations with platforms you’re already using, such as Salesforce, Five9, Genesys, ActiveProspect, VICIDial and Mitel.

With over 70 billion scrubs performed (and counting), with 0 violations, fines or lawsuits incurred by our clients, you can now market with confidence.

If you'd like to learn more about how we can help your business minimize exposure to DNC and TCPA compliance risk and threats, request a consultation with one of our experts today.

Use our Solution Finder to find the right compliance solution for your business.