The Essential Guide to SMS Marketing Compliance in the US

For SMS marketing practices to remain ethical and legal, compliance with a complex set of regulations is essential. There’s a lot to know about text messaging compliance, shedding light on the key regulations and requirements (especially if your target is US Citizen Audience). These regulations, serve as the compass guiding marketers towards a principled course of action while safeguarding the interests and privacy of recipients.

Lets explore them.

Applicable regulations

There are three layers of Compliance:
1. TCPA – Telephone Consumer Protection Act – This is the federal legislation that governs telemarketing, text messaging, and the Do-Not-Call list. While these laws don’t explicitly mention anything about SMS, it’s been ruled that texts are treated as phone calls under the TCPA. These laws exist to protect people from unsolicited text messages and phone calls.

2. CTIA – Cellular Telecommunications Industry Association – This is a trade group that represents wireless carriers and others in the telecom industry. The CTIA maintains the Short Code Monitoring Handbook which lays out additional guidelines for SMS marketing. The CTIA guidelines align with TCPA laws to protect people from unwanted text messages but extend further to help marketers create a better experience for consumers. In this regard we have the TCPA as a federal law, and the CTIA as a carrier law.

3. Individual Carrier Networks (or MNOs Mobile Network Operators)
Each individual carrier network is privately owned and operated, and as such, they reserve the right to approve, reject, question, or disable any campaign on their network. Some carriers have their own individual Code of Conduct.

The specific requirements for each individual state are outlined in the text below.

Arizona: House Bill 2312

With this regulation a ban on spam text messages was imposed, which prevents SMS marketers from sending unsolicited ads via text messaging. The bill requires telemarketers to receive prior consent before sending automated text messages to mobile phones.

California: California Consumer Privacy Act (CCPA)

Under this act, California customers have the right to request a report on the personal information a company has on them and a list of other companies it’s shared that data between.

To comply with the act, SMS marketers must inform California customers about the personal information they are collecting, provide an option to request data access, update privacy policies with California rights, and offer opt-out methods. Marketers must not send an opt-in request for at least 12 months if a customer opts out of the text messaging program.

Connecticut: Act Prohibiting Unsolicited Commercial Text Messages and Increasing Penalties for Violations of the Do Not Call Registry

In 2014, Connecticut passed a law making it illegal to send unsolicited text and media messages to Connecticut residents (regardless of whether it was auto-dialed or not). Just one text message sent without receiving expressed consent is subject to a $20,000 penalty.

Connecticut is the only state requiring express written consent to receive commercial messages. This law also prohibits SMS marketers from sending texts and media messages to customers listed on Connecticut’s Do Not Call registry.

Florida: Telemarketing Act

This act prohibits telemarketers from sending text messages to Florida customers using automated technology unless they’ve received prior consent. Under this law, telemarketers cannot hide their identity, contact a customer more than three times within 24 hours, or send texts outside the hours of 8 a.m. and 8 p.m. And finally, text messaging applies to the state’s Do Not Call registry.

Indiana: House Enrolled Act 1273

This act expanded current legislation prohibiting “Robo Calls” to include texts, multimedia messages, and all forms of cell phone communication to Indiana cell phone numbers. Also, if an Indiana resident’s phone number is listed on the state’s Do Not Call registry, telemarketers cannot send them unsolicited text messages.

New Jersey: Text Message Privacy Law, A-617

Text messages sent to residents of New Jersey are subject to a new law, A-617, that requires companies to receive permission before sending them, which could result in charges or affect their text allocations. SMS marketers must provide recipients with an opt-out option and provide details on the number of messages they sent.

Oklahoma: Oklahoma Telephone Solicitation Act

This act prohibits SMS telemarketers from messaging an Oklahoma resident more than three times about the same subject within 24 hours. It also forbids companies from sending SMS texts after 8 p.m. and before 8 a.m. And like Florida’s bill, the Oklahoma act prevents companies from sending messages using automated systems without the customer’s prior consent.

Virginia: Virginia Telephone Privacy Protection Act

This act covers customers with Virginia area codes and those with non-Virginia area codes which reside in the state. SMS marketers must also clearly and accurately identify themselves in text message communication. And to top it off, the amendments also increased the damages associated with violations.

Washington: Washington’s Consumer Electronic Mail Act (CEMA)

Under this act it’s illegal for marketers to send commercial text messages without prior permission.

According to Wisconsin law, if your phone number is listed on the Wisconsin No Call program, you are protected against unsolicited calls and texts.

Wisconsin: Do Not Call Law

According to Wisconsin law, if your phone number is listed on the Wisconsin No Call program, you are protected against unsolicited calls and texts.

Requirements:

Express Written Consent

Informational – Express Consent	Promotional – Express Written Consent
The Consumer should give express permission before a business sends them a text message. Consumer may give permission over text, on a form, on a website, or verbally. Consumer may also give written permission.	The Consumer should give express written permission before a business sends them a text message. Consumers may sign a form, check a box online, or otherwise provide consent to receive promotional text messages.

Aside from this, it’s recommended that you use double opt-in method to confirm the recipients’ subscriptions to SMS. Double opt-in text messages will help to confirm the phone number provided by the recipient is legitimate and correct, capture an electronic record of the recipient’s consent, as well as provide a way for the person to opt-out in the initial stage. (this is not something you shoud prefer doing, but it shows transparency from your side and the intent to be compliant).

The Call to Action – Encouraging or Inviting a Customer to Opt-in

You will need to provide:

Product description	Message frequency	Complete Terms & Conditions or link to complete Terms & Conditions	Privacy Policy or link to the Privacy Policy
Customer Care Contact Information (send Help for help)	‘Message and Data rates’ disclosure	Opt-out instructions, such as: ‘Send STOP to stop receiving communication’	STOP keyword

Terms & Conditions Requirements

Program/Brand name	Description of the Program	Opt-Out Information
Message frequency	Customer Care Contact Information	‘Message and Data rates’ disclosure

There are no specific requirements for the Privacy Policy, however it is important to be transparent with the data subjects, so we strongly advise to include this in the Privacy Policy as well.

Prohibited Content

Spam	Depictions or endorsements of violence	Profanity or hate speech
Fraudulent or misleading messages	Inappropriate content	Endorsement of illegal drugs

Sending Time-frame

The TCPA (Telephone Consumer Protection Act) stipulates that text messages may only be sent between 8 a.m. and 9 p.m. in the time zone your recipient is in, however certain states have more restrictive rules. In this regard, you will need to take into consideration the different time zones the recipients will be at.

Some additional things to be aware of are:

Data Retention:

To protect yourself from future disputes, it’s advisable to maintain each contact’s consent for at least four years from that date in which it was given, which is the federal statute of limitations for bringing an action under the Telephone Consumer Protection Act.

Time Zones:

Please make sure that the messages are send at the appropriate time zone. Also, as you might have notices most of the timeframes in the state legislation are from 8am.-8pm.

Frequency:

Please pay attention of the state rules that provide a limitation of up to 3 SMS about the same subject within a 24hour timeframe.

Evidence of Consent:

Please be aware that you need to have a clear record of the consent obtained. In addition, this requires a clearly defined tick box on the registration page with explicit wording. Example: ‘I agree to receiving SMS’.

As SMS marketing continues to innovate and connect, adherence to compliance isn’t just a legal requirement – it’s a testament to your dedication to maintaining genuine relationships. We’d love to hear from you and help you ensure your SMS marketing campaigns are compliant and ready to reach a receptive audience ethically.

For questions about the next steps, call us on +1 303 317 5998 or write to us at [email protected].