Despite the U.S. Supreme Court’s favorable ruling in Facebook, Inc. v. Duguid, 141 S Ct. 1163 (2021), cases alleging that businesses violated the federal Telephone Consumer Protection Act (“TCPA”) and/or similar state statutes by making unauthorized telephone calls and/or sending unsolicited text messages continue to be filed. Often brought by opportunistic plaintiffs, these cases call for a careful examination and a vigorous defense.
No business should just accept the allegations made in a TCPA case (or, for that matter, in any action) at face value. Instead, if sued for allegedly violating the TCPA and/or a comparable state statute(s), a business should consider promptly taking the following “top ten” steps:
- First, the business should engage experienced defense counsel – familiar with the law and the relevant technology – who can assist with the investigation and the defense of the lawsuit. Investigations generally should be conducted under the auspices of counsel to hopefully shield the work product from discovery. The business and/or its counsel may also decide to retain an expert(s) to assist with a forensic investigation.
- Second, taking into consideration the specific facts alleged, the business and its counsel should carefully review the TCPA and any applicable state statute(s) to ensure they have a full understanding of all potentially relevant statutory prohibitions, defenses, and definitions.
- Third, if and as necessary, the business should determine whether it (or any vendor it engaged) actually used an “automatic telephone dialing system” (“ATDS”) – as that term is used in the statute(s) and interpreted in Facebook – to make calls or to send text messages. Plaintiffs often just assume the business used an ATDS; in contrast, the business should determine whether an ATDS was in fact used. A technical understanding of the relevant system(s) will be important.
- Fourth, the business also should confirm that it (or a third-party acting on its behalf) in fact did make a call(s) or send a text message(s) to the plaintiff. The business should not just rely on the plaintiff’s representations to that effect or assume that the plaintiff’s counsel conducted a thorough investigation prior to a complaint being filed. At the same time, the business should determine whether it has any evidence that the plaintiff “opted in” to receiving such calls and/or such messages. Unfortunately, too often a plaintiff “forgets,” or fails to disclose, that he or she in fact consented to receiving calls or text messages.
- Fifth, if and as relevant, the business also should determine whether it has any records showing that the plaintiff actually ever “opted out” from receiving such calls or text messages, or any records of any communications at all with the plaintiff. Again, a business should not just take the plaintiff’s word for it. This examination may require follow-up with any vendors the business used to place calls or send messages.
- Sixth, the business should ascertain whether it had any prior, or has any ongoing, business relationship with the plaintiff, and when, if it can be determined, that relationship began and/or ended. For example, the business should determine whether the plaintiff ever made any purchase(s) from the business. If so, the business also should identity and collect any records it has with respect to that relationship and any commercial interactions with the plaintiff. It should do a “deep dive;” for example, the business may need to determine whether someone else at the plaintiff’s address (for example, a spouse) made a purchase(s) and/or authorized the calls or the messages.
- Seventh, in consultation with counsel, the business should issue a “document hold,” preserving relevant records (including, but not limited to, electronic records).
- Eighth, the business should review its commercial contracts to determine, among other considerations, whether a third-party vendor, for example, could bear responsibility for the alleged violation(s) and/or, for example, be required to defend and/or indemnify the business. On a related point, the business should also determine whether and when to reach out – likely through or at the direction of counsel – to any such vendor(s) to gather data and other information in furtherance of its investigation and defense.
- Ninth, the business should review its insurance policies, including, but not limited to, its cyber insurance policies, to determine whether any insurance coverage may be available for the claim. While many policies contain exclusions for TCPA or similar suits, some policies at least provide some limited coverage for defense costs.
- Tenth, the business should review its various consumer-facing agreements, terms, and conditions to determine whether the dispute is appropriate to be heard in court or must instead be arbitrated.
By taking these ten steps early, a business should be better positioned to assess the claim and its defenses. For example, if the business can establish that it did not use an ATDS or that the plaintiff actually, affirmatively agreed to receive calls or text messages, the business and its counsel may be able to quickly secure a favorable resolution of the dispute.
If, however, the plaintiff persists, and the lawsuit continues, the business, of course, will need to take other important steps to defend itself. In conjunction with counsel, it will need to consider, for example, moving to dismiss the complaint, opposing class certification (as applicable), and/or seeking summary judgment (at the appropriate time). Working with counsel, the business likely will also want to undertake detailed discovery. Having taken these ten steps – and, as a result, arming itself with key information – the business should also be more prepared to mount a vigorous defense.
For more information about the TCPA and related investigations and litigation, including how to avoid, respond to, and defend against TCPA and related claims, please contact Michael H. Sampson and James K. Paulick.
Jim Paulick is a partner at Leech Tishman and leads the Data Privacy & Cybersecurity Group, part of Leech Tishman’s Corporate Practice Group. He is also the co-host of Leech Tishman’s Data Privacy LawTalk Podcast. He can be reached at 412.261.1600 or firstname.lastname@example.org.
Leech Tishman’s Facebook Page: https://www.facebook.com/leechtishman
Leech Tishman’s Twitter: https://twitter.com/LeechTishman
Leech Tishman’s Company Page on LinkedIn: https://www.linkedin.com/company/leech-tishman
Leech Tishman Fuscaldo & Lampl is a full-service law firm dedicated to assisting individuals, businesses, and institutions. Leech Tishman offers legal services in business restructuring & insolvency, corporate matters, employment & labor, estates & trusts, intellectual property, litigation & alternative dispute resolution, and real estate. In addition, the firm offers a wide range of legal services to clients in the aviation & aerospace, cannabis, construction, emerging cyber technologies, energy & natural resources, healthcare, and hospitality industries. Headquartered in Pittsburgh, PA, Leech Tishman also has offices in Chicago, Los Angeles, New York, Philadelphia, Sarasota, and Washington, D.C.