Litigation hold process for a TCPA case: small business guide

Sued under TCPA? A litigation hold must go out within days. Learn the exact steps, what to preserve, and the real cost of getting it wrong. Free checklist inside.

LeadCompliant Team
25 min read
In This Article

Last updated 2026-07-11

Small business owner reviewing printed records for a TCPA litigation hold at a wooden desk
Small business owner reviewing printed records for a TCPA litigation hold at a wooden desk

TL;DR

A litigation hold (also called a legal hold) is a formal instruction to stop deleting any records that could be relevant to a TCPA lawsuit. For small businesses, that means freezing call logs, consent records, dialer configs, CRM data, and opt-out records the moment you receive a complaint or a demand letter. Missing even one auto-delete setting can trigger sanctions that dwarf the original TCPA damages.

What is a litigation hold and why does a TCPA case trigger one immediately?

A litigation hold is a documented instruction sent to everyone in your company who touches relevant data, telling them to suspend all routine deletion and overwrite schedules until the case is resolved. Under Federal Rule of Civil Procedure 37(e), a court can sanction a party for losing electronically stored information (ESI) that should have been preserved once litigation was "reasonably anticipated" [1]. That phrase is the key. You do not need to be formally served. A demand letter, an FCC complaint forwarded by your carrier, or even a pre-suit email from a plaintiff's attorney is enough to start the clock.

TCPA cases are especially dangerous here because the evidence is almost entirely digital. Call logs, text message records, auto-dialer configuration files, consent timestamps, and opt-out logs live in systems that routinely purge data on 30, 60, or 90-day cycles. One missed auto-delete setting can wipe the only proof you have that a consumer actually gave prior express written consent.

Small businesses get tripped up because they assume a litigation hold is something big companies do. It is not. Federal courts apply the same spoliation rules to a 5-person sales team as to a Fortune 500 company. Courts have awarded adverse inference instructions, which let juries assume deleted records would have been bad for you, in TCPA cases involving small defendants. That outcome can turn a defensible case into an unwinnable one before trial.

When exactly does the duty to preserve evidence begin in a TCPA lawsuit?

The preservation duty attaches when litigation is "reasonably anticipated," a standard courts take seriously and apply broadly [1]. Here are the specific trigger events you should treat as day zero.

A demand letter or attorney letter: Any written communication threatening a TCPA claim starts the clock. The letter does not need to name a specific dollar amount.

A formal complaint filed in federal or state court: If a plaintiff files suit and you get served, you are already behind. The hold should have gone out when you first heard about the dispute.

An FCC complaint or CFPB complaint referencing your calls or texts: These are not lawsuits yet, but courts have found that a regulatory complaint makes litigation reasonably foreseeable.

An internal flag that a consumer has disputed a call: If a customer service rep logs a complaint saying "I never consented to these calls," document that date. Some courts have looked at internal complaint logs to find the moment litigation became foreseeable.

The practical answer for small teams: issue the hold the same day you learn of any dispute. The cost is a few hours of internal work. The cost of waiting is potentially unbounded.

What records does a TCPA litigation hold need to cover?

TCPA claims live and die on a narrow set of evidence categories. Your hold needs to cover all of them, including the ones nobody thinks about at first.

Data CategoryWhere It Usually LivesTypical Auto-Delete Risk
Outbound call logs (number, timestamp, duration)Dialer platform, VoIP provider30-90 days in most SaaS dialers
Text message logs (to/from, content, timestamp)SMS gateway (Twilio, Bandwidth, etc.)7-90 days depending on plan
Consent records (written consent, web form submissions)CRM, lead vendor records, email inboxNo auto-delete, but often overwritten on update
Opt-out and revocation recordsCRM, SMS platform STOP logsVaries widely
Dialer configuration files (ATDS settings, campaign setup)Dialer admin panel, IT configsOverwritten on next campaign
Do-not-call (DNC) scrub logsCompliance platform, internal DNC listOften purged on refresh
Lead purchase records (who sold you the number, what consent they claimed)Email, vendor portal, contract filesEmail auto-archive or deletion
Employee communications about the campaignEmail, Slack, Teams, text messagesEmail purge policies, Slack retention
Marketing scripts and recorded call samplesCall recording storage30-60 days in most platforms
Carrier billing and CDR recordsCarrier portal90 days to 12 months

Do not overlook employee communications. Courts have ordered production of internal Slack messages and emails in TCPA cases. If your team was discussing whether a list was compliant, or whether to skip a DNC scrub to save money, those messages exist and they are discoverable [2].

For context on what TCPA plaintiffs actually seek in discovery, look at settlements like the cash app tcpa class action settlement, where consent records and dialer logs were central to the class certification fight.

How do you actually issue a litigation hold at a small company?

Bigger companies have legal departments that send formal hold notices to IT, HR, and every department head. At a 10-person sales shop, you are probably doing this yourself. Here is what the process looks like at that scale.

Step 1: Write a litigation hold notice. This does not need to be a 20-page legal document. It needs to name the case or dispute, describe the categories of information to preserve, identify who receives the notice, and state that normal deletion is suspended. Put it in writing, even if you email it to yourself and your two teammates. The writing creates a timestamp.

Step 2: Deliver it to every person who has access to relevant data. That means your sales reps, your IT person or admin, whoever manages your dialer account, and whoever handles your CRM. If your CEO set up the original campaign, they get the notice too.

Step 3: Suspend all auto-delete settings immediately. Log into your dialer platform, your SMS gateway, your CRM, and your email system. Screenshot every current retention setting before you change it, then disable auto-purge on anything covered by the hold. Keep those screenshots. They show you acted in good faith and when.

Step 4: Collect and segregate a copy of the data. Do more than stop deleting. Actively export what exists right now: call logs, text logs, consent records, DNC scrub reports. Save those exports to a location that is not subject to routine deletion. A locked Google Drive folder with access controlled to you and your attorney works fine.

Step 5: Notify your attorney. If you do not have one yet, get one before you respond to anything. The litigation hold creates attorney-client privilege protection for your communications about the case.

Step 6: Document everything you did and when. Courts evaluating spoliation sanctions look at the reasonableness of your response. A written record showing you issued a hold on day one and locked down retention settings the same day is your best defense [3].

Reality check: most small businesses do not have a formal information governance policy. That is fine. What matters is that you respond quickly and in writing when a dispute surfaces.

What happens if you fail to preserve evidence in a TCPA case?

Spoliation sanctions under Federal Rule of Civil Procedure 37(e) range from a minor discovery order all the way to a default judgment against you [1]. The practical menu of bad outcomes looks like this.

An adverse inference instruction is the most common sanction in ESI cases. The court tells the jury that it may assume the deleted records would have been bad for your case. In a TCPA case where you deleted call logs and the plaintiff claims you called without consent, that instruction is devastating.

Monetary sanctions are also common. The court can order you to pay the plaintiff's attorneys' fees for all the discovery work caused by your failure to preserve. In TCPA class actions, that can be hundreds of thousands of dollars even before any TCPA statutory damages.

Case-dispositive sanctions (dismissal of your defense or default judgment) happen when courts find you acted willfully or in bad faith. The Pension Committee v. Banc of America case from the Southern District of New York is a widely cited federal decision on ESI sanctions, and its framework has been applied in TCPA litigation [4].

The TCPA itself carries statutory damages of $500 per negligent violation and $1,500 per willful violation, with no statutory cap in class actions [5]. A class of 10,000 consumers at $500 each is $5 million before any sanctions. Add a spoliation adverse inference and you have a case that settles for the policy limits of your insurance or more. The credit one tcpa settlement shows how costs pile up when discovery becomes a fight.

TCPA litigation: key numbers every small business needs to know Statutory damages, limitations period, and settlement scale 500 Per-call damages, negligent… 1,500 Per-call damages, willful v… 4 Federal statute of limitati… (years) 75.5 Capital One TCPA class settlement ($ millions) Source: 47 U.S.C. 227 (Cornell LII); 28 U.S.C. 1658 (Cornell LII); FCC TCPA enforcement history

How long does a litigation hold need to stay in place?

The hold stays active until the case is fully resolved and the time for any appeal has passed. That means final judgment, any appeal period, and, in class action cases, final approval of any settlement by the court.

In practice, TCPA cases take one to four years to resolve depending on whether there is class certification litigation. That is a long time to maintain frozen retention settings. A few things help.

Scope creep is real. As discovery proceeds, you may get requests for additional categories of data not in your original hold. Issue a supplemental hold notice and document it exactly as you did the first one.

When the case does end, do more than quietly turn auto-delete back on. Issue a formal litigation hold release notice, save it with your case file, and restore normal retention settings. This protects you if another case arises later referencing the same time period.

For related regulatory risk that overlaps with your call records, understanding how do not call list compliance fits into your documentation makes sense here. Your DNC scrub logs are evidence in both a TCPA suit and any FTC enforcement action.

Does the litigation hold process differ for SMS and text message TCPA claims?

The structure is the same, but the data sources are different and the deletion risks are higher. SMS gateways like Twilio, Bandwidth, and Sinch have message retention windows that vary by plan and are often short. Twilio's standard message logs, for example, are retained for a rolling period that can be as short as zero days for message body content on certain configurations [6]. Check your specific gateway settings immediately.

For text message TCPA claims, the hold needs to capture message content, not only delivery receipts. Delivery metadata proves a message was sent. The content proves what you sent. Both matter.

Also capture your keyword opt-out logs. If a consumer texted STOP and you kept sending messages, that is a separate and highly damaging fact. Most SMS platforms log inbound STOP messages separately from outbound logs. Make sure both are covered in your hold.

Carrier-level records are a separate layer. Your wireless carrier or VoIP provider may have call detail records (CDRs) that your dialer platform does not. In federal litigation, parties can subpoena carrier records directly, so think about what your carrier's logs would show and whether you can get copies early. For more on how text message campaigns create TCPA exposure, see our overview of text message marketing.

What is the role of your attorney in the litigation hold process?

Your attorney should be doing two things: advising you on scope and acting as a shield for your communications.

On scope, TCPA litigation attorneys know from experience which categories of evidence plaintiffs' counsel will request first. A good attorney can tell you within 24 hours which systems to freeze and which records are most likely to be demanded in discovery. That saves you from over-preserving everything at enormous cost or under-preserving and facing sanctions.

On privilege, communications between you and your attorney about the litigation hold, the evidence, and litigation strategy are protected by attorney-client privilege. Communications between you and your sales team about the same topics are not. Route sensitive analysis through counsel.

One practical point: if your attorney sends the hold notice on your behalf, that notice itself may be work-product protected from disclosure. If you write it yourself and send it to employees, it is business communication and discoverable. Ask your attorney about this early.

If you cannot afford litigation counsel immediately, at minimum consult a TCPA specialist for a flat-fee initial call before you respond to any plaintiff communications. Many TCPA defense firms offer this. The cost is $300 to $1,000 for an initial consult and it is the cheapest insurance you can buy at the start of a case.

How does the litigation hold interact with your TCPA compliance documentation?

This is where small businesses either have a strong defense or fall apart. If you were running cold calling or texting campaigns with proper prior express written consent documentation and clean DNC scrubs, your litigation hold is largely a matter of freezing records that already prove your case.

If you were not keeping those records, the litigation hold cannot create evidence that never existed. What it can do is stop further destruction and give you the best chance of finding whatever documentation does exist.

The FCC's rules on prior express written consent require that the consent be "clear and conspicuous" and that it specifically authorize autodialed or prerecorded calls to the called number [7]. The consent record, in writing, with a timestamp tied to the phone number dialed, is what you need to produce in discovery. If your CRM stores consent records but overwrites them when a lead is updated, your litigation hold needs to go to IT or your CRM vendor immediately to capture a snapshot before the next update cycle runs.

Lead vendor contracts matter here too. If you bought leads and the vendor claimed consumers consented, your purchase agreement and any consent certification the vendor provided is evidence. That documentation, wherever it lives, goes on the hold.

Running a campaign today? LeadCompliant's free compliance kit includes a consent record template and a pre-campaign DNC scrub checklist that make building this paper trail straightforward before any dispute arises.

For the statutory text, 47 USC 227(b)(1) prohibits using an automatic telephone dialing system or prerecorded voice to call cellular phones without "prior express consent of the called party" [5]. That phrase is the legal standard your consent records need to satisfy.

What does a small business litigation hold notice actually look like?

Here is a minimal but legally sufficient structure for a small business hold notice. This is not a template your lawyer would use in a large case, but it covers the core elements courts look for.

---

LITIGATION HOLD NOTICE Date: [DATE] Matter: [Consumer name or case reference] TCPA Dispute Issued by: [Your name and title]

This notice requires you to immediately preserve all records, data, and communications that may be relevant to the above matter. Do not delete, overwrite, or discard any of the following:

  • All outbound call logs and text message logs for the period [DATE RANGE]
  • All consent records and opt-in documentation for contacts in the affected campaign
  • All opt-out and DNC records
  • All dialer and campaign configuration records
  • All lead purchase agreements, vendor contracts, and consent certifications
  • All internal communications (email, chat, voicemail) discussing this campaign or this consumer
  • All call recordings

Suspend all automatic deletion, archiving, or overwrite policies for the above categories immediately. Contact [NAME/ATTORNEY] before deleting any data that may be relevant.

This hold remains in effect until you receive written notice of its release.

---

Send this by email so you have a timestamp. Have each recipient reply confirming receipt. Save those replies. If someone cannot be reached, note your attempt and the reason in writing.

What are the actual costs of a TCPA case for a small business, and does a litigation hold affect them?

TCPA statutory damages are $500 per violation for negligent calls and $1,500 per willful violation [5]. In a class action, multiply those numbers by however many consumers received the same call or text. A campaign that reached 50,000 numbers without proper consent is a $25 million to $75 million exposure at the statutory rate, though class cases almost always settle for much less.

Real settlements give a better sense of actual costs. The Cash App TCPA class action settled for $5 million. Capital One settled TCPA claims for $75.5 million in 2014 [8]. Those are large companies. Small business cases settle in the $10,000 to $500,000 range far more often, but that range still ends companies that cannot afford it.

A proper litigation hold cuts costs in two ways. First, it prevents sanctions that can make a case unsettlable at a reasonable number. Second, if your records show consent and DNC compliance, you may be able to get a case dismissed or resolved cheaply. The defense is in the records. No records means no defense.

Attorneys' fees for TCPA defense run $300 to $600 per hour for experienced counsel, and a contested case through class certification can run $100,000 to $400,000 in fees alone. Getting a hold issued correctly on day one is worth every minute it takes.

For a full breakdown of the statutory structure, the tcpa overview covers the penalty tiers and the FCC's enforcement history.

Are there any safe harbor or good faith defenses that a litigation hold helps preserve?

The TCPA does not have a formal statutory safe harbor for companies that make good faith mistakes the way some other consumer protection laws do. What courts have recognized, however, is that reasonable reliance on consent records, on DNC scrubs, and on carrier information that identified a number as a non-wireless line can support a good faith defense to willfulness [9].

Willfulness matters because it is the threshold between $500 and $1,500 per call. A defendant who can show documented consent practices, regular DNC scrubs, and an immediate litigation hold response is in a much stronger position to argue non-willfulness than one who cannot produce any of that.

Some courts have also recognized a bona fide error defense under 47 USC 227(c)(5) for calls that violated internal DNC policies but where the caller had established and followed reasonable procedures to prevent such violations [5]. Producing those procedures in discovery requires that they were documented and preserved.

A litigation hold does not create defenses. It preserves the evidence you need to raise them. Without it, those defenses disappear with your call logs.

Frequently asked questions

How quickly do I need to issue a litigation hold after receiving a TCPA demand letter?

Issue it the same day, or the next business morning at the latest. Courts measure reasonable anticipation of litigation from the date of the first demand, not the date of service of a complaint. Every day of delay is a day when auto-delete settings may be running and destroying evidence. A one-page email to your team is enough to start the record.

Does a litigation hold apply to a solo operator or very small team with no IT department?

Yes. The obligation is the same regardless of company size. A solo operator should log into every platform (dialer, SMS gateway, CRM, email) and manually disable auto-delete, then export a copy of all relevant data to a separate storage location. Screenshot your retention settings before and after you change them. That documentation shows good faith if spoliation ever comes up.

What TCPA records are most commonly requested in discovery?

Plaintiff attorneys almost always start with outbound call logs showing the number called, date, and time; consent records tied to each called number; opt-out logs; DNC scrub reports; and dialer configuration records showing whether an automatic telephone dialing system was used. Internal emails and Slack messages about campaign setup are a close second, especially if compliance was ever discussed.

Can my SMS gateway or dialer vendor destroy records before I issue a hold?

Potentially yes, and that is your problem, not the vendor's. Courts have generally held that a party's duty to preserve extends to third-party vendors whose records the party has the legal right to access and control. Log into your dialer and SMS platform immediately, export all logs, and contact vendor support to suspend any auto-deletion. Some vendors offer litigation hold settings; ask explicitly.

What is the difference between a litigation hold and document retention policy?

A document retention policy is your standard business rule for how long you keep records before deleting them. A litigation hold overrides that policy for specific categories of data once a dispute arises. The hold is temporary and case-specific. Your normal retention policy resumes after the case ends and you issue a formal hold release.

Can I be sanctioned even if I deleted records before the lawsuit was filed?

Yes, if deletion happened after litigation was reasonably anticipated. Courts have found that a pre-suit demand letter or even a documented consumer complaint can trigger the duty to preserve. If you routinely purge call logs every 30 days and you knew about a dispute but did not pause that purge, a court can find spoliation even though no lawsuit existed yet at the time of deletion.

Do I need to preserve records for consumers who are NOT the named plaintiff in the TCPA suit?

In a class action, yes. The plaintiff will move to certify a class of all similarly situated consumers. Records for the entire campaign period and all called numbers are potentially relevant to class certification. Selectively preserving only the named plaintiff's records while others continue to auto-delete creates serious spoliation risk.

Under 47 USC 227 and FCC regulations, prior express written consent must be a signed written agreement that clearly authorizes autodialed or prerecorded calls to that specific number. Your hold must capture the exact consent artifact (web form submission, e-signature record, paper form scan) with a timestamp, the IP address if collected online, and the phone number it covers. That specific record is the core of your defense.

Preserve your purchase contract, any consent certification the vendor provided, and all communications with the vendor about the lead list and consent claims. Then contact the vendor and put them on notice to preserve their consent records too. If the vendor's consent records were defective, you may have an indemnification claim against them, but only if you can prove what they represented to you.

Does a TCPA litigation hold cover voicemail drops and ringless voicemails?

Yes. The FCC has treated ringless voicemail as a call under the TCPA, and several court decisions support that position. All records related to ringless voicemail campaigns, including the audio files, delivery logs, and any consent records, should be included in your hold. The technology does not change the preservation obligation.

The TCPA has a four-year federal statute of limitations under 28 USC 1658, though some state law claims can be longer. Keep consent records, call logs, and DNC scrub records for at least four years from the date of each contact. In practice, the safest approach is to never delete consent records tied to a specific phone number while that number remains in your database.

Can the FTC or FCC use my TCPA records against me in a regulatory action?

Yes. Both agencies can subpoena records in regulatory investigations. The FTC enforces the Telemarketing Sales Rule and coordinates with the FCC on DNC enforcement. Records you preserve for a private TCPA lawsuit may also be produced in response to a government subpoena. That is another reason why having clean, accurate records of consent and DNC scrubs is better than having incomplete records.

What is an adverse inference instruction and how bad is it in a TCPA case?

An adverse inference instruction tells the jury it may assume deleted records would have supported the opposing party's case. In a TCPA suit where you deleted call logs and the plaintiff claims you lacked consent, an adverse inference on the consent question is likely fatal. The jury is effectively told: assume there was no consent. At that point, settlement at any cost is usually the better option.

Should I tell my employees not to discuss the case after a hold is issued?

Tell them to route any questions about the case to you or your attorney, and to preserve everything. Do not instruct them to stop discussing the case among themselves in ways that might cause them to destroy or alter records. Document destruction that occurs after a hold notice is issued, even by a well-meaning employee trying to clean up, is spoliation and creates personal liability risk for that employee in some jurisdictions.

Sources

  1. Cornell LII, Federal Rules of Civil Procedure Rule 37: FRCP Rule 37(e) authorizes sanctions for failure to preserve ESI when litigation was reasonably anticipated
  2. United States Courts, Federal Rules of Civil Procedure: Federal discovery rules require preservation of all relevant electronically stored information once litigation is reasonably anticipated
  3. Cornell LII, Federal Rules of Civil Procedure Rule 26: Rule 26 governs general duty to disclose and preserve in federal litigation, including ESI categories
  4. Pension Committee of the University of Montreal Pension Plan v. Banc of America Securities, 685 F. Supp. 2d 456 (S.D.N.Y. 2010): Southern District of New York decision setting out a framework for ESI spoliation sanctions still cited in TCPA and other federal litigation
  5. Cornell LII, 47 U.S.C. 227 (TCPA): 47 USC 227 sets $500 per violation for negligent TCPA violations and $1,500 per willful violation, and requires prior express consent for autodialed calls to cell phones
  6. Twilio, Message Logs and Retention Documentation: Twilio message log retention windows vary by account configuration and can be short depending on plan and message body storage settings
  7. Cornell LII, 47 U.S.C. 227(c)(5) (TCPA private right of action and procedures defense): 47 USC 227(c)(5) provides a defense where a caller established and followed reasonable procedures to avoid do-not-call violations
  8. Cornell LII, 28 U.S.C. 1658 (Catch-all Federal Statute of Limitations): 28 USC 1658 sets a four-year default federal statute of limitations applicable to TCPA private claims
  9. Federal Trade Commission, Telemarketing Sales Rule (TSR) overview: FTC enforces Telemarketing Sales Rule and coordinates with FCC on National Do Not Call Registry enforcement, with overlapping record-keeping obligations

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit