Last updated 2026-07-09

TL;DR
A TCPA compliance attorney keeps your outbound calling and texting inside the Telephone Consumer Protection Act's rules, and defends you when a suit hits. Each violation carries $500, or $1,500 if willful, with no cap in class actions. Most small teams need a compliance review before launch, not after a class action lands.
What does a TCPA compliance attorney actually do?
They keep your outbound program legal, and they fight for you when someone claims it isn't. That's the whole job in one sentence.
On the prevention side, a TCPA compliance attorney reviews your consent flows, your calling lists, your dialing technology, your scripts, and your opt-out process. They find the holes before a plaintiff's lawyer does. That might mean rewriting your web opt-in language so it meets the FCC's express written consent standard, or confirming your dialer is not an automatic telephone dialing system (ATDS) under the case law in your circuit.
On the defense side, they answer demand letters, litigate class actions, and negotiate settlements. Picture a demand letter claiming your company sent 50,000 unconsented texts at $1,500 each. That's $75 million in stated exposure before a judge ever reads the complaint. A good attorney who knows the case law can attack standing, dispute class certification, challenge whether a system is an ATDS, and often resolve cases for a fraction of that face value.
Some attorneys do both. Others pick a side. Plaintiffs' TCPA attorneys file suits for consumers and work on contingency. Defense-side TCPA attorneys, the ones you want on speed dial, represent companies and usually bill hourly or handle flat-rate compliance work. Know which side someone is on before you hire them.
What does TCPA actually say, and why does the statute wording matter so much?
The Telephone Consumer Protection Act lives at 47 U.S.C. § 227, and almost every defense argument traces back to a single phrase in it. Section 227(b)(1)(A) bans calls using an ATDS or an artificial or prerecorded voice to a cell number without prior express consent. Section 227(b)(1)(B) covers residential lines. Section 227(c) covers the National Do Not Call Registry. [1]
The statute sets damages at $500 per violation and $1,500 per willful or knowing violation. [1] There's no cap on class actions in the statute itself. That's why a mid-size company that sent one promotional text to 200,000 people faces potential exposure of $300 million.
So why does the exact wording carry so much weight? Because the fight almost always turns on a word. Was the system an ATDS? The Supreme Court answered that in Facebook v. Duguid (2021), holding that an autodialer must use a random or sequential number generator to store or produce numbers. [2] That one ruling gutted thousands of pending cases and reshaped how plaintiff attorneys draft new ones. Did the person consent? The FCC's definition of "prior express written consent" for marketing calls sits in 47 C.F.R. § 64.1200(f)(9). [3] Miss one element of that definition and your consent is worth nothing in court.
This is a statute where the devil hides inside individual words, and the case law shifts fast enough that you genuinely need someone reading these decisions as they drop.
How much does a TCPA violation actually cost, and how big do settlements get?
Statutory damages are $500 per call or text, or $1,500 if the violation was willful. [1] Those numbers scale brutally in class actions.
Real settlements paint the clearest picture. UnitedHealthcare paid $2.5 million to resolve alleged TCPA violations tied to automated calls. Credit One Bank settled a TCPA class action that made national compliance news. Truist Bank faced a class action over similar automated contact claims. Albertsons and Safeway settled a TCPA case involving texts to customers. These are not outliers. TCPA generates more class action filings per year than nearly any other consumer protection statute.
Defense fees for a contested class action can run $300,000 to $1 million or more before settlement. Hourly rates for experienced TCPA defense attorneys in major markets run $400 to $700 per hour as of 2024, though boutique firms in smaller markets often charge $250 to $400. Flat-rate compliance reviews (no litigation) usually run $2,000 to $10,000 depending on scope.
Here's the comparison that should focus your attention. A one-time compliance review at $5,000 is cheap insurance against a settlement measured in millions.
What is the difference between a TCPA compliance attorney and a TCPA plaintiff's attorney?
Same statute, opposite directions. That's the difference in a nutshell.
A plaintiffs' TCPA attorney represents consumers who got unwanted calls or texts. They work on contingency, taking a percentage of the settlement or judgment. Their job is to find violations, aggregate them into class actions, and settle or litigate. They're very good at it, and the economics push them to find technical violations even when no consumer was meaningfully harmed.
A defense-side TCPA attorney represents the companies that got sued. They charge hourly or take flat-fee compliance work. They know the same playbook from the other side, which means they know exactly how plaintiffs' attorneys build cases and where those cases crack.
A compliance attorney is often the same person as the defense attorney, but not always. Some focus entirely on pre-suit counseling. They audit your program, write your policies, train your team, and set up consent documentation. If a suit lands, they may hand it to a litigator or join the defense team.
For a small outbound team, the practical move is one attorney who can do both: review your posture now and step in if a demand letter arrives. Pick someone who has actually litigated TCPA cases, because they understand what the other side hunts for.
When does a small outbound team actually need to hire a TCPA compliance attorney?
A few triggers mean you need an attorney, not a blog post.
First: before you launch any automated outbound program. If you're texting a list, running a dialer with any automation, or dropping ringless voicemails, get a legal eye on your consent collection, your opt-out handling, and your list sourcing before the first message goes out. Getting this wrong on day one creates a retroactive class that can include every contact you ever touched.
Second: the moment a demand letter arrives. Don't answer a TCPA demand letter yourself. Don't ignore it either. These letters often carry a tight response window and a settlement offer that expires. An experienced defense attorney can judge whether the claim has real merit, whether the plaintiff has standing, and what a reasonable resolution looks like. Responding wrong, or admitting anything in writing, can hurt you badly.
Third: when you buy leads or calling lists from a third party. The FCC's one-to-one consent rule, effective January 27, 2025, means consent obtained by a lead generator no longer covers calls from your company unless your company was named in that consent. [4] If your model depends on purchased leads, you need an attorney to check whether your sources give you defensible consent or leave you exposed.
Fourth: after any big regulatory change. The FCC moves often, and a circuit court decision can shift the law in your territory overnight. The TCPA news landscape moves fast enough that compliance that was fine last year may not be fine today.
How do you find a qualified TCPA compliance attorney?
TCPA is a specialty inside telecom and consumer protection law. Your general corporate lawyer probably doesn't know it well enough to help. Here's how to vet candidates.
Start with their case history. Ask directly: have they handled TCPA class action defense or plaintiffs' work? Have they dealt with FCC proceedings, not only private litigation? Do they track FCC orders and circuit court decisions as they come out? A lawyer who has to look up Facebook v. Duguid when you mention it is the wrong fit.
Look for attorneys who have written or spoken publicly about TCPA. Law firm blogs, bar publications, and CLE talks are a decent proxy for real expertise. Groups like the ANA (formerly the DMA) and the PACE Association keep lists of attorneys who advise on telemarketing compliance.
Geography matters only for state-law issues. TCPA is federal, so a California attorney can advise an Ohio company on federal compliance with no problem. But if you're worried about state mini-TCPA laws (Florida, Oklahoma, Washington, Texas, and others have their own statutes), you may need someone licensed there or deeply familiar with it. If you call into Kentucky, a TCPA lawyer in Kentucky who knows the state rules is worth finding.
Ask how they run a compliance audit. A good TCPA attorney should describe a process for reviewing consent language, list sources, dialing technology, and opt-out handling. If they can't describe that process clearly, they don't do this proactive work often.
Get fees in writing upfront. Flat-rate reviews are common and predictable. Hourly litigation gets expensive fast. Some firms offer a hybrid: a flat-rate audit, then hourly if something escalates.
What should a TCPA compliance review actually cover?
A review is only as good as its scope. A thorough one covers six things.
Consent documentation. The attorney should look at every touchpoint where you collect phone numbers and every disclosure a consumer sees at that moment. For marketing calls and texts, the FCC requires prior express written consent that is clear and conspicuous, names the seller, and covers the specific type of communication. [3] Your online forms, checkout pages, lead intake flows, and paper forms all get checked.
List sourcing. Where did your calling list come from? Did those people consent to be contacted by your company specifically? Since January 27, 2025, the one-to-one consent rule means a consumer who agreed to hear from "marketing partners" on a lead gen site has not agreed to hear from you by name. [4] Your attorney has to trace the consent chain.
Dialing technology. Is your system an ATDS under current law? Not always obvious. After Facebook v. Duguid the definition narrowed, but some systems that avoid random number generation still raise questions depending on your federal circuit. [2] The Ninth Circuit and the Eleventh Circuit have read the statute differently over the years, and where your company or your recipients sit can matter.
Opt-out handling. Can people opt out immediately? Are requests honored on time? The FCC requires that do-not-call requests be honored within a reasonable time, not to exceed 30 days. [3] If your CRM doesn't auto-suppress opted-out numbers, that's a problem.
Scripts and disclosures. Are your agents saying who they're calling for? Are required disclosures present and in the right order? Is your company name and contact info given on every call?
A compliance kit from a reliable source gives you a head start on self-assessment before you bring in an attorney. LeadCompliant offers a free TCPA compliance kit covering these same areas, which helps you walk into your first attorney meeting knowing exactly where your gaps are. That saves billable hours.
State law overlay. Do you call into states with mini-TCPA statutes? Florida's FTSA, for one, has its own private right of action and consent rules that go past federal law. [5] Your attorney flags which states add exposure based on where your recipients live.
What are the most common TCPA violations that attorneys see in small outbound teams?
Most small-team violations fall into a handful of buckets.
Unconsented text blasts. A company buys a list, loads it into an SMS platform, and fires a promo to thousands of numbers. Nobody on that list agreed to texts from this company. This is the single most common entry point for class actions against small businesses. [6]
Calling numbers on the National DNC Registry. The FTC runs the registry, and scrubbing your list against it is required before you call residential numbers. [7] Plenty of small teams scrub once, then call the same list six months later without re-scrubbing. Numbers get added to the registry every day.
Ringless voicemail. Some vendors sell ringless voicemail drops as TCPA-exempt because they land in voicemail without ringing the phone. The FCC has not exempted them, and multiple courts have found they count as calls under the TCPA. [8] Teams told a vendor that ringless voicemail is "safe" are often surprised when the demand letter shows up.
Bad opt-out handling. A consumer texts STOP, the CRM logs it, but the suppression list never syncs with the dialer or another department's list. The same person gets called again. Each contact after an opt-out is its own willful violation at $1,500. [1]
Lead gen consent that doesn't name the caller. The FCC's January 2025 rule change broke a lot of existing lead generation models. Companies that haven't updated their list sourcing since are running on consent that no longer holds up. [4]
How does the FCC one-to-one consent rule change what attorneys advise?
The FCC's one-to-one consent rule is the biggest change to TCPA compliance practice in years. The FCC adopted it in December 2023, and it took effect January 27, 2025. It requires that consent to receive marketing calls and texts be obtained by the specific seller who will make the contact. [4]
Before this rule, a common lead gen trick was to have a consumer check a box on a comparison site or landing page agreeing to hear from "our marketing partners" or a list of companies. That one consent got sold to dozens of buyers. The FCC named this the lead generator loophole and closed it. Under the FCC's order, closing the loophole means consumers "must consent to calls and texts one seller at a time."
For outbound teams, the takeaway is concrete. If you buy leads from a third-party aggregator, verify that each lead's consent form named your company specifically, more than a category of marketers. Your attorney needs to read your lead vendor contracts and the actual consent language used at the point of capture.
Most TCPA attorneys are now pushing clients toward first-party consent wherever possible: build your own opt-in flows, name your company plainly, and keep the records. That's slower and more expensive to scale. It's also the only consent model that survives under current law.
What happens after a TCPA demand letter arrives?
A demand letter usually isn't the lawsuit. It's a settlement demand from a plaintiff or their attorney. The standard structure: a statement of the alleged violation, the number of calls or texts at issue, the claimed statutory damages, and a settlement offer with a deadline.
Don't respond yourself. Don't fire back a flat denial in writing. Don't send money without legal advice. Any of these can make it worse.
Your attorney moves fast on several fronts. They assess whether the conduct actually violated the TCPA, because not every demand is valid. They check whether the plaintiff has standing (the Supreme Court's TransUnion v. Ramirez decision in 2021 raised standing requirements that can knock out plaintiffs who suffered no concrete harm). [9] They figure out whether this is a lone plaintiff or a named plaintiff threatening a class.
If the claim has merit, early resolution almost always beats litigation on cost. A single-plaintiff demand claiming $5,000 to $15,000 might settle for $1,000 to $3,000 with an attorney negotiating. Fighting it through discovery and motions could cost $30,000 in fees even if you win.
If the claim is weak, an aggressive early response, one that puts the plaintiff on notice that you'll contest standing, class certification, and the ATDS issue, can sometimes make the demand vanish. That's especially true for serial plaintiffs (people who file TCPA suits over and over), whose credibility with courts runs thin.
Keep every consent record and call log. Your attorney's first ask will be documentation of consent for each number at issue. If you have it, your defense is strong. If you don't, settlement terms get worse.
Are there free resources that can reduce your need for attorney time?
Yes, and being honest about that saves you money.
The FCC publishes its TCPA orders and consumer guides at fcc.gov. The FTC publishes the National DNC Registry rules and its Telemarketing Sales Rule guidance at ftc.gov. Reading the actual agency guidance before you pay $400 an hour to have an attorney read it to you is plain good sense.
For self-service checks, LeadCompliant's free tools let you test numbers against DNC lists and run basic compliance diagnostics before you bring in paid help. Treat it as triage: find the obvious problems yourself, then bring an attorney in for the genuinely ambiguous ones.
The cases driving current practice are public through PACER and sites like CourtListener. Reading what actually happened in the Cash App TCPA class action or the Kaiser TCPA settlement gives you a concrete picture of what violations look like in practice, which makes your attorney conversations sharper and cheaper.
Self-help has real limits. Consent language in particular is something you should have an attorney review, more than match against a template. The FCC has been specific about what "clear and conspicuous" means, and courts have rejected disclosures that technically listed every required element but buried them in fine print or wrapped them in confusing language. That's a judgment call, and it takes expertise.
How do state mini-TCPA laws change what your attorney needs to know?
Federal TCPA sets a floor. Several states built something taller.
Florida's Telephone Solicitation Act (FTSA), effective July 1, 2021, has its own private right of action for automated calls and texts, with damages of $500 per call and a treble option up to $1,500 for willful violations. [5] Florida doesn't require an ATDS under the narrowed federal definition. Any system that dials from a list automatically can qualify. Florida has generated a wave of litigation on its own.
Oklahoma, Texas, and Washington also have statutes that stack state-law exposure on top of federal TCPA risk. [10] Some states carry registration requirements for telemarketers separate from federal DNC compliance.
Here's the practical part. Your TCPA attorney needs to know where your recipients live, more than where your company sits. If you call into Florida from Georgia, Florida law applies to those calls. A review that only checks federal rules can miss real state exposure.
This is where geographic specialization in an attorney earns its keep. You may want a federal TCPA generalist plus state-specific counsel for your heaviest states, or a firm with attorneys licensed in multiple states who track state mini-TCPA developments.
Frequently asked questions
How much does a TCPA compliance attorney cost?
A flat-rate compliance audit typically runs $2,000 to $10,000 depending on scope. Hourly rates for experienced TCPA defense attorneys range from $250 to $700 per hour depending on the market and the firm. A contested class action can cost $300,000 or more in attorney fees before settlement. A compliance review before you launch is almost always the cheapest path.
Can I handle a TCPA demand letter without an attorney?
You can, but it's a bad idea. TCPA demand letters often carry tight settlement deadlines. Responding wrong in writing can create admissions. Missing procedural deadlines can waive defenses. Even a single-plaintiff demand with $5,000 in stated damages is worth at least a one-hour consult with a TCPA defense attorney before you respond or pay anything.
What is the difference between TCPA compliance and DNC compliance?
TCPA compliance covers the rules around automated dialing, artificial voice, and consent for calls and texts under 47 U.S.C. § 227. DNC compliance specifically covers scrubbing your calling list against the National Do Not Call Registry run by the FTC. They're related and often handled by the same attorney, but they're legally distinct requirements with different enforcement agencies.
Do TCPA rules apply to B2B calls?
The TCPA's autodialer and prerecorded voice rules apply to calls to any cellular number, including numbers used by business owners and employees. The National DNC Registry rules mostly protect residential lines. B2B calling is lower risk than B2C, but it's not risk-free, especially if you call mobile numbers without consent. A TCPA attorney can map your specific program against the applicable rules.
What changed with the FCC one-to-one consent rule in January 2025?
The FCC's rule, effective January 27, 2025, requires that consent to receive marketing calls or texts be obtained by and limited to the specific seller making contact. Blanket consent to "marketing partners" collected on a lead gen site no longer covers calls from a company that bought that lead. Teams using purchased lists need to verify their consent chains meet the new standard.
Is ringless voicemail legal under TCPA?
The FCC has not exempted ringless voicemail from TCPA coverage. Multiple federal courts have treated ringless voicemail as a call under the statute. Using it without prior express consent to a cellular number carries the same legal risk as a traditional automated call. Vendors who market it as TCPA-exempt are not accurately describing the current legal landscape.
How long do I need to keep consent records for TCPA purposes?
The TCPA doesn't name a records retention period. As a practical matter, keep consent records at least four years, matching the statute of limitations for private TCPA suits. The burden of proving consent falls on the caller. If you can't produce consent documentation for a number you called, you're in a worse spot in litigation regardless of what actually happened.
What does 'prior express written consent' mean under TCPA?
The FCC defines prior express written consent at 47 C.F.R. § 64.1200(f)(9) as a signed agreement, including electronic signatures, that clearly names the seller, states the person agrees to receive autodialed or prerecorded marketing calls, and lists the phone number for which consent is given. Buried checkbox language or vague references to 'communications' usually fail this standard in court.
Can a TCPA class action be stopped after it is filed?
Yes, through several routes. Defendants can challenge standing under TransUnion v. Ramirez, oppose class certification by attacking whether the alleged violations are common to the class, file motions to dismiss on statutory grounds, or negotiate settlement. Class certification is often the key battleground. If a court denies certification, the case usually shrinks to a single plaintiff with far smaller exposure.
Do I need a TCPA attorney if I only send transactional text messages?
Transactional messages (order confirmations, appointment reminders, account alerts) require only prior express consent, a lower bar than the prior express written consent required for marketing. That said, the line between transactional and marketing isn't always clean, and courts have found some messages companies called transactional to be marketing. A quick legal review of your message categories is worth doing if you send any real volume.
What is a TCPA serial plaintiff, and how do they operate?
Serial TCPA plaintiffs are people who deliberately sign up for lists, receive calls or texts, then file repeated suits or demand letters to collect statutory damages. They often target small businesses with weak consent documentation. Courts have grown more skeptical of serial plaintiffs since TransUnion tightened standing, but they stay active. An attorney who tracks known serial plaintiff activity can sometimes spot them early and adjust strategy.
How is the TCPA enforced, and who brings cases?
The FCC issues rules and imposes civil penalties under TCPA, and the FTC enforces the National DNC Registry rules. But most TCPA enforcement comes from private plaintiffs, because the statute lets individuals sue for $500 to $1,500 per violation without proving actual damages. State attorneys general can also bring TCPA suits. The private right of action is what makes TCPA the dominant consumer class action statute in the country.
What should I look for in a TCPA attorney's qualifications?
Look for someone who has handled real TCPA litigation on the defense side, tracks FCC orders as they come out, and can discuss cases like Facebook v. Duguid and TransUnion v. Ramirez without prompting. Red flags: lawyers who guarantee outcomes, who have no TCPA-specific writing or speaking on record, or who can't clearly explain the consent standard under 47 C.F.R. § 64.1200.
Does TCPA apply to calls made by live agents without automation?
If a live agent manually dials each number with no automated assistance, the ATDS restrictions generally don't apply. The National DNC Registry restrictions still apply to residential numbers. State mini-TCPA laws may define covered calls more broadly. And if your live agents use any system that automates any part of dialing, even call preview or auto-advance, the ATDS question comes back.
Sources
- U.S. Government Publishing Office, 47 U.S.C. § 227 (Telephone Consumer Protection Act): TCPA prohibits autodialed or prerecorded calls to cell phones without consent; statutory damages are $500 per violation and $1,500 for willful violations.
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): An ATDS must use a random or sequential number generator to store or produce numbers; this ruling narrowed the definition of autodialer under TCPA.
- FCC, Code of Federal Regulations 47 C.F.R. § 64.1200: FCC defines prior express written consent for marketing calls and requires do-not-call requests to be honored within a reasonable time, not to exceed 30 days.
- Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida's FTSA effective July 1, 2021 provides its own private right of action for automated marketing calls and texts with $500 to $1,500 per violation.
- FTC, National Do Not Call Registry Data Book: Unwanted commercial calls and texts remain among the top consumer complaints tracked by the FTC, reflecting ongoing compliance failures.
- FTC, National Do Not Call Registry, donotcall.gov: The FTC maintains the National Do Not Call Registry; telemarketers must scrub their lists against it before calling residential numbers.
- U.S. Supreme Court, TransUnion LLC v. Ramirez, 594 U.S. 413 (2021): TransUnion raised Article III standing requirements; plaintiffs must show concrete harm to bring a federal claim, which courts apply to TCPA suits.
- National Conference of State Legislatures, State Telemarketing Laws: Oklahoma, Texas, Washington, and other states have enacted telemarketing statutes that add requirements and private rights of action beyond federal TCPA.