TCPA compliance lawyers: what they do and when you need one

TCPA lawsuits can cost $500, $1,500 per call or text. Learn what TCPA compliance lawyers do, when to hire one, and how to vet them. Updated July 2026.

LeadCompliant Team
26 min read
In This Article

Last updated 2026-07-11

Two lawyers reviewing compliance documents at a conference table in afternoon light
Two lawyers reviewing compliance documents at a conference table in afternoon light

TL;DR

TCPA compliance lawyers advise companies on consent rules, call and text restrictions, and DNC obligations under 47 U.S.C. § 227. Defense attorneys handle class action suits where each violation can cost $500 to $1,500. Most outbound teams need a compliance review before launching campaigns, more than after a lawsuit lands.

What does a TCPA compliance lawyer actually do?

There are two kinds of TCPA lawyers, and conflating them is an expensive mistake.

The first kind is a compliance attorney. They review your calling and texting programs before anything goes wrong. They read your consent language, audit your lead vendor contracts, check your scrubbing process against the National Do Not Call Registry, and tell you where you're exposed. Good ones have a strong opinion about what your opt-in flow should look like, more than a list of questions. They often produce a written opinion letter your team can act on.

The second kind is a defense litigator. They show up after a plaintiff's firm files a class action or sends a demand letter. Their job is to challenge standing, attack class certification, negotiate a settlement, or take the case to trial. Most defense TCPA lawyers also do compliance work, but their primary identity is the courtroom.

Some firms do both. That's not inherently bad, but ask directly which work makes up the majority of their practice. A firm that does 90% plaintiff work and occasionally helps defendants is a different animal than a firm that built a practice defending Fortune 500 companies.

A compliance lawyer's core deliverables typically include a consent audit, a scrubbing protocol review, a written gap analysis, and draft contract language for lead vendors. Some will train your sales team. The best ones will tell you, plainly, which of your current practices are legally indefensible and which are in a gray zone where the risk is tolerable if you document your reasoning.

For a plain-English overview of the statute itself, see our guide on TCPA law and what TCPA means.

What are the actual penalties a lawyer is protecting you from?

The Telephone Consumer Protection Act at 47 U.S.C. § 227(b)(3) sets statutory damages at $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations [1]. There is no cap on the number of violations in a single case. A class action covering 100,000 unwanted texts carries theoretical exposure of $50 million to $150 million, which is why TCPA class actions settle so often and so expensively.

The statute itself says a person may bring an action to receive "$500 in damages for each such violation" or actual monetary loss, whichever is greater, and courts may treble damages "if the court finds that the defendant willfully or knowingly violated" the relevant subsection [1].

Real settlements give you a sense of the range. UnitedHealthcare paid $2.5 million to resolve TCPA claims, which you can read about in our breakdown of the UnitedHealthcare TCPA settlement. The Truist Bank TCPA class action settlement and the Albertsons Safeway TCPA settlement show how companies across industries face this exposure. Even a small outbound team sending 10,000 texts without proper consent is looking at $5 million in statutory exposure before a plaintiff's attorney has spent a dollar on discovery.

FCC enforcement is a separate track. The Commission can impose forfeitures up to $23,727 per violation under the current inflation-adjusted schedule [2]. In practice the FCC focuses on egregious robocall operations, but the authority exists and gets used.

Violation typePer-violation exposureWho imposes it
Negligent TCPA violation$500Private plaintiff (federal court)
Willful/knowing TCPA violation$1,500Private plaintiff (federal court)
FCC forfeiture (consumer complaints)Up to $23,727FCC
State mini-TCPA violationsVaries by stateState AG or private plaintiff

For the bigger picture on costs, see TCPA 2025.

When should you hire a TCPA compliance lawyer vs. handle it internally?

Handle it internally when your program is simple: you sell B2B, you never autodial cell phones, all contacts opted in directly on your own form, and you scrub against the National DNC Registry every 31 days. At that scale, a well-run internal checklist and a quarterly review of FCC guidance is probably enough.

Hire a compliance lawyer when any of the following is true.

You buy leads from third parties. Lead vendor consent is the single biggest source of TCPA liability right now. The FCC's one-to-one consent rule, which requires that a lead's consent name the specific seller calling them, changed how virtually every lead gen arrangement works [3]. If you haven't had an attorney review your vendor contracts and the consent disclosures your vendors use, you are taking on unknown risk.

You use an autodialer or prerecorded voice. The definition of an autodialer under 47 U.S.C. § 227(a)(1) has been in litigation since the Supreme Court's 2021 Facebook v. Duguid decision [4], but the practical reality is that many modern dialing systems still carry ATDS risk depending on how they function and how courts in your jurisdiction interpret the statute. An attorney in your circuit can give you a real opinion, not a general one.

You're launching a new SMS marketing program. Consent requirements for texts are strict, opt-out handling has to work flawlessly, and the plaintiff's bar is actively hunting for programs that cut corners. See our overview of text message marketing for the baseline rules.

You received a demand letter or a complaint was filed. Stop. Call a defense TCPA attorney before responding to anything. What you say in those first exchanges can matter.

You operate in multiple states. California, Florida, Washington, and others have state-level calling laws that sometimes impose stricter rules than federal TCPA. An attorney who knows only federal law may miss a state exposure.

TCPA penalty exposure by violation type Per-violation maximum in U.S. dollars (not a cap on total violations) Negligent TCPA violation (private… $500 Willful/knowing TCPA violation (p… $1,500 FCC forfeiture (per violation, in… $24k Source: 47 U.S.C. § 227 and FCC forfeiture schedule, 2024

How do you find a good TCPA compliance or defense lawyer?

Start with the state bar referral directories, but don't stop there. TCPA is a specialty niche. Most general business litigators have handled a TCPA case or two, but that doesn't make them a reliable guide for structuring a consent program.

Look for attorneys who:

Publish regularly on TCPA topics. This is genuinely useful signal. Attorneys who write detailed analyses of FCC orders and circuit court decisions understand the law at a level that matters for compliance work. Check if they've published on the FCC's one-to-one consent rulemaking or on Facebook v. Duguid's aftermath.

Have appeared in federal TCPA cases in your circuit. PACER lets you search federal dockets by attorney name. This takes ten minutes and tells you exactly how much time that person has actually spent in TCPA litigation [5].

Can name the current state of ATDS doctrine in your jurisdiction without pausing. If they can't give you a concrete answer about how courts in your circuit have interpreted the autodialer definition since Facebook v. Duguid, they haven't been paying close enough attention.

Ask for a scope of work in writing before you engage. A compliance review for a mid-sized outbound program might run $3,000 to $15,000 depending on complexity. Ongoing retainer arrangements for growing teams cost more but give you access to a lawyer who knows your program. Defense work is priced differently, often on contingency from the plaintiff's side and on hourly or flat-fee arrangements from the defense side.

Avoid any lawyer who tells you TCPA compliance is simple or that your existing program is probably fine without actually reviewing it. The law has real gray zones, but any attorney who isn't pointing them out isn't doing the job.

What should you ask a TCPA lawyer before hiring them?

These questions will separate attorneys who know the statute from attorneys who've skimmed it.

"How do you interpret the autodialer definition after Facebook v. Duguid in this circuit?" The Supreme Court's 2021 ruling in Facebook, Inc. v. Duguid narrowed the ATDS definition at the federal level, but circuit courts have handled follow-on cases differently [4]. A lawyer should be able to tell you specifically how the Ninth Circuit, Eleventh Circuit, or whatever circuit covers your operations has applied that ruling.

"What did the FCC's one-to-one consent order change about lead generation?" The FCC's Report and Order, adopted in December 2023, requires that consumer consent for telemarketing calls and texts be logically and topically associated with the website where consent is obtained, and names a single seller [3]. This killed most shared-consent lead gen models. If a lawyer doesn't know this order, don't hire them.

"Can you show me examples of consent language you've drafted that has held up in litigation?" They won't always be able to share client-specific examples, but they should have a view on what elements make consent language defensible.

"What are the two or three TCPA cases from the last 18 months most relevant to my industry?" The answer matters less than whether they can actually name cases with citations.

"Who else on your team would work on my matter?" TCPA practices often run on associates and paralegals. Know who's reviewing your consent flow.

For state-specific work, like if you're in Kentucky and need a practitioner who knows both federal and state rules, you may want someone with regional expertise. Our article on TCPA lawyer Kentucky covers what that looks like in practice.

What does a TCPA compliance review actually cover?

A real compliance review isn't a checkbox exercise. It's a working document your team can use to fix problems.

Consent documentation. The attorney reviews every place you collect consent: web forms, checkout flows, lead vendor agreements, verbal consent scripts. They check whether the disclosure is clear, whether it names your company specifically, and whether you're capturing and retaining evidence of consent at the individual record level. The FCC has repeatedly emphasized the importance of prior express written consent for autodialed or prerecorded calls to cell phones [6].

Dialing system analysis. What technology are you using and how does it function? If your dialer can generate or store numbers to be called randomly or sequentially, you may have an ATDS risk even if that's not how you're using it. The attorney should ask for your dialer vendor's technical documentation, more than take your word for how it works.

Do Not Call scrubbing process. How often do you scrub against the National DNC Registry? Who maintains your internal DNC list? How do you handle opt-out requests, and how quickly do you process them? Federal rules require that numbers on the National DNC Registry not be called, and that internal opt-outs be honored within 30 days [7].

Lead vendor contracts. This is where a lot of small teams are most exposed. Your vendor may represent that leads are TCPA-compliant, but if their consent language doesn't pass scrutiny, you are the one receiving the demand letter. An attorney should review the actual consent disclosures your vendors use, more than the representations in the contract.

Record retention. TCPA litigation often turns on whether you can prove consent. An attorney should ask how long you keep consent records and whether you can produce a timestamped, IP-logged consent record for any individual number on demand.

For a detailed walkthrough of the underlying rules, see our TCPA guidelines article.

If you want a head start before engaging an attorney, LeadCompliant's free compliance kit covers the consent documentation checklist and DNC scrubbing protocol in one download, so you walk into a legal review knowing exactly where your gaps are.

How much does a TCPA lawyer cost?

Compliance work is priced differently from defense work. Here's a realistic picture.

A one-time compliance review for a small-to-mid outbound team typically runs $3,000 to $15,000. The range is that wide because scope varies enormously. Reviewing a single web form opt-in and a basic scrubbing process is a few hours of attorney time. Auditing a full lead generation program with multiple vendors, multiple dialers, and campaigns in several states is a significant project.

Ongoing retainer arrangements, where the attorney is available for questions as your program changes, generally run $1,500 to $5,000 per month for a mid-sized team. This is usually worth it if you're actively scaling because you'll have questions every month.

Opinion letters, which are formal written legal opinions stating that a specific practice is compliant, cost $5,000 to $20,000 depending on complexity. If you're trying to get a lead vendor or business partner comfortable with your consent practices, an opinion letter from a named TCPA attorney carries weight.

Defense work is priced entirely differently. Hourly rates for experienced TCPA defense attorneys at major firms run $400 to $900 per hour [8]. A contested class action that doesn't settle early can cost hundreds of thousands in attorney fees. This is separate from any settlement amount.

Demand letters, often called pre-suit demand letters, sometimes settle for $5,000 to $50,000 depending on the number of alleged violations and the strength of your consent records. An attorney can tell you quickly whether a demand is aggressive or realistic.

The math is clear. Spending $5,000 to $10,000 on a compliance review before you launch is cheaper than every realistic litigation scenario. The question isn't whether you can afford a compliance attorney. It's whether you can afford not to have one.

What's the difference between a TCPA plaintiff's lawyer and a TCPA defense lawyer?

Plaintiff's TCPA attorneys represent consumers or consumer classes who allege they received illegal calls or texts. They work on contingency, meaning they take a percentage of any settlement or judgment. Because TCPA allows $500 to $1,500 per violation in statutory damages without proving actual harm, a class of 50,000 people who received one unwanted text is a viable lawsuit even if no one suffered any real injury beyond annoyance.

This business model is why TCPA litigation is so active. Plaintiff's firms monitor for companies running sloppy programs, buy or receive complaints, and file suits designed to pressure settlements. A well-documented case from a plaintiff's attorney can move quickly to class certification, which is the moment that makes defendants most eager to settle.

Defense TCPA attorneys represent companies facing these suits. Their toolkit includes challenging Article III standing (whether the plaintiff suffered a concrete injury after TransUnion LLC v. Ramirez [9]), attacking class certification on typicality or predominance grounds, negotiating settlement terms, and, occasionally, taking a case to trial.

The Joseph Snyder v. Credit One TCPA case is a good example of how individual plaintiff cases develop and what defendants face in terms of documentation demands.

If you're a company, you want defense counsel who understands the plaintiff's playbook. The best defense attorneys know exactly how plaintiff's firms build cases, which means they know what records to preserve, what arguments work at class certification, and what settlement terms are realistic.

For a look at how class actions actually resolve, the Cash App TCPA class action settlement and the Kaiser TCPA settlement claim deadline are instructive examples.

Can a TCPA compliance lawyer help with state-level calling laws too?

Yes, and this is increasingly important. The TCPA sets a federal floor, but states have layered their own rules on top of it. Florida, California, Washington, and Oklahoma have statutes that in some respects go further than the TCPA or create separate private rights of action [10].

Florida's Telephone Solicitation Act (FTSA) was significantly amended in 2021 and 2023. At its peak it was one of the broadest state calling laws in the country, creating a private right of action for any autodialed call or text to a Florida number without written consent, including B2B calls. The 2023 amendment pulled back some of those provisions, but Florida remains a high-litigation state.

California has the Invasion of Privacy Act and state DNC rules that interact with federal TCPA. Washington has the Commercial Electronic Mail Act and its own telemarketing statute.

A TCPA compliance attorney working with a multi-state outbound team needs to know both federal law and the laws in every state where you're calling. Not every TCPA attorney has this depth. Ask specifically.

For a current map of what's changing at the state level, see our telemarketing rules news coverage and the state laws hub on this site.

What records should you keep so a TCPA lawyer can actually defend you?

If a lawsuit lands, your defense lives or dies on records. An attorney can only work with what you have.

Consent records. For every number you've called or texted, you need a record that shows when that person consented, through what form or method, what the consent disclosure said, and technical evidence (IP address, timestamp, form version) linking that person to that consent. Generic "we require consent" policies don't hold up. You need record-level documentation.

DNC scrubbing logs. Keep dated logs showing when you pulled a current copy of the National DNC Registry, which numbers were matched and suppressed, and how your internal DNC list was maintained. The FTC makes the registry available to subscribers and requires access every 31 days for safe harbor purposes [7].

Communication records. Keep the actual call logs or text logs, including timestamps, originating numbers, and dialing system. These become exhibits.

Opt-out records. Every opt-out request, when it was received, through what channel, and when the number was added to your internal DNC list. The processing timeline matters.

Vendor documentation. Every lead vendor contract, the consent disclosures your vendors used at the time of lead capture, and any representations they made about TCPA compliance. If they represented that leads were compliant and they weren't, you may have an indemnification claim against the vendor, but only if you have the paper trail.

Two years is the minimum retention period most TCPA defense attorneys recommend for consent and scrubbing records, though longer is better given the statute of limitations for TCPA claims is four years under 28 U.S.C. § 1658 [11].

The free tools at LeadCompliant, including the DNC checker and consent documentation templates in the compliance kit, are designed to help small teams build exactly this kind of paper trail from day one.

What are the biggest TCPA mistakes lawyers say they see most often?

These patterns show up in litigation over and over, which means they're what plaintiff's firms are specifically looking for.

Buying leads without reviewing actual consent language. A vendor's contract saying leads are "TCPA compliant" means nothing if the disclosure a consumer saw said something like "your information may be shared with marketing partners." That language doesn't satisfy the FCC's one-to-one consent requirement [3]. Your attorney should be reviewing the actual disclosure, not the vendor's representation about it.

No process for honoring opt-outs. Federal regulations at 47 C.F.R. § 64.1200 require that opt-out requests be honored within 30 days and that the company maintain an internal DNC list [6]. Teams that have a manual, informal process, or no process at all, are routinely caught in litigation.

Using a dialer system without understanding its ATDS risk. Many modern predictive dialers and power dialers have features that could meet some definition of an autodialer. Not knowing this before a lawsuit is filed means your defense attorney is discovering your exposure at the same time the plaintiff's attorney is.

No written consent for text messages. SMS requires prior express written consent for marketing messages under FCC rules [6]. Verbal consent, implied consent, or a checked box buried in terms of service doesn't satisfy this requirement.

Relying on an existing business relationship as a consent substitute. An existing business relationship (EBR) provides a limited exemption for some residential landline calls, but it does not provide consent to autodialed or prerecorded calls to cell phones. This is a common and expensive misunderstanding. See our full breakdown of the TCPA existing business relationship rules.

Not updating practices after FCC rule changes. The TCPA regulatory landscape has shifted significantly in the last few years. Teams that set up a compliance program in 2019 and never revisited it may be running under rules that no longer apply.

Frequently asked questions

How much does a TCPA compliance attorney charge for a basic review?

A basic compliance review for a small outbound team typically costs $3,000 to $15,000, depending on how many lead sources, dialers, and states are involved. Ongoing retainers run $1,500 to $5,000 per month. These figures come from publicly available attorney billing discussions and RFP ranges; actual quotes vary by firm, geography, and scope. Always ask for a written scope of work before engaging.

Do I need a TCPA lawyer even if I've never been sued?

Yes, if you're running any autodialed, prerecorded, or bulk SMS outreach. The value of a compliance attorney is preventing the lawsuit, more than defending one. Given that statutory damages run $500 to $1,500 per call or text, even a modest outbound program has significant exposure. A one-time compliance review is far cheaper than the typical TCPA demand letter, which often opens at $50,000 or more.

What's the statute of limitations for a TCPA lawsuit?

TCPA claims are governed by the four-year federal catch-all limitations period under 28 U.S.C. § 1658. That means a plaintiff can file suit up to four years after the alleged violation. This is why TCPA defense attorneys recommend keeping consent and scrubbing records for at least four years, and ideally longer, since you may need to show compliance for calls made years before any litigation.

The FCC's Report and Order, adopted in December 2023, requires that a consumer's consent for telemarketing calls or texts be specific to one seller and logically connected to the website where consent was given. This effectively ended most shared-consent lead generation models where a single opt-in was sold to multiple buyers. If your lead vendors haven't updated their consent disclosures, you may be calling on non-compliant leads.

Can a TCPA compliance lawyer help me avoid a class action, more than defend one?

Yes, and that's the main value proposition. Class actions are filed against companies with systemic consent failures, because the class certification standard requires that the same legal question apply across thousands of class members. If your consent process is airtight and your records are complete, class certification becomes very difficult. A compliance attorney's job is to make your program hard to certify as a class.

For autodialed or prerecorded calls to cell phones and for any marketing SMS, the TCPA requires prior express written consent, meaning a signed (including electronic) agreement clearly disclosing that the consumer authorizes calls or texts from that specific company using automated means. For informational (non-marketing) calls or texts, prior express consent, which can be oral, generally suffices. The written standard is harder to meet and harder to document.

Do TCPA rules apply to B2B outbound calling?

The TCPA's cell phone autodialer restrictions apply regardless of whether the recipient is a consumer or a business. Calling a business person's cell phone with an ATDS without consent carries the same per-call exposure as a consumer call. There are some FCC exemptions for B2B calls to established business contacts on landlines, but the cell phone rules are not business-type-specific. See our full breakdown of the TCPA B2B exemption.

What should I do if I receive a TCPA demand letter?

Don't respond to the demand letter without an attorney. What you say, especially any admissions about your dialing practices or consent process, can be used against you in subsequent litigation. Call a TCPA defense attorney immediately. The attorney will assess whether the demand is realistic given your records, advise whether to negotiate or ignore, and handle all communication. Timelines matter because some demand letters precede a short-fuse filing deadline.

How do courts determine if a dialing system is an ATDS under the TCPA?

After the Supreme Court's 2021 Facebook v. Duguid decision, a system is an ATDS under federal law if it has the capacity to use a random or sequential number generator to produce or store numbers to be dialed. Systems that only dial from a pre-set list without random or sequential generation are not ATDS under that definition. However, circuit courts have applied this ruling inconsistently, and your jurisdiction matters. Get an opinion from an attorney familiar with your circuit.

What records does a TCPA defense lawyer need to build a defense?

At minimum: timestamped, IP-logged consent records for every called or texted number; dated DNC scrubbing logs showing when the registry was pulled and which numbers were suppressed; the actual text of consent disclosures used at lead capture; lead vendor contracts; internal DNC list maintenance records; and call or text logs with originating numbers and timestamps. Missing any of these makes defense significantly harder.

Are there TCPA lawyers who specialize in specific industries?

Yes. Healthcare, financial services, insurance, and real estate have generated so much TCPA litigation that some attorneys have built practices almost entirely around those verticals. An attorney with deep healthcare TCPA experience will know the nuances of patient communication exemptions and the FCC's healthcare-specific guidance. When vetting attorneys, ask what percentage of their TCPA work comes from your industry and ask for non-confidential examples of the issues they've seen.

How long does a TCPA class action typically take to resolve?

Most TCPA class actions that settle do so within 12 to 36 months of filing, though contested cases that go through class certification and summary judgment can run three to five years. The early stages, including the defendant's motion to dismiss and any standing challenge, often resolve within the first six to twelve months. Settlement timing depends heavily on the strength of the plaintiff's consent evidence and the defendant's record quality.

What's the risk of ignoring a TCPA complaint or demand letter?

Ignoring a demand letter doesn't make it go away. Plaintiff's attorneys file suit when demands aren't answered, and a filed complaint requires a formal response within 21 days under the Federal Rules of Civil Procedure. Ignoring a filed complaint can lead to a default judgment. Even if you think the demand is baseless, an attorney should make that assessment, not you.

Can I use AI or automated tools to manage TCPA compliance instead of a lawyer?

Tools handle the mechanics: DNC scrubbing, consent record storage, opt-out processing. They don't exercise legal judgment. A compliance checklist or software tool won't tell you whether your specific consent language survives scrutiny in the Ninth Circuit or whether your dialer's architecture creates ATDS risk. Tools and attorneys serve different functions. Use both, not one instead of the other.

Sources

  1. Cornell Law School Legal Information Institute, 47 U.S.C. § 227: Statutory damages of $500 per violation, trebled to $1,500 for willful or knowing violations, with the statute's exact language on the private right of action
  2. Supreme Court of the United States, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed the ATDS definition: a system is an autodialer only if it uses a random or sequential number generator to produce or store numbers to be called
  3. PACER (Public Access to Court Electronic Records), U.S. Courts: Federal court dockets searchable by attorney name to verify TCPA litigation experience
  4. FCC, 47 C.F.R. § 64.1200 (Delivery Restrictions), Electronic Code of Federal Regulations: FCC regulations requiring prior express written consent for autodialed or prerecorded calls to cell phones and for marketing SMS, and requiring opt-outs to be honored within 30 days
  5. FTC, National Do Not Call Registry, donotcall.gov: Telemarketers must scrub against the National DNC Registry and may access it every 31 days for safe harbor purposes
  6. Thomson Reuters Institute, Report on the State of the US Legal Market, thomsonreuters.com: Hourly billing rates for experienced litigation partners at major U.S. firms; range cited contextually for TCPA defense counsel
  7. Supreme Court of the United States, TransUnion LLC v. Ramirez, 594 U.S. 413 (2021): Supreme Court held that plaintiffs must demonstrate a concrete injury for Article III standing in federal court, which TCPA defendants use to challenge plaintiff standing
  8. Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida's state-level telemarketing law creating a private right of action for autodialed calls and texts, amended in 2021 and 2023
  9. Cornell Law School Legal Information Institute, 28 U.S.C. § 1658 (Limitations on Actions): Four-year federal catch-all statute of limitations applies to TCPA claims, establishing the minimum record retention period for compliance documentation

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit