What a TCPA law firm actually does and when you need one

TCPA law firms sue or defend against robocall and text violations worth $500, $1,500 per call. Learn when to hire one, what it costs, and how to avoid suit.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-10

Two attorneys reviewing TCPA case documents in a glass conference room
Two attorneys reviewing TCPA case documents in a glass conference room

TL;DR

A TCPA law firm either sues companies for illegal robocalls and texts on behalf of consumers, or defends businesses facing those suits. Statutory damages run $500 to $1,500 per violation with no cap on class size. Got illegal calls, or did your company get a demand letter? Knowing how these firms work is your first move.

What does a TCPA law firm actually do?

TCPA law firms split into two camps. Plaintiff-side shops recruit consumers who got unwanted calls or texts and file class actions. Defense firms represent the businesses accused of those same violations. A few do both. Most pick a lane.

On the plaintiff side, the business model is almost entirely contingency. The firm invests its own time, finds a named plaintiff who received illegal calls, certifies a class, and then negotiates a settlement or goes to trial. The firm keeps 25 to 40 percent of whatever the class recovers. Because the Telephone Consumer Protection Act sets statutory damages at $500 per negligent violation and $1,500 per knowing or willful violation [1], a single automated dialing campaign touching a million wrong numbers can produce theoretical exposure in the hundreds of millions of dollars. That math is why plaintiff firms push so hard.

Defense firms charge hourly or take retainers. The work includes reviewing the complaint, fighting class certification (the single most important procedural battle in TCPA litigation), attacking consent evidence, and negotiating settlements. Early settlement almost always costs less than litigation, which is why most cases settle. [2]

A third, smaller category is regulatory counsel: attorneys who advise companies before any lawsuit, reviewing dialing practices, consent flows, and DNC scrubbing. That preventive work is genuinely undervalued. One attorney reviewing your lead intake form costs far less than one class action.

What does the TCPA actually say, and what triggers a lawsuit?

47 U.S.C. § 227 is the statute. It bars using an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice to call or text a cell phone without the called party's prior express consent. For telemarketing calls, the FCC requires prior express written consent. [1]

The statute's text on damages reads: "the person or entity, if otherwise permitted by the laws or rules of court of a State, may bring in an appropriate court of that State an action to recover for actual monetary loss from such a violation, or to receive $500 in damages for each such violation, whichever is greater." For willful or knowing violations, the court may triple that to $1,500. [1]

What triggers a lawsuit in practice? Usually one of these:

  • Calls or texts sent after a consumer asked to stop.
  • Calls to numbers that never opted in.
  • Calls to numbers on the National Do Not Call Registry without an established business relationship.
  • Use of a predictive dialer or ringless voicemail without proper consent.
  • Failure to honor opt-out requests within 10 business days (the FCC's regulatory standard). [3]

The definition of ATDS has been fought over endlessly. The Supreme Court's 2021 ruling in Facebook v. Duguid narrowed it to systems that use a random or sequential number generator to store or produce numbers. [4] That decision killed off a lot of weak claims. Plaintiff firms adapted. They now go after consent gaps, DNC violations, and internal do-not-call failures, which don't turn on the ATDS definition at all.

For companies doing outbound sales, the two most common traps are buying lead lists where consent is shaky and failing to purge internal DNC requests fast enough. Both are entirely preventable with the right processes.

How much do TCPA settlements actually cost?

Settlement amounts swing wildly. Class size, the quality of the defendant's consent evidence, and how far the case got before anyone talked numbers all move the figure.

Small single-plaintiff cases sometimes resolve for $5,000 to $20,000 just to make the plaintiff go away. Mid-size class actions (tens of thousands of class members) regularly settle in the low millions. Large campaigns against big companies with deep pockets reach tens of millions.

Some real, public examples:

CompanySettlement AmountApproximate Class Size
UnitedHealthcare$2.5 million [5]Thousands of members
Credit One BankUndisclosed; major class [6]Millions of accounts
Albertsons/SafewayMulti-million [7]Tens of thousands
Truist BankSignificant settlement [8]Large class
Cash App (Block)Class action filed [9]Broad consumer base

Defense litigation costs sit separate from the settlement. A contested TCPA class action can burn $500,000 to $2 million in attorney fees before trial, and most cases never reach trial. That's why early resolution, even at a painful number, often makes financial sense.

The FCC's one-to-one consent rules, adopted in a December 2023 order, were set to take effect in January 2025 and require express written consent specific to each seller. [10] They will likely shrink the volume of lead-gen suits going forward. But cases filed before or during that transition are still working through the courts.

TCPA statutory damages per violation Damages available in a private lawsuit under 47 U.S.C. § 227 Standard violation (per call/text) $500 Willful or knowing violation (per… $1,500 Typical small class action floor… $5M Typical small class action floor… $15M Source: Cornell Law School / LII, 47 U.S.C. § 227 (2024)

How do plaintiff TCPA firms find clients and build cases?

Most business owners don't understand this part, and they should. Plaintiff TCPA firms don't wait for injured consumers to walk in. They recruit named plaintiffs through online ads, consumer forums, and referral networks.

Once they have a plaintiff, attorneys pull phone records, subpoena dialing platform data, and request call logs through discovery. They hunt for evidence of an ATDS, a prerecorded message, or a missing consent record. Find it, and they move to certify a class, turning one plaintiff's case into one representing potentially millions of people.

Professional plaintiffs exist in this space. Some individuals have filed dozens of TCPA suits, deliberately handing their number to businesses and then logging every call. Courts have started scrutinizing these plaintiffs harder, and some have lost standing, but the practice continues. [2]

For defense attorneys, the response to class certification is the moment that decides everything. Show that individual consent questions predominate (meaning each class member's situation is different), and you can defeat certification, collapsing the class into individual cases no attorney will chase at $500 a pop.

What's the difference between a TCPA defense firm and a TCPA plaintiff firm?

The practical differences go past which side of the table they sit on.

Plaintiff firms are volume operations. They file many cases, settle most of them, and get paid only when they win. Their power is the threat of class certification and the math of multiplied statutory damages. A good plaintiff firm knows which defendants have weak consent documentation and which have pockets deep enough to pay.

Defense firms are usually full-service litigation shops with a TCPA practice group, or boutiques that do nothing but TCPA and related telemarketing law. They charge hourly, often $300 to $700 per hour for lead partners at boutique firms, and more at large national firms. Retainers for a class action defense can easily run $50,000 to $100,000 upfront.

The best defense firms also do proactive compliance work, which is where the real value is. Reviewing consent language, auditing DNC processes, and stress-testing lead acquisition before a lawsuit lands costs a fraction of defending one. If you're running any outbound calling or SMS program at scale, spending $5,000 to $15,000 on a compliance audit is one of the smartest risk moves you can make.

If your company sits in a state with extra telemarketing laws, like Florida (FTSA), Texas, or Oklahoma, you may need a firm with specific state-law experience on top of federal TCPA knowledge. [11]

How do you find a legitimate TCPA law firm?

Plaintiff firms are easy to find because they advertise. Defense firms take more digging.

For defense, start with the National Law Review's TCPA coverage or the American Bar Association's directory. Look for attorneys who have actually written about TCPA issues, filed motions in TCPA cases, or testified before the FCC. A firm that lists "TCPA" as one of 40 practice areas is a different animal from one that publishes regular analysis of FCC orders.

Ask any prospective defense firm these questions:

1. How many TCPA class actions have you defended in the last three years? 2. What's your track record on class certification challenges? 3. Do you have relationships with TCPA-experienced expert witnesses on ATDS technology? 4. Can you review our consent documentation and dialing practices before we get sued?

For plaintiff-side representation, consumers should look for firms that take cases on contingency, have TCPA case experience specifically (more than general consumer protection), and can explain in plain language whether your situation is viable. A single unwanted text usually isn't worth pursuing unless there are thousands of similarly affected people. A pattern of calls after you asked to stop is a much stronger case.

For state-specific defense needs, bar referral services help. If you're facing a suit in a state like Kentucky, finding counsel admitted in that jurisdiction with federal court experience matters. [12]

What should a business do immediately after receiving a TCPA demand letter?

Stop panicking, but move fast. A demand letter isn't a lawsuit. It's still a serious signal.

First, don't respond to the plaintiff's attorney without your own counsel. Anything you say can be used against you later. Second, preserve every record right away: call logs, consent records, lead source documentation, dialing platform configurations, DNC scrub reports. Spoliation (destruction of evidence) can bring sanctions worse than the underlying claim.

Third, get a TCPA defense attorney on the phone within 48 hours. Many demand letters carry a short response window, and the plaintiff's firm is watching to see if you'll settle cheap or fight.

Fourth, investigate internally. Pull the specific calls or texts alleged, identify the lead source, and check whether you have consent documentation. The quality of your consent records is the single biggest factor in whether you fight or settle, and at what number.

If your team needs a fast self-assessment before legal counsel is in place, LeadCompliant's free TCPA compliance checklist helps you spot which consent and DNC gaps you're most exposed on, so you walk into the attorney conversation already knowing your weak points.

Fifth, check whether your general liability or errors and omissions insurance covers TCPA claims. Some policies explicitly exclude them. Others provide defense cost coverage even when indemnity is excluded. Your broker should know, but read the policy language yourself.

Can individuals sue under the TCPA without a law firm?

Yes. The TCPA lets individuals file suit in state court without an attorney, and small claims court is a common venue for single-plaintiff cases. The statute explicitly creates a private right of action. [1]

Pro se plaintiffs (people representing themselves) do file and sometimes win TCPA cases. Damages per violation are fixed by statute, so you don't need to prove a complex injury. You need to prove the call happened, that it came from an ATDS or prerecorded voice or violated DNC rules, and that you didn't consent or had revoked consent.

The practical limit is discovery. Without an attorney, subpoenaing call records and dialing platform data from a corporation is hard. Corporations know this and sometimes stonewall pro se plaintiffs hoping they'll quit.

If you received multiple calls or texts that look like part of a larger campaign, a plaintiff's attorney will almost certainly take your case on contingency if the facts are solid. You give up 25 to 40 percent of the recovery, but you get professional advocacy and the ability to threaten class certification, which is worth far more than that cut.

For consumers wondering how to stop the calls in the first place, registering on the National DNC Registry and sending a written opt-out request to the specific company are the first steps. [13]

What are the most common TCPA defenses that actually work?

Defense firms have a toolkit, and some tools work better than others depending on the facts.

Consent is the first and strongest defense. Produce a clear, written, prior express consent record showing the specific plaintiff agreed to receive calls or texts from your company for marketing purposes, and most cases end there. The consent has to be unambiguous, documented, and tied to the exact number that was called.

Revocation ambiguity is sometimes useful. If the plaintiff claims they revoked consent but the record shows only a vague complaint rather than a clear opt-out, that can create a dispute. This defense has limits after the FCC's 2024 order on revocation, which requires companies to honor any reasonable oral or written revocation request. [10]

ATDS challenges matter less post-Facebook v. Duguid but still apply if the claim depends on the system being a random or sequential number generator. [4] If your dialer used a pre-loaded list rather than randomly generating numbers, you may not be running an ATDS as the Supreme Court defined it.

Lack of standing comes up when professional plaintiffs overreach. Courts have dismissed cases where plaintiffs manufactured their injury. This one is litigation-intensive and not a quick win.

Arbitration clauses, if they're in your terms of service and properly disclosed, can route individual claims out of court. They don't stop class actions where class members never saw your terms, but they work for direct customer relationships.

The weakest defense is ignorance. "We didn't know we needed consent" almost never works and can actually support a finding of willfulness, which triples the damages.

How can a business reduce TCPA lawsuit risk before it gets sued?

Prevention is cheaper than litigation. That's not a platitude. It's arithmetic. Even a small class action defense costs more than a thorough compliance review.

The highest-impact preventive steps:

First, document consent at the source. Every lead who will receive automated calls or texts needs an explicit, written consent record tied to their specific phone number. The FCC's January 2025 one-to-one consent rule means consent collected for a lead aggregator no longer covers your specific calls. [10] You need consent that names your company.

Second, scrub against the National DNC Registry before every campaign. Federal rules require scrubbing no more than 31 days before the call. [3] Keep records of every scrub.

Third, maintain and honor an internal DNC list. Anyone who asks to be removed goes on your internal DNC within 10 business days and never gets called again for any marketing purpose.

Fourth, audit your dialing technology. Know what your platform does, whether it qualifies as an ATDS under the current standard, and what records it generates.

Fifth, train everyone who touches the dialing system on opt-out handling. A single rep who ignores a stop request and makes three more calls just created three violations at $500 to $1,500 each.

LeadCompliant's free compliance tools include DNC checkers and consent documentation templates that small outbound teams can run without a full legal team. They don't replace attorney review of your specific program, but they close the most common gaps.

For teams running text campaigns, the rules on SMS consent and opt-out handling have their own quirks worth understanding separately. [14]

What recent TCPA cases should businesses pay attention to?

The TCPA landscape moves fast. A few decisions and settlements from the last few years matter for outbound teams.

Facebook v. Duguid (2021) narrowed the ATDS definition, as described above. [4] That was a real win for dialers using pre-loaded lists. It didn't erase TCPA risk. It redirected plaintiff firms toward consent and DNC theories.

The FCC's December 2023 Report and Order on consent, with the main provisions set for January 2025, is probably the biggest regulatory shift in years. It requires one-to-one consent, meaning a consumer's consent to one company doesn't cover other sellers sharing the same lead form. [10] Lead generation companies and their buyers are still working out what compliant consent flows look like.

UnitedHealthcare paid $2.5 million to settle allegations that it made calls to consumers without proper consent. [5] Healthcare companies are not exempt from the TCPA.

The Albertsons and Safeway settlement, the Credit One Bank litigation, and Truist Bank's class action all show how large financial and retail companies with sophisticated legal teams still land in TCPA class actions when their marketing or collections outreach lacks clean consent documentation. [6][7][8]

Staying current on TCPA developments, especially FCC orders and circuit court decisions, is genuinely necessary if you run outbound programs. The rules have shifted enough times in the last five years that advice from 2020 may be flat wrong today. [15]

Frequently asked questions

How much does it cost to hire a TCPA defense attorney?

Hourly rates at boutique TCPA defense firms typically run $300 to $700 per hour for experienced partners. Retainers for defending a class action often start at $50,000 and can reach $2 million or more in total legal fees by the time a contested case resolves. Early settlement almost always costs less. Some firms offer flat-fee compliance reviews for $5,000 to $15,000, which can prevent suits entirely.

Can a TCPA lawsuit be a class action?

Yes, and that's what makes TCPA liability so serious. A single marketing campaign touching millions of people can become a class action where each member claims $500 to $1,500. Theoretical exposure can exceed the company's entire revenue. Class certification is the key procedural battle; defeating it collapses the case into individual claims too small for plaintiff attorneys to pursue economically.

What is the statute of limitations for TCPA claims?

The TCPA has a four-year statute of limitations under 28 U.S.C. § 1658, the default federal statute of limitations. Some states apply their own shorter periods, but federal courts typically apply four years from the date of the violation. Calls or texts made four years ago can still ground a lawsuit filed today, so keep your consent records and DNC scrubs for at least that long.

Do TCPA law firms take cases on contingency?

Plaintiff TCPA firms almost always work on contingency, taking 25 to 40 percent of any settlement or verdict. Consumers pay nothing out of pocket. Defense firms generally charge hourly or require retainers; contingency arrangements are rare on the defense side. If you're a consumer who received unwanted calls, a contingency fee structure means you can get representation without upfront costs.

What evidence do I need to file a TCPA complaint?

At minimum: records showing the call or text happened (call logs, phone bill, screenshots), the phone number that contacted you, a description of whether it was a robocall or prerecorded message, and any prior communication showing you didn't consent or had revoked consent. Attorneys can subpoena additional records from the company's dialing system during discovery. The more documentation you have from the start, the stronger the case.

Is a single unwanted text enough to sue under the TCPA?

Technically yes. One text message to a cell phone without consent can be a $500 statutory violation. In practice, plaintiff attorneys rarely take single-plaintiff cases unless the damages are exceptional or the case can be expanded into a class. If you received one unwanted text, you can file in small claims court yourself. If you received many, or the sender appears to have blasted millions of people, talk to a plaintiff firm.

Does the TCPA apply to B2B calls?

The TCPA protects telephone numbers, not people, so it applies whenever a covered call goes to a number covered by the statute regardless of whether the called party is a business or consumer. Cell phone numbers registered to a business are still protected. However, some courts have found that calling a person's business cell phone for business purposes may not trigger the same residential DNC protections. The analysis is fact-specific.

Can I sue a company that called me after I said stop?

Yes. Calling or texting someone after they've revoked consent is one of the clearest TCPA violations. You don't need to prove anything about how they got your number originally; once you've clearly asked to stop and they continue, each subsequent call or text is a separate violation at $500 to $1,500 each. Document every call with date, time, and what was said. That record is evidence.

What is the FCC's role in TCPA enforcement versus private lawsuits?

The FCC enforces the TCPA through administrative proceedings and can impose its own forfeitures, which have reached into the tens of millions of dollars for large-scale violations. But the TCPA also creates a private right of action, so consumers and plaintiff firms can sue independently in federal or state court without FCC involvement. Most TCPA enforcement runs through private litigation, not FCC action. The FCC issues rules and interpretations that shape what private suits can prove.

Does insurance cover TCPA lawsuits?

It depends entirely on your policy language. Some general liability and errors and omissions policies cover TCPA defense costs even when they exclude indemnity for TCPA judgments. Others exclude TCPA claims entirely as intentional acts or statutory violations. Read your policy's exclusion section carefully and ask your broker specifically about TCPA coverage before you need it. Some specialty carriers now offer TCPA-specific coverage as a standalone or rider.

How long does a TCPA lawsuit take to resolve?

Single-plaintiff cases that settle early can resolve in three to six months. Contested class actions often run two to four years from filing through settlement or verdict. Class certification briefing alone can take a year. The longer the case runs, the higher your defense costs. Most defendants settle before trial because the risk of a jury verdict on a large class is too unpredictable even when the defendant has reasonable defenses.

What's the difference between a TCPA violation and a DNC violation?

A TCPA violation in the narrow sense involves calls made with an ATDS or prerecorded voice without consent. A DNC violation involves calling a number on the National Do Not Call Registry or your internal DNC list without an applicable exemption. Both are enforced under the TCPA statute and FCC rules, and both carry $500 to $1,500 per-call damages in private suits. A single campaign can trigger both types of violation at once.

Sources

  1. Cornell Law School / Legal Information Institute, 47 U.S.C. § 227: TCPA prohibits ATDS calls to cell phones without prior express consent; damages are $500 per violation, up to $1,500 for willful violations
  2. Federal Trade Commission, enforcement overview: Most TCPA class actions settle before trial; professional plaintiffs exist who deliberately collect violations
  3. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): ATDS definition narrowed to systems using a random or sequential number generator to store or produce numbers; pre-loaded list dialers may not qualify
  4. LeadCompliant, UnitedHealthcare TCPA settlement analysis: UnitedHealthcare paid $2.5 million to settle allegations of TCPA violations
  5. LeadCompliant, Credit One TCPA litigation analysis: Credit One Bank faced major TCPA class action litigation involving millions of accounts
  6. LeadCompliant, Albertsons/Safeway TCPA settlement analysis: Albertsons and Safeway reached a multi-million dollar TCPA settlement covering tens of thousands of class members
  7. LeadCompliant, Truist Bank TCPA class action analysis: Truist Bank reached a significant TCPA class action settlement
  8. LeadCompliant, Cash App TCPA class action analysis: Cash App (Block) faced a TCPA class action covering a broad consumer base
  9. Florida Legislature, Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059: Florida's FTSA adds state-level telemarketing restrictions on top of federal TCPA requirements, including its own private right of action
  10. American Bar Association, lawyer referral resources: State-specific TCPA counsel is important for defendants in jurisdictions with their own telemarketing rules
  11. FTC, National Do Not Call Registry for consumers: Consumers can register phone numbers on the National DNC Registry to reduce unwanted telemarketing calls
  12. LeadCompliant, text message marketing compliance guide: SMS campaigns have specific TCPA consent and opt-out requirements distinct from voice calling rules

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit