Last updated 2026-07-10

TL;DR
The TCPA exposes both the company that initiates a call and the individual who makes it. Courts have held sales reps and managers personally liable when they directed or controlled the violating calls. Per-violation damages run $500 to $1,500 under 47 U.S.C. 227(b)(3), with no total cap. One rep making 100 unconsented autodialed calls can generate $150,000 in personal exposure.
What does the TCPA actually say about who is liable?
The TCPA reaches "any person" who makes a call, and that includes people, more than companies. The statute, 47 U.S.C. 227(b)(1), makes it unlawful for "any person" to place certain calls using an automatic telephone dialing system or a prerecorded voice without prior express consent. [1] Congress picked that phrase on purpose. It did not write "any corporation."
The FCC reads it broadly, and federal courts follow. The Commission's 2003 order on the national Do Not Call rules held that liability attaches to the entity "on whose behalf" a call is made. [2] Courts then went further. Individuals who personally direct, authorize, or place violating calls can be named as defendants.
So both the company and the individual rep can be on the hook. The company is almost always the primary target because it has deeper pockets and because respondeat superior (an employer's liability for its employees' acts) applies. But "almost always" is not "always," and that gap is where reps and managers get hurt.
When can a sales rep be personally liable under the TCPA?
Personal liability is not automatic. Courts generally ask two questions: did this person personally participate in the violating conduct, and did they have the authority to stop it? Answer yes to both and you are exposed.
The reference point is Dish Network. In FTC v. Dish Network, L.L.C., 880 F.3d 402 (7th Cir. 2018), the court sorted out which officers could be held individually responsible for company-level violations. [3] That case ran under the FTC Act rather than the TCPA, but the reasoning has bled into TCPA case law. Individual defendants need some mix of control over the conduct and knowledge that it was happening.
Here is when personal liability turns real for a rep:
- They personally placed the calls, finger on the dialer, and the calls broke the TCPA.
- They directed or managed other reps to place the calls.
- They set up or configured the autodialer campaign.
- They knew about a consent problem and kept calling anyway.
A brand-new rep dialing a number off a list handed to them by a manager sits in a very different spot than the sales director who bought the list and set the daily quota. Courts see that distinction. But it does not save the new rep who keeps calling after a consumer says stop, because at that moment the rep has personal knowledge of the violation.
What are the per-call damages and how do they stack up for an individual?
The math gets scary fast. 47 U.S.C. 227(b)(3) sets private-right-of-action damages at $500 per violation for negligent conduct and up to $1,500 per violation for willful or knowing conduct. [1] There is no cap on total aggregate damages in the statute.
Run the numbers. A rep who makes 200 autodialed calls to cell phones without proper consent faces $100,000 at the negligent rate, or $300,000 if a jury calls the conduct willful. Courts have found willfulness when a defendant kept calling after cease-and-desist requests, after being sued, or after ignoring internal compliance warnings.
For a company, that exposure hurts but is often survivable. For a rep earning $80,000 a year, a $300,000 personal judgment ends a career. That is why the company-versus-individual question is more than academic.
Here are the statutory damage tiers under the TCPA:
| Violation Type | Damage per Violation | Source |
|---|---|---|
| Negligent TCPA violation | $500 | 47 U.S.C. 227(b)(3)(B) |
| Willful or knowing violation | Up to $1,500 | 47 U.S.C. 227(b)(3)(C) |
| State mini-TCPA statutes (e.g., WA, FL) | Varies, often $500-$1,000 base | State law |
The cash app tcpa class action settlement and the credit one tcpa settlement show how aggregate class damages turn into real settlement dollars at the company level. Individual reps rarely get named in class actions. They do show up in individual suits and in FTC and FCC enforcement actions.
Does the company's insurance or indemnification protect the rep?
This is where a lot of reps get a nasty surprise. General liability policies often exclude TCPA claims, especially when they read as intentional acts or statutory penalties. Employment practices liability (EPLI) policies usually do not cover TCPA claims either. Some companies buy a specific telemarketing liability rider. Small outbound teams almost never do.
Indemnification clauses in employment contracts can, in theory, protect a rep, meaning the company agrees to cover legal costs and any judgment. The limits are real. The company has to still be solvent when the judgment lands. Courts in some states will not enforce indemnification for intentional or willful wrongdoing. And if you and your employer are co-defendants with a conflict of interest, the employer's lawyer cannot represent you anyway.
Do not assume coverage or a promise of indemnification will insulate you. If you run a calling program, ask your employer in writing exactly what insurance they carry for TCPA exposure before you build it. Get the policy number. Read the exclusions.
How does liability differ for managers versus frontline reps?
The more authority you have over calling decisions, the more personal TCPA exposure you carry. That is the whole rule in one sentence.
A frontline rep dialing a company-provided list, on company equipment, following a company script, sits in the safest personal position on the team. They still made the calls, so they carry some exposure. But the facts point at the employer. Courts generally reserve personal liability for the people who designed the program, bought or built the list, set the consent standards, or ignored complaints.
A sales manager who sets quotas, tunes the dialer settings, and reads the bounce-back complaints from angry consumers is in a much worse spot. Courts and plaintiffs' lawyers hunt for the person with "the authority and ability to control" the violating conduct, a standard borrowed from FTC enforcement cases and applied in TCPA fights.
Owners and founders of small businesses are often the most exposed of anyone, because they make all of those calls themselves. Run a 10-person outbound team, personally set up the cold calling program, buy the leads, configure the dialer, and you are not hiding behind the corporate veil on a TCPA claim.
The corporate veil argument, where a defendant says "the LLC did this, not me," exists but does not always work. Plaintiffs' lawyers know to plead personal participation, and courts ask whether the individual was the "person" who made or initiated the call within the meaning of the statute.
What does "on whose behalf" mean and why does it matter for liability?
"On whose behalf" is how the FCC pins a company for calls it never physically made. The Commission has held that a company can be liable for calls placed by a third-party vendor when those calls are made "on behalf of" the company. [2] That builds a chain of liability running in two directions.
Upstream: hire a lead-generation vendor who makes TCPA-violating calls to warm up leads for you, and your company may still be liable even though you never touched a dialer. The FCC's 2013 TCPA omnibus ruling confirmed that vicarious liability applies under common-law agency principles. [4]
Downstream: if you are a 1099 contractor or an independent sales rep placing calls for a company, you may be personally liable as the person who initiated the call, and the company you represent may be liable as the party on whose behalf you called.
For teams using outsourced calling or text message marketing vendors, this is a live risk. You cannot outsource away TCPA liability. You inherit whatever violations your vendor commits on your behalf, unless you have strong contract terms and real oversight, and even then the FCC may still find you liable.
Can sales reps be named in a TCPA class action?
Technically yes. Practically, rarely. Class-action plaintiffs' lawyers chase defendants who can pay class-wide damages, which almost always means the corporate entity. A class of 50,000 claimants at $500 each is $25 million. No individual rep can pay that, so naming them adds cost and complexity without improving recovery.
Reps do get named in two common scenarios. First, small individual cases, where the plaintiff is a consumer a specific rep harassed and who wants to make a point. Second, enforcement actions by the FTC or state attorneys general, which are not class actions but which regularly name the individual officers and employees who directed the conduct.
The FTC's history is instructive. In telemarketing cases the agency has pursued individual defendants personally and won permanent injunctions and judgments that follow them long after the company folds.
Run a cold call program of any size and the scenario where you personally get named is more real than most people think. Plaintiffs' lawyers file broad initial complaints that name executives and managers, then trim the list through discovery. Getting dropped after six months of litigation still costs you six months of anxiety and legal fees.
What steps can a company take to shield both itself and its reps?
Good TCPA compliance protects the company and the humans on the team at the same time. Here is what actually moves the needle.
Scrub your call lists against the National Do Not Call Registry before every campaign. The FTC runs the registry, and sellers download it regularly. [5] This is not optional, and the cost is small next to the exposure. Scrub against your own internal do not call list too, and honor opt-outs inside the required window.
Document your consent chain. Autodialed calls to cell phones and marketing texts need prior express written consent. [1] That means knowing where each lead came from, what disclosure language the person saw, and when they consented. If your consent chain is a vendor emailing a spreadsheet that says "these are opted in," that is not documentation. That is wishful thinking.
Train your reps on the bright lines. When a consumer says "stop calling me," the call ends and the number goes on the internal DNC list. A rep who keeps calling after that has just multiplied their personal exposure.
Build an internal compliance review process. Someone has to own this. If nobody owns it, everyone on the management chain owns it by default the day a plaintiff's lawyer comes looking. Tools like the free compliance checkers at LeadCompliant help you find gaps before they turn into lawsuits.
Get real contracts in place with any calling or lead-gen vendor. The contract should require TCPA and FCC compliance, indemnify you for the vendor's violations, and give you audit rights. A vendor who balks at those terms is telling you exactly how they operate.
How does the TCPA treat calls made with a manually dialed phone versus an autodialer?
This split matters enormously for individual rep exposure. The TCPA's autodialer restrictions under 47 U.S.C. 227(b)(1)(A) apply to calls placed with an automatic telephone dialing system (ATDS). [1] The Supreme Court's 2021 ruling in Facebook, Inc. v. Duguid held that an ATDS must have the capacity to store or produce numbers "using a random or sequential number generator." [6] A rep who manually dials a number from a list, one at a time with human judgment behind each call, may not be using an ATDS at all.
That matters because manual cold calls to wireless numbers, while still subject to other TCPA provisions and the DNC rules, do not carry the autodialer per-call damages for calling without consent. Duguid narrowed the ATDS definition, which made it harder for plaintiffs to sue companies running modern predictive dialers that work from a fixed list rather than generating numbers randomly.
Do not get comfortable. The DNC rules still apply to manually dialed calls. State mini-TCPA laws (Florida, Washington, Oklahoma) may carry broader ATDS definitions or extra restrictions. And prerecorded voice messages carry their own TCPA restrictions no matter how the call is dialed.
The practical move for a rep: if your company uses a power dialer or predictive dialer, ask your compliance lead or lawyer whether it qualifies as an ATDS under Duguid. The answer changes your exposure.
What real TCPA cases show about individual defendant outcomes?
Actual outcomes tell you more than the statute read in a vacuum. The pattern is consistent, and it is not friendly to managers.
In FTC v. Caribbean Cruise Line (N.D. Ill.), individual officers were held liable alongside the company for robocall violations, and the FTC pursued personal injunctions banning those individuals from telemarketing for years. [7] The company paid more than $13 million in settlements with state attorneys general, but the personal consequences arguably hit harder, because the injunctions traveled with the individuals professionally.
In Johansen v. Vivant, Inc., No. 12-cv-7159 (N.D. Ill. 2012), the court asked whether an individual officer could be personally liable for TCPA violations committed through the company. It held that personal participation in the conduct, rather than corporate status, drives individual liability. [8]
The thread across these cases is simple. Corporate officers and managers who actively directed TCPA-violating campaigns do not escape personal liability just because they acted in a corporate capacity. The statute says "any person." Courts mean it.
If you run an outbound program, especially at a small company where the founder and the compliance owner are the same person, study these. A personal judgment tied to willful violations may not be dischargeable in bankruptcy. That is not a spot you want to reach.
How should a small outbound team actually structure responsibility to limit personal exposure?
Small teams carry less formal structure, which usually means more personal exposure. Here is a practical setup that does not need a legal department.
Name one compliance owner. That person owns the DNC scrubbing, the consent documentation, the vendor contracts, and rep training. A named owner creates a paper trail showing the company took compliance seriously, which matters in litigation. It also concentrates the knowledge instead of spreading it so thin nobody actually does the work.
Write a calling policy. It does not have to be long. It has to say what lists can be called, what consent documentation is required, what happens when a consumer asks to stop, and what rep behavior gets someone fired. When a rep breaks the policy, the policy becomes your evidence that the violation went against company direction, which cuts the company's willful-violation exposure and gives reps a clear line to walk.
Document everything. Log when you pulled DNC lists and what came back. Keep consent records. Save the vendor contracts. In litigation, documents you have beat arguments you make, every time.
Check the do not call telemarketer list requirements for your state, because several states require registration and impose their own scrubbing duties on top of the federal rules. For mobile numbers, the rules around mobile phone do not call list protections add one more layer to check.
The TCPA compliance kit at LeadCompliant covers the core documents: a written DNC policy template, a consent audit checklist, and a vendor contract addendum. Run through it once a year. That is a cheap way to catch gaps before they become cases.
Frequently asked questions
Can a sales rep be personally sued under the TCPA even if they were just following company orders?
Yes. The TCPA uses the phrase "any person," so following orders does not automatically shield a rep. Courts look at whether the individual personally participated in the violating conduct. A rep who kept calling after a consumer demanded they stop has their own problem regardless of company policy. A rep who acted in good faith on a bad list handed down by management sits in a better position than the manager who built that list.
What is the maximum a sales rep can personally owe in a TCPA lawsuit?
The statute sets damages at $500 per violation for negligent conduct and up to $1,500 per violation for willful or knowing conduct. There is no statutory cap on total damages. A rep who made 500 unconsented autodialed calls faces up to $750,000 in personal exposure if a court finds the violations willful. Individual defendants often settle for less, but the theoretical exposure is unlimited and scales directly with call volume.
Does forming an LLC protect a business owner from personal TCPA liability?
Not reliably. Courts have pierced the corporate veil in TCPA cases when the owner was the person who actually made or directed the violating calls. The statute covers "any person," so if you personally initiated the calls or controlled the program that did, the LLC does not hide you. The corporate form protects against general business debts, not against statutory liability for your own conduct.
Are independent sales contractors (1099 reps) personally liable under the TCPA?
Yes, and they carry a compounded risk. As the person who made the call, they may be directly liable as the individual initiating contact. The company they represent may also be liable vicariously. Independent contractors do not get the employer indemnification that W-2 employees sometimes have, and they often never check whether the company has proper consent documentation. Both parties can end up as defendants.
If a company settles a TCPA class action, does that protect individual reps from separate suits?
A class settlement usually releases claims against named defendants, which means the corporate entity and sometimes named officers. Reps who are not named defendants are not automatically covered by the release. A consumer specifically targeted by a named rep could file a separate individual suit even after a class settlement, though this is uncommon because one consumer's damages are modest enough that finding separate counsel is hard.
How does the TCPA treat a manager who sets up a dialer campaign but does not personally make calls?
Courts have found that "initiating" a call means more than physically pressing dial. FCC rules and case law treat the person who directs, sets up, or controls a calling campaign as someone who initiated or caused the calls. A manager who configures the dialer, approves the list, and sets the quota is in real personal exposure territory even if they never spoke to a single consumer.
Does a TCPA violation go on a sales rep's personal record?
A civil TCPA judgment is not a criminal record, so it does not show up in a background check the way a conviction would. But a federal court judgment against you is public record and searchable. FTC enforcement orders are public too. For anyone in financial services, insurance, or another licensed industry, a TCPA enforcement order naming you personally could create licensing problems depending on the state and the regulator.
What should a sales rep do if they think their employer is running a TCPA-violating calling program?
Document your concerns in writing, internally, to a supervisor or compliance officer. If the company ignores you and keeps going, you face a decision about your own participation. Continuing to place calls you believe break the TCPA after raising the issue destroys the good-faith argument you might otherwise have. Consulting an employment lawyer about whistleblower protections before raising the issue formally is a reasonable step.
Can the FCC go after individual sales reps rather than companies?
The FCC can issue citations and monetary forfeitures against individuals under 47 U.S.C. 503. The FTC pursues individuals in telemarketing enforcement regularly. The FCC has historically focused on corporate entities, but it has named individuals, particularly owners and officers of small operations where the person and the company are effectively the same actor. The FTC has imposed lifetime telemarketing bans on individuals in egregious cases.
Does the TCPA apply to B2B calls, and does that change the personal liability analysis?
The TCPA applies to calls to cell phones whether the recipient is a consumer or a business contact, because the restriction on autodialed calls to wireless numbers does not distinguish personal from business use. For calls to residential landlines, commercial calls get treated somewhat differently under the DNC rules. Personal liability for individual reps follows the same analysis regardless of whether the target was a consumer or a business contact.
What is the statute of limitations for a TCPA claim against an individual?
Federal courts have generally applied a four-year limitations period to TCPA claims under 28 U.S.C. 1658, the general federal statute of limitations for federal statutory claims. Some courts have applied a two-year or three-year period by analogy to state law. The four-year period is the majority view. That means a rep or manager can face suit for calls made up to four years ago, a long tail of exposure.
How do state mini-TCPA laws change the personal liability picture?
States like Florida (FTSA), Washington, and Oklahoma have their own telemarketing statutes with broader ATDS definitions, lower consent thresholds, or extra restrictions. These laws also use "any person" or equivalent language, and their damages sometimes stack on top of federal TCPA claims. A rep calling into Florida faces both federal TCPA exposure and potential Florida FTSA exposure at once, and the state claims can be brought in state court, which has different procedural dynamics.
Does having a written DNC policy protect a rep personally if the company still gets sued?
A written policy helps the company argue that a rep who violated it acted outside authorized conduct, which can cut the company's willful-violation exposure. For the rep, having a policy they followed and documented that they followed is the best personal protection short of not making violating calls at all. A rep who ignored the company's own DNC policy is far harder to defend than one who followed it perfectly on a list that turned out to be wrong.
Sources
- U.S. Congress, 47 U.S.C. 227 (Telephone Consumer Protection Act): The TCPA makes it unlawful for any person to make autodialed or prerecorded calls to cell phones without prior express consent; private right of action damages are $500 per violation ($1,500 for willful violations)
- U.S. Court of Appeals, 7th Circuit, FTC v. Dish Network LLC, 880 F.3d 402 (2018): Individual officers can be held liable for telemarketing violations when they had authority to control and direct the violating conduct
- FTC, National Do Not Call Registry: The FTC provides the National Do Not Call Registry which sellers must scrub against before making telemarketing calls
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): An ATDS under the TCPA must have the capacity to store or produce numbers using a random or sequential number generator; dialers working from fixed lists may not qualify
- FTC, FTC v. Caribbean Cruise Line legal library entry: Individual corporate officers were held personally liable and subject to telemarketing injunctions in a robocall enforcement action
- U.S. District Court N.D. Ill., Johansen v. Vivant Inc., No. 12-cv-7159 (2012): Court held that personal participation in violating conduct, not corporate status alone, determines individual TCPA liability
- Cornell Law School Legal Information Institute, 28 U.S.C. 1658 (federal statute of limitations): Federal courts have applied the four-year general federal statute of limitations to TCPA claims
- Florida Legislature, Florida Telephone Solicitation Act (FTSA), Fla. Stat. 501.059: Florida's FTSA imposes additional telemarketing restrictions and per-call damages that can stack on top of federal TCPA exposure