TCPA liability when your sales rep calls from a personal cell phone

Your rep uses their own phone, your company still owes $500, $1,500 per call under TCPA. Here's exactly why, and how to protect yourself.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-10

Sales rep making an outbound call from a personal cell phone at their office desk
Sales rep making an outbound call from a personal cell phone at their office desk

TL;DR

A personal cell phone does not shield your company from TCPA liability. Courts hold employers responsible for calls made by sales reps acting within the scope of their job, even from personal devices. Statutory damages run $500 to $1,500 per call or text under 47 U.S.C. § 227. The device is irrelevant. What courts look at is who authorized the call and why.

Does it matter whose phone the rep uses under TCPA?

No. The phone is not the unit of liability under the TCPA. The statute, 47 U.S.C. § 227, attaches liability to the person or entity that "initiates" a call or that "causes" a call to be made, and to the person or entity "on whose behalf" the call is made. [1] A personal cell phone changes who pays the phone bill. It does not change who authorized the call.

The FCC addressed this head-on in its 2013 Declaratory Ruling. The agency said a seller can be vicariously liable for a telemarketer's TCPA violations under federal common-law agency principles, even if the seller never physically placed the call. [2] Your rep is your agent. When they call a prospect from their personal iPhone to pitch your product, that is your call in the eyes of the law.

This trips up a lot of founders. They assume TCPA risk lives inside the office phone system or the company dialer. It does not. The question a court asks is simple: was this person acting on behalf of the company, with the company's actual or apparent authority, for the purpose of the company's business? If yes, the company is in the picture.

What does TCPA actually say about who is liable?

The core prohibition sits in 47 U.S.C. § 227(b)(1)(A). It makes it unlawful "to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice" to any cell phone without consent. [1] Separate provisions in § 227(c) cover calls to numbers on the National Do Not Call Registry.

The statute says nothing about which device the call comes from. Congress wrote the rule around the act of making the call and the purpose behind it, not the hardware.

For manual calls, meaning a rep hand-dials from their personal phone with no ATDS, the ATDS provisions technically do not apply. DNC protections still do. If the prospect sits on the National DNC Registry and the rep calls anyway, that is a § 227(c) violation, personal phone or not. [3] The $500 per-call penalty applies, and courts have trebled awards to $1,500 for willful manual cold calls to registered numbers.

So keep two liability tracks straight. ATDS and prerecorded-voice restrictions live under § 227(b). DNC restrictions live under § 227(c). A personal phone used manually sidesteps the ATDS track. It does not sidestep DNC.

How does vicarious liability actually work in these cases?

Federal courts apply standard agency law to TCPA vicarious liability claims. The Ninth Circuit set out the framework in the lower-court proceedings of *Gomez v. Campbell-Ewald Co.*, and although the case reached the Supreme Court on a different issue, that agency analysis has been widely cited since. [4] Three theories can pull your company in.

Actual authority. You told your rep to make the calls. You handed them a call list. You set a daily dial quota. That is actual authority, and your company owns every call.

Apparent authority. The called party reasonably believed the rep spoke for your company because of something your company did, like a company email signature, a branded script, or company business cards. Courts have found apparent authority with no explicit instruction at all.

Ratification. Your company knew about the calling and took the benefit without stopping it. If your CRM shows leads from calls your rep was making, and you closed deals off those leads, a court may find you ratified the conduct.

The FCC's 2013 ruling adopted this framework in plain language: "Sellers may be held vicariously liable under federal common law principles of agency for TCPA violations by third-party telemarketers." [2] If that reaches outside vendors, it reaches your own employees.

One wrinkle worth knowing. Courts have split a bit on whether a pure independent contractor with no apparent authority creates employer liability. But a W-2 sales rep, or a 1099 contractor operating under your brand, your scripts, and your CRM access, gets treated as your agent almost every time.

TCPA personal-phone call exposure: key numbers Statutory amounts and enforcement thresholds every sales manager should know $500 Per-call TCPA damages (negl… $1,500 Per-call TCPA damages (will… $52k Per-call FTC DNC penalty (2024) $31 DNC scrub required every (days) Source: 47 U.S.C. § 227; FTC Telemarketing Sales Rule, 2024

What are the actual financial penalties per call?

TCPA statutory damages are $500 per violation for negligent violations and $1,500 per violation if the court finds the violation willful or knowing. [1] There is no per-plaintiff cap at the individual level, though class actions carry their own settlement dynamics.

Run the math. A rep who makes 200 improper calls to cell numbers without consent generates $100,000 in exposure at $500 a call, and $300,000 if a court finds those calls willful. TCPA class actions regularly pull together tens or hundreds of thousands of calls. That is how outbound sales programs end up settling for millions.

Look at real outcomes. The Cash App TCPA class action settlement and the Credit One TCPA settlement both produced eight-figure payouts. Those were large companies. The legal mechanism is identical for a 10-person sales team.

There is no first-offense discount in the statute. Courts have discretion to go below $500 in some circumstances, but plaintiffs' attorneys file before judges who enforce the full amount. And unlike many consumer protection laws, TCPA does not require proof of actual harm. The violation itself is the injury.

Does it matter if the rep is a W-2 employee versus a 1099 contractor?

This is where businesses try to escape liability, and it rarely works the way they hope.

For W-2 employees, the analysis is short. Under respondeat superior, an employer is liable for torts committed by employees in the scope of their employment. A sales rep calling prospects sits squarely in the scope of the job. Done.

For 1099 contractors, it gets messier, and it comes down to control. Hand the contractor a call list, give them a script, provide CRM access, set call volume expectations, and pay them per sale, and you are exercising enough control that many courts treat them as your agent for TCPA purposes no matter what the contract says. The Restatement (Third) of Agency, which courts lean on, looks at the substance of control, not the tax form. [5]

The FCC's 2013 order said sellers cannot use the independent contractor label as a shield: it found that "a seller may be held vicariously liable for TCPA violations by its authorized dealers." [2] If you authorized the dealer or contractor to sell for you, you are in the picture.

The safest position is blunt. Assume your company is exposed any time someone calls on your behalf, regardless of employment status, and build your compliance program on that assumption.

What if the rep was going rogue, making calls you didn't approve?

This is the ratification risk people underestimate. If a rep goes off-script and makes calls you explicitly prohibited, you have a stronger defense. But you have to prove the prohibition existed and that you enforced it.

Here is what courts look for:

  • Written TCPA compliance policies in the employee handbook or a standalone compliance agreement
  • A signed acknowledgment from the rep that they received and understood the policy
  • Evidence of training on what calls require consent and how to check the DNC Registry
  • Termination or discipline when violations surfaced, documented in writing
  • No sign the company benefited from the unauthorized calls (for example, no deals closed from those calls logged in the CRM)

If your rep made unauthorized calls and you took the revenue from those leads, a court can find ratification. That is the trap. You may genuinely not have known, but if the call activity was visible in your systems and you never looked, silence cuts against you.

A solid paper trail is more than bureaucratic comfort. It is the actual difference between winning and losing a vicarious liability defense.

Are there extra risks specific to calls made from personal phones?

Yes. A few practical ones that company-issued devices with business dialers handle for you.

No automatic DNC scrubbing. A company dialer wired to a compliance tool scrubs numbers against the National DNC Registry before the call goes out. [3] A rep dialing from their contacts or a spreadsheet on their phone scrubs nothing. They will call registered numbers. It is a matter of when, not if. If you want to check numbers before outbound cold calling, your reps need a process that runs before they dial, not after. Checking a number on a do not call list tool takes under a minute, but most reps skip it unless the workflow forces the step.

No call recording for compliance review. Company phone systems often record for quality and compliance. Personal phones generally do not. You lose the ability to audit what was said, whether a consent question got asked, and whether the rep followed the script.

Caller ID problems. Some personal phones show the rep's personal name and number. Others get flagged as spam risk once call volume climbs. Neither is a legal violation by itself. Both drive complaints, and complaints feed TCPA litigation.

State law complications. Several states have call recording consent laws that require one-party or all-party consent depending on the state. [6] When reps call from personal phones with no company system handling disclosures, you have zero visibility into whether those disclosures happen.

How do you actually reduce liability when reps use personal phones?

There are practical steps that do not require buying a new phone system tomorrow.

First, document consent before any call happens. For cold call outreach to cell numbers, if you use any auto or predictive dialer, you need prior express written consent under the FCC's 2012 amendments. For purely manual calls, the ATDS rules fall away, but DNC rules still bind you. Store consent records in a way you can pull two years from now.

Second, make pre-call DNC scrubbing a workflow step, not a suggestion. Give reps a tool or a process. LeadCompliant's free number checker lets a rep verify a number against the National DNC Registry before dialing, exactly the kind of step you want written into your SOPs. Make it required.

Third, write the policy and train on it. A one-page TCPA calling policy signed by every rep gives you the unauthorized-conduct defense when a rep goes rogue. Without it, you argue from nothing.

Fourth, keep call records. Even on personal phones, reps can log calls in the CRM with timestamps. That log becomes evidence that calls went to consented numbers or that DNC numbers got avoided.

Fifth, ask whether personal phones are the right tool at all. For high-volume outbound teams, the compliance plumbing that ships with a business VOIP or predictive dialer pays for itself in avoided risk. A $50-per-seat-per-month dialer looks cheap next to $1,500-per-call exposure.

What does the National DNC Registry require for outbound sales calls?

The National Do Not Call Registry is maintained by the FTC and enforced jointly with the FCC. [3] Any for-profit organization making telemarketing calls must scrub its call lists against the registry every 31 days. Call a number that has sat on the registry for at least 31 days and you have a violation.

The per-call civil penalty for DNC violations at the FTC level runs up to $51,744 per call as of 2024, separate from TCPA statutory damages. [7] These are not alternatives. They stack.

For reps calling from personal phones with no scrubbing, the question is never whether they will hit a registered number. It is how many they hit before someone files a complaint. Plaintiffs' attorneys watch complaint patterns and send preservation letters off a handful of consumer complaints.

The registry covers residential landlines and cell phones. [3] If you want to know which numbers your prospects have registered, the mobile phone do not call list resource walks through the cell-specific rules. B2B calls have carve-outs, but those carve-outs turn on who answers and the nature of the relationship more than who you meant to call.

For established business relationships, there is a safe harbor: you can call a DNC-registered number if there was a sale, inquiry, or application within the past 18 months, or a written inquiry within 3 months. [3] That safe harbor only works if you can document the relationship. No documentation, no safe harbor.

Has anyone actually been sued over personal-phone calls by employees?

Yes. The case law does not always break out "personal phone" as a separate category, because courts find the device irrelevant. That silence is itself the answer.

In *Kristensen v. Credit Payment Services*, the court held that companies can be vicariously liable for texts sent by third parties using their own equipment where there was apparent authority. [8] Device ownership was not the analysis. The authority relationship was.

In *Thomas v. Taco Bell Corp.*, the Ninth Circuit addressed vicarious liability for texts sent through a franchisee's system, applying agency principles rather than requiring a direct instrumentality link. [9] Who physically owned the equipment did not decide the case.

Broader agency-theory TCPA cases like *Gomez v. Campbell-Ewald* and the FCC's 2015 Declaratory Ruling reinforced the point: the principal cannot escape by pointing to the physical distance between its equipment and the call. [2][4]

Small companies often assume they sit below the litigation radar. That assumption has gotten less safe as plaintiffs' firms expand their targeting to smaller defendants, partly because *TransUnion LLC v. Ramirez* made large classes harder to certify. Single-plaintiff and small-plaintiff TCPA suits against companies with 5 to 50 reps have climbed as an alternative strategy.

What should a small sales team do right now to reduce exposure?

If your team makes outbound calls and any of them land on cell phones, act on a few things now, before the next dial.

Pull your call lists and check them against the National DNC Registry. The FTC lets you check numbers through the registry's website. [3] For a faster workflow at volume, the do not call telemarketer list guide covers organizational subscriptions. Run numbers against state-level DNC lists too, since they do not all sync with the federal registry.

Document your consent chain for every lead you are calling. If you cannot say where the lead opted in and show a record, treat that number as unconsented for cell-phone calling under the ATDS rules.

Get a written TCPA policy in front of every rep who makes calls, and have them sign it. The policy should cover what consent is required, how to check DNC status, what to do when someone says stop calling, and the personal consequences for breaking the rules.

For teams serious about a repeatable process, LeadCompliant's compliance kit pulls the policy templates, DNC checker workflow, and consent documentation framework into one place. It is built for small outbound teams with no legal department.

The text message marketing rules run stricter than voice call rules if your team also sends SMS, so handle both channels at once instead of fixing one and leaving the other open.

None of this replaces a real attorney. This article is a practical overview of publicly available law and FCC guidance, not legal advice. If you face a specific claim or you are building a compliance program from scratch, talk to a TCPA attorney.

Frequently asked questions

If my rep uses their personal phone to make sales calls, can my company be sued under TCPA?

Yes. TCPA liability attaches to whoever initiates a call and whoever the call is made on behalf of, not to the specific device used. If your rep is calling prospects to sell your product, your company is the entity "on whose behalf" the call is made under 47 U.S.C. § 227. Courts apply agency law and regularly find employers liable for their reps' calls regardless of which phone was used.

Does a personal cell phone count as an ATDS under TCPA?

Generally no, if the rep is manually dialing one number at a time. An ATDS requires the capacity to store or produce numbers using a random or sequential number generator and to dial them. A standard personal smartphone used for manual dialing does not meet that definition under current FCC guidance and the Supreme Court's 2021 ruling in Facebook v. Duguid. DNC rules still apply to manual calls, so ATDS status is not the whole picture.

What is the penalty per call if a rep calls a cell phone without consent?

TCPA statutory damages are $500 per call for negligent violations and $1,500 per call if a court finds the violation willful or knowing, per 47 U.S.C. § 227(b)(3). Separate FTC DNC penalties run up to $51,744 per call as of 2024. These can stack. With multiple calls across a class, total exposure can reach millions even for small teams.

Does using a personal phone help prove the call was not made on behalf of the company?

Not meaningfully. Courts look at whether the rep had actual authority, apparent authority, or whether the company ratified the conduct, not at who owns the phone. If the rep was calling leads from your CRM, following your script, and reporting results in your systems, the phone ownership argument will not carry much weight with a judge.

Are 1099 contractors treated the same as W-2 employees for TCPA liability purposes?

Often yes, depending on how much control you exercise. If you provide call lists, scripts, CRM access, and performance expectations, courts and the FCC will likely treat the contractor as your agent. The FCC's 2013 Declaratory Ruling said sellers cannot use the independent contractor label to avoid vicarious TCPA liability for their authorized sales agents.

What is the established business relationship exception and does it apply here?

The established business relationship (EBR) exception lets you call a DNC-registered number if there was a transaction, inquiry, or application within the past 18 months, or a written inquiry within 3 months. It applies to the DNC rules under § 227(c). It does not exempt calls from ATDS or prerecorded voice restrictions under § 227(b), which require separate express written consent. You must document the relationship date to use the EBR defense.

What written policies should I have in place to defend a TCPA claim from a rep's personal phone?

At minimum: a written TCPA compliance policy signed by every rep, a documented consent requirement for cell phone calls, a mandatory pre-call DNC scrubbing step, a written opt-out handling procedure, and records of training. These do not prevent a lawsuit, but they build your unauthorized-conduct defense and show a court you exercised reasonable oversight, which matters in both liability and damages analysis.

How often do I need to scrub my call list against the DNC Registry?

At least every 31 days. FTC rules require companies making telemarketing calls to scrub their lists against the National Do Not Call Registry no less than every 31 days. Numbers added to the registry take 31 days to become enforceable, so a monthly scrub cycle keeps you current. Calling a number that has been registered for more than 31 days is a violation even if it was clean on your last scrub.

Can a single personal-phone cold call really result in a lawsuit?

Yes. TCPA does not require a class to sue. Any person who receives a violating call can sue individually in small claims or federal court. Single-plaintiff TCPA suits have become more common since class certification got harder after TransUnion v. Ramirez in 2021. Statutory damages of $500 to $1,500 per call make even individual suits worthwhile for plaintiffs' attorneys who specialize in TCPA.

Does TCPA apply to B2B calls made to a person's business cell phone?

TCPA protections follow the number, not the person's role. If a call goes to a cell phone, the wireless protections apply regardless of whether the intended recipient is a business contact. B2B calls to a cell number still require consent for ATDS calls and still must respect DNC registrations on that number. The B2B exemption is narrower than most sales managers assume.

What records should reps keep when calling from personal phones?

Reps should log every outbound call in the CRM with the number dialed, time, and outcome. They should record whether consent was on file before calling and the result of the DNC scrub for that number. If a called party asks to stop receiving calls, that opt-out must be logged immediately and the number suppressed within 30 days at the outer limit, though best practice is immediate suppression.

If my company did not know the rep was making those calls, are we still liable?

Possibly. If the rep had apparent authority to sell on your behalf, had access to your leads and systems, and the company accepted deals closed from those calls, a court can find ratification. Lack of knowledge is a factor, not a complete defense. Documented policies prohibiting the specific conduct, combined with no benefit derived from the calls, give you a much stronger defense than ignorance alone.

Do state TCPA equivalents add more risk for personal-phone calls?

Yes. States including Florida (FTSA), Texas, Oklahoma, and Washington have their own telemarketing statutes with per-call penalties that can exceed federal TCPA amounts. Florida's law was amended in 2021 and has driven significant litigation. State laws apply on top of federal TCPA, and some have lower consent thresholds or stricter opt-out requirements. Check the state law for wherever your prospects are located.

Is there any safe harbor if the rep used the wrong number by mistake?

TCPA has a limited safe harbor for ATDS calls where the caller can show the number was reassigned and the caller had no knowledge of the reassignment. The FCC established a reassigned numbers database in 2021 to support this defense. For DNC calls, the safe harbor requires that the company has procedures in place, scrubbed within 31 days, and that the violation was an isolated error, not a systemic failure.

Sources

  1. U.S. Government Publishing Office, 47 U.S.C. § 227 (Telephone Consumer Protection Act): TCPA prohibits calls using ATDS or prerecorded voice to cell phones without prior express consent and provides $500 per violation and $1,500 for willful violations
  2. FTC, National Do Not Call Registry: Telemarketers must scrub call lists against the National DNC Registry every 31 days; the registry covers both residential landlines and cell phones
  3. U.S. Supreme Court, Campbell-Ewald Co. v. Gomez, 577 U.S. 153 (2016): Case applied a vicarious liability framework to TCPA claims involving a third-party telemarketer acting on behalf of a seller
  4. American Law Institute, Restatement (Third) of Agency: Agency relationship determined by substance of control, not the label of the contract or tax classification
  5. National Conference of State Legislatures, State Wiretapping and Electronic Surveillance Laws: Several states require all-party consent for call recording, creating additional compliance risk for personal-phone calls without disclosure systems
  6. FTC, Telemarketing Sales Rule (TSR), Civil Penalty Amounts: FTC civil penalties for DNC violations under the TSR are adjusted annually for inflation; as of 2024 the per-violation amount is $51,744
  7. U.S. District Court, District of Nevada, Kristensen v. Credit Payment Services, 12 F. Supp. 3d 1292 (2014): Court held companies can be vicariously liable for texts sent by third parties using their own equipment where there was apparent authority, finding device ownership irrelevant
  8. U.S. Court of Appeals Ninth Circuit, Thomas v. Taco Bell Corp., 582 F. App'x 678 (9th Cir. 2014): Ninth Circuit applied agency principles rather than requiring a direct instrumentality link, holding that physical equipment ownership does not determine TCPA vicarious liability
  9. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed the ATDS definition, holding that a system must use a random or sequential number generator to qualify; manual dialing from a personal phone generally does not meet this standard
  10. U.S. Supreme Court, TransUnion LLC v. Ramirez, 594 U.S. 413 (2021): Ruling made class certification harder in federal TCPA cases, contributing to an increase in single-plaintiff TCPA suits targeting smaller defendants

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit