California telemarketing rules: what every outbound team must know

California has stricter telemarketing rules than federal law. Fines reach $2,500 per violation under CIPA. Get the state-specific rules your team needs.

LeadCompliant Team
21 min read
In This Article

Last updated 2026-07-10

Empty office desk with telephone handset, California city skyline in background
Empty office desk with telephone handset, California city skyline in background

TL;DR

California stacks its own telemarketing laws on top of federal TCPA rules. The California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA) add all-party recording consent, stricter data standards, and fines that reach $5,000 per recorded call and $7,500 per intentional CCPA violation. Following federal law while ignoring California is the mistake that ends most small outbound teams in a class action.

What makes California telemarketing rules different from federal law?

Federal law sets a floor. California builds a ceiling on top of it. The TCPA at 47 U.S.C. § 227 is the national baseline, and California layers at least three separate statutes over that baseline, each carrying its own liability that has nothing to do with a federal TCPA claim. [1]

The California Invasion of Privacy Act (CIPA, Penal Code § 630 et seq.) governs call recording and monitoring. The Automated Sales Law (Business and Professions Code § 17592) restricts automated dialing. The CCPA adds data rights that shape how you collect, store, and use the phone numbers you dial. [2]

Courts read these statutes broadly. Under CIPA § 632, recording a confidential communication without consent from every party is a crime. California is a two-party (really all-party) consent state for recording, while the federal wiretapping standard is one-party. Record a sales call with a California resident and let your disclosure script go missing or garbled, and you have a CIPA problem whether or not your TCPA consent was perfect. [3]

Here is the working rule. If you call into California, assume California law applies. Courts have generally agreed.

What are the calling hour rules for California?

The federal window runs 8 a.m. to 9 p.m. in the called party's local time, and California does not narrow that window for live agent calls. So the hours are the same as federal. The complication is what wraps around those hours. [4]

Business and Professions Code § 17592 restricts automated calls that are not preceded by a live operator, and telemarketers calling California consumers still have to honor national DNC registrations under the state's incorporation of the federal framework. [5]

Here is the honest answer. California imposes no window tighter than 8 a.m. to 9 p.m. local time for live agents, but any automated or prerecorded call to a California number has to clear TCPA consent and CIPA at the same time, so the hour you dial is almost beside the point. Lack prior express written consent for an autodialed or prerecorded call and the clock is irrelevant. You are already exposed.

See the broader federal framework in TCPA quiet hours: what times you can and cannot call or text.

What is CIPA and how does it affect outbound sales calls?

CIPA is California's wiretapping law, written in 1967 to stop eavesdropping. Plaintiffs' attorneys spent the last decade arguing it reaches modern sales technology, and courts have mostly agreed. That is why it is the single biggest California risk for an outbound team. [3]

The provision most likely to hit you is § 632, which makes it unlawful to record or eavesdrop on a confidential communication without consent from all parties. "Confidential" has a specific meaning: the parties had a reasonable expectation the conversation was not being overheard or recorded. Most outbound sales calls qualify, because the person you called never expected to end up on tape.

CIPA § 637.2 gives any injured person the right to sue for the greater of $5,000 per violation or three times actual damages. That is per call. A class action alleging you recorded thousands of calls without proper disclosure is a real financial threat, not a theoretical one. [3]

The fix is simple. State at the start of every call that it may be recorded. A line like "This call may be recorded for quality and training purposes" is the floor. Do not bury it. Do not hide it in a terms page. Say it out loud before the real conversation starts.

CIPA also reaches silent third-party monitoring, so your contact center platform, your CRM, and your recording software all need to be set up so agents cannot quietly listen in on calls they are not part of. That is a systems audit item, more than a script item.

Does CCPA apply to telemarketing and outbound calls?

Yes. This is the blind spot for a lot of small teams. The California Consumer Privacy Act (as amended by the California Privacy Rights Act, CPRA) treats a phone number as personal information. If your business collects, buys, or uses the phone numbers of California residents, you have CCPA obligations. [6]

What that means for outbound calling:

  • Your privacy policy has to disclose what personal information you collect (phone numbers included) and why.
  • Consumers can opt out of the sale or sharing of their personal information. If you pass leads to affiliate partners or sell data, that counts as a "sale" under CCPA.
  • Consumers can demand deletion of their data, including their number off your calling list.
  • If you buy lead lists, you need a contract with the seller confirming CCPA compliance. [6]

The CCPA applies to for-profit businesses that hit any one of three thresholds: over $25 million in annual gross revenue, buying or selling the personal information of 100,000 or more California consumers or households a year, or making 50 percent or more of annual revenue from selling consumers' personal information. [6]

Small teams under all three thresholds sit outside CCPA's direct scope. But the consent and sourcing standards CCPA created are now the price of doing business with any legitimate lead vendor, so it reaches you sideways even when you are exempt.

Under the CPRA amendments, the California Privacy Protection Agency (CPPA) can fine up to $2,500 per unintentional violation and $7,500 per intentional violation. [6]

What is the California Do Not Call list and how does it differ from the national registry?

There is no separate California consumer DNC registry. California does not run one. Consumers register once with the national FTC registry, and California's protections come through Business and Professions Code § 17592 et seq. plus the state's adoption of the federal TSR framework. [5]

What California adds is worth watching.

Telemarketers calling California consumers must honor national DNC registrations within 31 days of the consumer signing up. [7] California's unfair competition law (Business and Professions Code § 17200) then lets the attorney general and private plaintiffs sue over a DNC violation as an "unfair business practice," even when the underlying conduct is technically a federal TSR or TCPA issue. Same conduct, second avenue of liability.

For company-specific requests (the "never call me again" moment), California tracks the federal standard. Honor it within 30 days, keep the request for at least five years. Miss that window and you face both state and federal exposure.

One practical note. California generates some of the highest DNC complaint volumes in the country, partly because the AG's office actively pursues enforcement. Treating California numbers with extra care on your scrub is not paranoia. It is basic risk management.

This is where California and federal TCPA lock together most tightly. The TCPA requires prior express written consent before you place an autodialed or prerecorded call, text included, to a cell phone number. [1] California has no separate written-consent rule for the call itself beyond TCPA, but the CCPA framework raises the bar on how you document and disclose that consent.

Live agent calls to numbers not on the DNC list: no prior consent required. True federally, true in California.

Autodialed or prerecorded calls or texts to California cell numbers: prior express written consent is required under TCPA. The consent has to be clear, conspicuous, and state that the person agrees to receive autodialed calls or texts from your specific company. [1]

The FCC's one-to-one consent rule was meant to force consent to name the specific caller instead of a generic lead generator. It was set to take effect January 27, 2025, then the Eleventh Circuit vacated it days earlier on procedural grounds. [8] The legal status is unsettled. The safe move is to build lead forms that name your company now, regardless of how the litigation lands.

B2B calls to California: the TCPA's cell phone consent rule still applies if you are dialing a person's personal cell. There is no blanket B2B exemption for autodialed calls to mobile numbers. See the breakdown in B2B cold calling rules: what's legal, what's not, and what to do.

Text messages carry one more wrinkle. California's Automatic Renewal Law (Business and Professions Code § 17600) kicks in if your text offers any subscription or recurring billing, adding disclosure requirements on top of TCPA consent.

What are the penalties for violating California telemarketing laws?

The numbers are real and they are not small. A single sloppy campaign can trigger three separate statutes at once.

CIPA (Penal Code § 637.2): $5,000 per violation or three times actual damages, whichever is greater. Each recorded call without proper consent is its own violation, and class actions are common. [3]

CCPA/CPRA: $2,500 per unintentional violation, $7,500 per intentional violation. The CPPA can also seek injunctive relief. [6]

TCPA (47 U.S.C. § 227): $500 per negligent violation, $1,500 per willful violation. Federal, but California plaintiffs' firms are among the most active TCPA filers in the country. [1]

Business and Professions Code § 17500 (false advertising / unfair competition): up to $2,500 per violation for telemarketing misrepresentation, enforceable by the AG or by private plaintiffs under § 17200. [9]

Stacking is the real danger. One campaign that records calls without disclosure, autodials without consent, and hits registered DNC numbers can draw CIPA, TCPA, and § 17200 claims in the same complaint. Plaintiffs' firms know this. They file all three.

Run the math on a mid-size list. At $5,000 per recorded call under CIPA, ten thousand improperly recorded calls is a $50 million exposure before you add TCPA or § 17200 on top.

Below is a comparison of the key penalty thresholds.

LawPer-violation fineWho can sueNotes
TCPA (federal)$500-$1,500Private plaintiffs, FCC, state AGsWillful violations: 3x
CIPA § 637.2$5,000 or 3x damagesPrivate plaintiffsAll-party consent for recording
CCPA/CPRA$2,500-$7,500CPPA, AGHigher for intentional violations
B&P § 17500Up to $2,500AG, private via § 17200Misrepresentation in solicitations
California telemarketing penalty thresholds by law Maximum per-violation fine under each applicable statute CIPA § 637.2 (per call, no record… $5,000 CCPA/CPRA (intentional violation) $7,500 CCPA/CPRA (unintentional violatio… $2,500 TCPA (willful violation) $1,500 TCPA (negligent violation) $500 B&P § 17200 / § 17500 (per violat… $2,500 Source: California AG (CCPA), California Penal Code § 637.2 (CIPA), 47 U.S.C. § 227 (TCPA), B&P § 17200

Do California telemarketing rules apply to B2B calls?

Partly, and the line matters. Cold calling a business carries different exposure than calling a consumer, but California gives you no clean pass.

The TCPA's limits on autodialed calls to cell phones apply whether or not the call is business-to-business. A rep dialing a business owner's personal iPhone with an autodialer needs prior express written consent. Full stop. [1]

CIPA reaches B2B calls too. Record a call with a California businessperson without telling them and you have CIPA exposure. The all-party consent rule has no B2B carveout in the statute.

CCPA carries an exemption for employee and business-contact data, but that exemption has limits and was never built to cover cold-calling lead data. The CPRA narrowed it further. Buy a list of business contacts and you are handling personal data under CCPA. [6]

What B2B callers do get: a live agent call to a business landline that is not on the national DNC list needs no prior consent under TCPA. That is the clearest B2B advantage there is. But any automation, any recording, and any data storage pulls the California statutes right back in.

For the full B2B breakdown, see B2B cold calling rules: what's legal, what's not, and what to do.

What disclosures are required on California telemarketing calls?

California requires specific disclosures at the start of every outbound telemarketing call. They are not optional, and a terms page on your website does not satisfy them.

Under the federal Telemarketing Sales Rule (16 C.F.R. Part 310), which California enforces through § 17200, telemarketers must promptly disclose [10]:

1. The identity of the seller. 2. That the purpose of the call is to sell goods or services. 3. The nature of the goods or services.

Recording disclosure under CIPA is separate. You must state at the start of the call that it may be recorded, and that should be a spoken statement by the agent, more than a beep tone. Courts have been skeptical that a beep alone gives adequate notice.

Prerecorded messages carry another requirement. The FCC mandates an automated opt-out mechanism, a key press to leave the calling list, at the beginning and again at the end of every prerecorded message to a residential number. [11]

Text messages need the sender's name, a clear opt-out (usually STOP), and no deception about their commercial nature.

The piece small teams skip most: making sure the disclosure actually gets said. A disclosure policy in a PDF nobody reads protects nothing. The words have to land on the call. Building a required opening line into your cold calling scripts is the practical fix.

How should small outbound teams set up a California-compliant calling process?

Most small teams do not need a compliance lawyer on retainer to get this right. They need a written process and the discipline to run it every time. Here is what that looks like.

1. Scrub your list before you dial. Run every California number against the national DNC registry (refreshed every 31 days) and your internal DNC list. Federal law requires the scrub; California raises the stakes because § 17200 gives private plaintiffs standing to sue over a miss. [7]

2. Write required disclosures into the opener. Company name, purpose of the call, and recording notice all belong in the first 30 seconds. If you run a cold call script, put the disclosures in bold at the top so reps cannot skip them.

3. Document the consent source for any automated contact. Texting, or a power dialer in predictive mode, means you need a record of where consent came from for each contact. A spreadsheet column works. A missing column is a lawsuit.

4. Set your recording tool to include an audible disclosure. Do not lean on agents to remember. Have the system play a disclosure before the call connects, then have the agent confirm it out loud.

5. Honor opt-outs within 30 days. Build a process so anyone who says "do not call" lands on your internal DNC list the same day, not at the next data upload.

6. Audit your lead vendors. Ask every list seller for their consent documentation. If they cannot produce it, you are carrying their liability. This is how TCPA class actions start.

LeadCompliant's free compliance kit includes a California-specific checklist and a DNC scrub tool you can run before your next campaign. It covers the documentation pieces above without making you rebuild your process from scratch.

For AI-assisted dialing, the law is moving fast. See FTC Telemarketing Sales Rule, B2B calls, and AI voice in 2024 for where that stands.

What recent changes to California telemarketing law should teams know about in 2025 and 2026?

California never sits still on privacy and telemarketing. Three developments across 2024 to 2026 deserve your attention.

FCC one-to-one consent rule (2024-2025): the FCC issued its order in December 2023, set to take effect January 27, 2025, requiring TCPA consent to name a single seller rather than a class of sellers. The Eleventh Circuit vacated the rule days before it took effect, on procedural grounds. [8] The status is genuinely uncertain as of mid-2026. The practical advice stays the same: assume one-to-one consent lands eventually and build lead forms that name your company specifically.

CPPA enforcement: California's Privacy Protection Agency began formal enforcement in 2024. Early actions targeted companies that failed to offer opt-out mechanisms for data sales, and sharing phone number data can count as a sale. If you hand your contact list to marketing partners, that may be a "sale" that requires an opt-out. [6]

AI voice calls: the FCC issued a declaratory ruling in February 2024 stating that AI-generated voices in prerecorded messages count as "artificial or prerecorded" voices under the TCPA. [11] So any AI voice call to a California cell phone without prior express written consent is a TCPA violation. California's AG has signaled it will pursue AI calling under § 17200 as well.

The TSR also has pending rulemaking on AI disclosure. See What the telemarketing sales rule is designed to do (and what it costs to ignore it) for the wider federal picture.

Frequently asked questions

Does California have its own Do Not Call list separate from the federal registry?

No. California does not run a separate consumer DNC registry. Consumers register with the national FTC registry at donotcall.gov. California enforces DNC rights through Business and Professions Code § 17592 and the unfair competition law at § 17200, which lets private plaintiffs and the AG sue over violations of federal DNC rules as a California unfair business practice.

Yes. Under CIPA Penal Code § 632, every party to a confidential communication must consent before a call is recorded. For outbound sales, that means disclosing the recording out loud at the start of every call. Skip it and you face $5,000 per violation under § 637.2, and plaintiffs routinely bring class actions under that section.

No, not with an automated system. Texts sent through an autodialer or any bulk-messaging system require prior express written consent under the TCPA. California does not soften that standard, and the CCPA data framework makes documenting the consent more important. Unsolicited automated texts to California numbers are among the most litigated TCPA fact patterns in the state.

What hours can I legally call California consumers?

The federal window of 8 a.m. to 9 p.m. in the called party's local time applies. California imposes no narrower window for live agent calls. Calling outside those hours while using an autodialer compounds your TCPA exposure. Practically, sticking to 9 a.m. to 8 p.m. Pacific gives you a buffer and avoids catching people at genuinely irritating times.

Are B2B telemarketing calls exempt from California rules?

Not entirely. Live agent calls to a business landline with no DNC registration carry the fewest restrictions. But autodialed calls to a business owner's cell phone still require TCPA consent. CIPA's recording rules apply to B2B calls with California residents, and CCPA data obligations apply to business contact data. The B2B label cuts some exposure. It does not erase California compliance.

What happens if I buy a lead list that was collected without proper California consent?

You inherit the risk. TCPA liability attaches to the calling party, not the lead generator. If consent was never properly obtained, or was obtained deceptively, your calls using that list are non-consensual. Courts have held callers liable even when they bought the list from a third party. Always get a written representation from lead vendors describing how consent was collected.

Does the CCPA apply to my small outbound sales team?

Only if you meet one of three thresholds: over $25 million in annual gross revenue, handling personal data of 100,000 or more California consumers per year, or making 50 percent or more of revenue from selling consumer data. Many small teams are exempt. But your lead vendors likely are not, so the data standards they must meet affect you indirectly.

How long do I have to honor a Do Not Call request from a California consumer?

You must honor a company-specific DNC request within 30 days and keep it for at least five years, matching the federal TSR standard. A consumer who asks not to be called and then gets another call within 30 days can file a federal TCPA claim and trigger California § 17200 standing. Your CRM needs a flag that blocks re-contact during that window.

What disclosures must I give at the start of a California telemarketing call?

State your company name, that the call is a sales call, what you are selling, and that the call may be recorded if you record it. These are required under the federal TSR (which California enforces via § 17200) and CIPA. All of it needs to happen in the first 30 seconds. A fast, garbled disclosure that nobody hears does not satisfy the requirement.

Only with prior express written consent to receive autodialed or prerecorded calls. The FCC ruled in February 2024 that AI-generated voices count as artificial or prerecorded voices under the TCPA. California's AG can pursue AI voice calls that lack consent as both a TCPA violation and an unfair business practice under § 17200. Without consent, AI voice calls to California cell numbers are illegal.

What is the statute of limitations for TCPA and CIPA claims in California?

TCPA claims carry a four-year federal statute of limitations under 28 U.S.C. § 1658. CIPA claims under Penal Code § 637.2 carry a one-year limitations period under California Code of Civil Procedure § 340, though plaintiffs sometimes argue for longer. The practical effect: a campaign that ends today can still generate TCPA claims four years from now.

Do I need a California telemarketing license or registration?

California does not require a general telemarketing license the way some states do. But certain industries carry added registration rules. Charitable solicitations require registration with the AG's Registry of Charitable Trusts. Home improvement contractors doing phone solicitation face separate CSLB rules. If you run a phone-based sweepstakes or prize promotion, the Seller Assisted Marketing Plan Act may apply.

Sources

  1. California Legislative Information, Business and Professions Code § 17592: California Business and Professions Code § 17592 restricts automated telephone dialing systems for telemarketing
  2. California Legislative Information, Penal Code § 637.2 (CIPA): CIPA § 637.2 provides a private right of action for $5,000 per violation or three times actual damages for recording without all-party consent
  3. FTC, Telemarketing Sales Rule (16 C.F.R. Part 310): TSR restricts outbound telemarketing calls to between 8 a.m. and 9 p.m. local time of the called party
  4. California Legislative Information, Business and Professions Code § 17590: California telemarketing statutes require honoring DNC registrations and impose penalties for violations as unfair business practices
  5. California Attorney General, California Consumer Privacy Act (CCPA): CCPA treats phone numbers as personal information; CPPA can impose fines of $2,500 per unintentional violation and $7,500 per intentional violation
  6. FTC, National Do Not Call Registry: Telemarketers must scrub against the national DNC registry and honor registrations within 31 days
  7. California Legislative Information, Business and Professions Code § 17200 (UCL): California unfair competition law allows AG and private plaintiffs to sue over telemarketing violations as unfair business practices, up to $2,500 per violation
  8. FTC, Complying with the Telemarketing Sales Rule: TSR requires telemarketers to promptly disclose identity of seller, that the call is a sales call, and the nature of goods or services offered

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit