Last updated 2026-07-11

TL;DR
TCPA is the federal floor, not the ceiling. At least 12 states, including Florida, Oklahoma, Washington, and Indiana, run calling and texting laws with earlier curfews, separate do-not-call lists, or bigger per-violation penalties. Teams that only check TCPA are exposed. This checklist covers the key state rules, who they cover, and what to change.
Why does TCPA compliance alone leave you exposed?
TCPA is a floor. States are free to build higher, and many have. The statute, codified at 47 U.S.C. § 227, is the federal baseline for outbound calling and texting, but its own savings clause invites states to go further. The Act "does not preempt any State law that imposes more restrictive intrastate requirements or regulations on, or which prohibits, the use of automatic telephone dialing systems." [1] That one sentence is the source of a compliance gap most small teams never see coming.
Most small sales teams set their dialer to the TCPA rules and call it done: 8 a.m. to 9 p.m. local time, a National DNC scrub every 31 days, written consent for ATDS calls to cell phones. That's table stakes. But if your leads include residents of Florida, Oklahoma, Washington, Indiana, or a handful of other states, you can break that state's law while staying inside every federal line.
The enforcement gap runs deeper than most people think. State attorneys general have their own investigators and don't wait for private plaintiffs. Some state-law claims clear class certification more easily than a pure TCPA class action. And state statutory damages can stack on top of TCPA damages in the same suit.
One campaign with multi-state leads can generate simultaneous exposure under three or four legal regimes.
The only real fix is a state-by-state layer in your workflow, sitting on top of the federal pass.
Which states have calling laws stricter than TCPA?
At least 12 states run telemarketing rules tougher than TCPA on hours, consent, penalties, or do-not-call lists. The table below covers the ones compliance teams hit most often. It's a starting inventory, not the whole map, and legislatures change these laws often. Treat it as a first pass, not a substitute for counsel.
| State | Key law(s) | Strictest difference from TCPA |
|---|---|---|
| Florida | Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059 | Private right of action for ANY automated call/text to FL number without prior express written consent; $500 per violation, $1,500 if willful [2] |
| Oklahoma | Oklahoma Telephone Solicitation Act, 15 Okla. Stat. § 775A | Calling hours 9 a.m. to 8 p.m.; state DNC list maintained separately from federal |
| Washington | RCW 80.36.390 and the Consumer Protection Act, RCW 19.86 | Treble damages available under CPA; AG enforcement with civil penalties up to $2,000 per violation [3] |
| Indiana | Ind. Code § 24-4.7 | Indiana DNC list; $10,000 per violation for selling or disclosing list data; calling hours 9 a.m. to 9 p.m. |
| Texas | Tex. Bus. & Com. Code §§ 302.001-305.053 | State DNC list; AG can seek civil penalties up to $10,000 per violation; 9 a.m. to 9 p.m. calling hours [4] |
| California | CPUC General Order 168; also CCPA for data tied to leads | Restrictions on prerecorded messages; CCPA data rights requests may require suppression of consumer records |
| Colorado | Colo. Rev. Stat. § 6-1-903 | State DNC list; civil penalty up to $10,000 per violation |
| Louisiana | La. Rev. Stat. § 45:844.11 et seq. | 9 a.m. to 8 p.m. hours; state DNC registration required |
| Missouri | Mo. Rev. Stat. § 407.1095 | State DNC list; $5,000 per violation |
| Tennessee | Tenn. Code Ann. § 65-4-401 | State DNC list; $10,000 per violation for repeat offenders |
| Minnesota | Minn. Stat. § 325E.27 | Calling hours 9 a.m. to 9 p.m.; state DNC scrub required |
| Pennsylvania | 73 Pa. Stat. Ann. § 2241 | Written consent required for certain solicitations; state DNC list |
Florida's FTSA is the one keeping compliance attorneys busy right now. The 2021 amendment created a private right of action for texts sent with automated systems to Florida numbers without prior express written consent, even when the consumer gave an ordinary opt-in. [2] Dozens of class actions followed in 2022 and 2023. Florida has been the most litigated state telemarketing statute in the country since that change.
What does Florida's FTSA actually require that TCPA doesn't?
Florida's FTSA wants consent that names the automated technology, cuts calling at 8 p.m. local, and lets any recipient sue without proving a dime of harm. Fla. Stat. § 501.059 is the most litigated state telemarketing statute in the country, and the gap from TCPA is not academic. [2]
Under TCPA, you can send marketing texts by ATDS with any valid prior express written consent. Florida added a twist: the consent has to point at the type of message you're sending. Courts read this to mean a generic website opt-in that says "I agree to receive communications" may fall short for a Florida plaintiff. The language needs to reference automated calls or texts specifically.
Florida sets damages at $500 per violation and $1,500 for willful ones, matching TCPA. The difference is procedural. The private right of action carries no requirement to prove actual damages, and that zero-harm standard is what makes class certification easier for plaintiffs' counsel.
Calling hours run 8 a.m. to 8 p.m. local, an hour tighter in the evening than TCPA's 9 p.m. cutoff. That single hour is a real operational change if your closers work East Coast evenings.
The FTSA also keys off the number's area code, not where the consumer sits. That matters for mobile numbers. A 305 number whose owner moved to Georgia is still a Florida FTSA risk under many courts' reading.
If Florida is in your geography, the minimum change is three moves: pull your auto-dial cutoff back to 8 p.m. Eastern, audit your consent language for specificity, and tag Florida numbers separately in the CRM.
Do state DNC lists actually matter if you already scrub the federal list?
Yes. Skipping state DNC lists is one of the most common gaps on small outbound teams, and it's an easy one to miss because the federal scrub feels like enough.
The National Do Not Call Registry, run by the FTC, covers interstate calls. [5] But at least 14 states keep their own do-not-call lists that protect state residents whether the call is intrastate or interstate. Scrub only the federal registry and you miss everyone sitting on those state lists.
States with active, separate DNC lists include Indiana, Texas, Colorado, Missouri, Tennessee, Wyoming, Louisiana, and Oklahoma. Access varies. Some lists are free, some charge a nominal fee, and some make you register before you can download anything. Indiana's list, for example, runs through the Office of the Attorney General and requires registration first.
The checklist item is simple. Pull every state in your lead file. Check whether each one keeps its own DNC list, register where required, then download and suppress before you dial. Run it on the same 31-day cycle as the federal list, or faster if a state demands it. Texas requires scrubbing within 30 days. [4]
For how the federal list works and how to access it, our do not call list and how do I get the do not call list guides cover the subscription and scrubbing mechanics.
If your dialer or CRM can't handle multi-list suppression on its own, you need middleware or a data vendor that keeps combined federal-plus-state DNC files. Several exist. Pricing for small teams typically runs $50 to $300 per month depending on call volume.
What calling hours do states require beyond TCPA's 8am-9pm window?
TCPA allows 8 a.m. to 9 p.m. in the called party's local time. Several states cut both ends tighter, and Oklahoma and Louisiana are the strictest at 9 a.m. to 8 p.m.
| State | Allowed calling hours |
|---|---|
| Federal TCPA | 8:00 a.m. to 9:00 p.m. local |
| Florida (FTSA) | 8:00 a.m. to 8:00 p.m. local |
| Oklahoma | 9:00 a.m. to 8:00 p.m. local |
| Louisiana | 9:00 a.m. to 8:00 p.m. local |
| Texas | 9:00 a.m. to 9:00 p.m. local |
| Indiana | 9:00 a.m. to 9:00 p.m. local |
| Minnesota | 9:00 a.m. to 9:00 p.m. local |
| Colorado | 9:00 a.m. to 9:00 p.m. local |
The practical consequence: if your dialer opens at 8 a.m. Eastern and you have Oklahoma or Louisiana numbers in the queue, you have to hold those records until 9 a.m. local. Most major dialers detect per-number timezone and split calling windows by region, but you have to configure it. It doesn't happen on its own.
Same story on the evening end. Florida's 8 p.m. limit means your last auto-dial to a 305, 786, 954, 561, or 407 number needs to fire before 8 p.m. Eastern. That's earlier than your TCPA cutoff and it will catch you if you're not watching.
Nobody has clean data on how often teams get cited for hour violations versus consent violations. What we do know: state AG enforcement actions against telemarketers regularly list calling outside permitted hours as a secondary charge alongside DNC failures. The safest configuration is to apply the tightest window that touches any lead in that timezone, not the average.
How does Washington's Consumer Protection Act create extra TCPA-like risk?
Washington is dangerous because it comes at you from a different angle. Instead of leaning on a telemarketing statute alone, Washington uses its Consumer Protection Act (RCW 19.86) to hit unfair or deceptive telemarketing, and that statute lets private plaintiffs collect treble damages up to $25,000 per violation plus attorney fees. [3]
The Washington AG's office has separately pursued civil penalties up to $2,000 per violation for calling-hour and DNC failures under RCW 80.36.390. That runs alongside the CPA treble-damages exposure, not instead of it.
The combination is what stings: a state DNC list, a calling-hours rule, and a general unfair-practices statute private plaintiffs can invoke for conduct the specific telemarketing law never named. Courts in Washington have applied the CPA to autodialed texts and to calls that hide their commercial nature.
The move for Washington is to slot it into your "heightened scrutiny" tier: a separate calling window, a state DNC scrub, and a human reading the consent language on Washington-area-code numbers before any campaign launches.
What is the actual compliance checklist your outbound team should run?
This is the operational checklist. Run it before any new campaign and again as a quarterly audit for ongoing programs.
Before the campaign:
1. Map your lead file to states by area code and, where you can, by billing address or confirmed location. Area code is a proxy, not proof.
2. For each state in your file, check four things: (a) does it have its own telemarketing statute? (b) does it keep a separate DNC list? (c) what are its permitted calling hours? (d) what's its consent standard?
3. Scrub against both the National DNC Registry [5] and every state DNC list your geography touches. The federal scrub runs through the FTC's Telemarketing Sales Rule access portal.
4. Review consent language specifically for Florida (FTSA specificity) and California (CCPA, if you're handling lead data from a broker or third party).
5. Configure the dialer with state-specific calling windows. Tightest rule wins when you can't confirm exact location: 9 a.m. to 8 p.m. covers Oklahoma and Louisiana on the early end and Florida on the late end.
6. Document consent for every record: date, source, the exact language the consumer saw, and the IP address if it came from the web.
Ongoing:
7. Re-scrub the federal DNC at least every 31 days. [5] Several state lists want 30-day or shorter cycles.
8. Process opt-outs inside the window your state statutes require. TCPA gives you 30 days to honor a DNC request at the federal level. Some state statutes move faster.
9. Train every new caller on the state rules for your active geographies. TCPA training alone won't cover you if you dial Florida or Washington.
10. Keep a written internal DNC list and honor it indefinitely, well past the 5 years TCPA requires.
The LeadCompliant compliance kit ships with state-specific calling-hour worksheets and consent templates if you want a pre-built version of this. The steps above work no matter what tools you run.
For teams doing cold calling at scale, the state scrub layer often adds more day-to-day complexity than the federal TCPA rules themselves. Plan for it.
What consent standards do states require for texts and calls?
State consent rules are where the variation gets granular, and where most small teams carry their biggest gap. Florida wants consent that names the automated technology. California wants deletion requests honored. The federal baseline is only the starting point.
TCPA requires "prior express written consent" for marketing calls and texts to cell phones made with an ATDS or prerecorded voice. [1] The FCC defines that consent to need a clear and conspicuous disclosure plus a signature, which can be electronic. That's the floor.
Florida's FTSA reads narrower. The consent has to reference automated telephone technology and tie to the specific type of communication you're sending. A generic "I consent to be contacted" checkbox has failed in Florida courts. [2]
California's CCPA doesn't set a consent standard for calls, but if you sourced leads through a third-party data provider, California consumers now have a right to know who holds their data and to opt out of its sale or sharing. When a California consumer files a CCPA deletion request, you have 45 days to respond and must honor the deletion, which in practice means suppression from future outreach. Ignore the deletion request and keep calling, and you compound your exposure. [6]
Washington's My Health My Data Act (2023) covers certain health-related data and can reach healthcare-adjacent campaigns targeting Washington residents. It carries a private right of action. It isn't TCPA-adjacent, but it intersects for teams in health insurance, Medicare, or wellness.
Text marketing sets a higher documentation bar than voice. Every text campaign should hold a record of the exact opt-in message the consumer saw, the timestamp, the source URL or form name, and the consumer's affirmative action. Our text message marketing guide walks through building that paper trail.
The recommendation: keep consent records at least 5 years (the TCPA standard) and tag each record with the state of acquisition, so you can apply state-specific rules retroactively if a state tightens its law.
What penalties can states actually impose on top of TCPA damages?
State penalties stack on top of TCPA's $500 per violation and $1,500 for willful ones, because the claims come from different statutes. [1] Texas, Indiana, and Colorado each set AG penalties up to $10,000 per violation. Washington layers treble damages up to $25,000 for private plaintiffs on top of AG civil penalties.
Here's the honest picture of maximum per-violation penalties where states set them by statute:
| State | Max per-violation penalty (civil) | Who can sue |
|---|---|---|
| Florida (FTSA) | $500 / $1,500 willful | Private plaintiff + AG [2] |
| Texas | $10,000 | AG only [4] |
| Indiana | $10,000 per DNC violation | AG only |
| Colorado | $10,000 | AG only |
| Washington (CPA) | $2,000 AG + treble damages up to $25,000 private | Both [3] |
| Missouri | $5,000 | AG only |
| Tennessee | $10,000 (repeat) | AG only |
For a small outbound team, the real exposure usually isn't the per-call number. It's the aggregate from a class action. The Credit One TCPA settlement and the Cash App TCPA class action settlement both show how fast individual statutory damages pile up in class cases, even with no proof of actual harm.
The harder reality is quieter. Most small teams never see a multi-million-dollar class action. They see an AG inquiry sparked by one consumer complaint, a demand letter from a plaintiffs' attorney, or a single-plaintiff TCPA case. Defending even a frivolous single-plaintiff case runs $20,000 to $50,000 in legal fees before you start settlement talks. Compliance costs less than that.
How does the 2024 FCC one-to-one consent rule interact with state consent requirements?
In December 2023, the FCC ordered that written consent for telemarketing calls and texts be obtained one-to-one, meaning a single consent can't authorize calls from multiple different sellers. [7] The rule was set for January 2025 but hit legal challenges that scrambled its timeline. The Eleventh Circuit vacated the one-to-one provision in early 2025, so its future is uncertain. Build for it anyway.
Here's the state-law tie-in. Several state statutes already forced something close to one-to-one consent, because their "specific" consent language made broad multi-seller consents legally risky. Florida was the clearest case. So if you updated consent flows for the FCC rule, you likely moved toward Florida compliance at the same time.
If you haven't updated your consent flow to capture consent one seller at a time, that's the highest-priority fix on this list. Shared lead consent from comparison-shopping sites, aggregators, and third-party publishers is the biggest documentation risk in the market. The FCC's whole point in the 2023 order was to kill the practice of one consumer consent authorizing dozens of sellers to call.
The mobile phone do not call list and the do not call telemarketer list guides explain what consumers can do to stop unwanted calls, which is useful context for understanding what triggers complaints and AG referrals.
What should teams with multi-state lead files actually do differently operationally?
Most guides stop at "know the rules." Here's what changes in your day-to-day.
First, segment your lead file before it ever hits the dialer. Tag each record with the state its area code implies, and where you can, cross-reference the billing or mailing address your data provider carries. The two fields won't always agree. When they don't, take the conservative path and apply whichever state's rules are stricter.
Second, build state-specific calling windows into the dialer, not into an agent's memory. Agents forget. A dialer configured correctly does not. Set Florida to close at 8 p.m. Set Oklahoma and Louisiana to open at 9 a.m. These take about 20 minutes to set up in most enterprise dialers and wipe out an entire category of violation.
Third, run a dual-list scrub. Your DNC vendor should run federal plus state lists in a single pass. If it can't, either switch vendors or add a pre-suppression step using state list files you download straight from state AG offices. Several states offer their lists for free.
Fourth, document consent at the record level, not the campaign level. When a plaintiff's attorney demands proof of consent for one phone number, you need a consent record tied to that number, not a description of your campaign's opt-in flow.
Fifth, log and honor opt-outs in your internal DNC system immediately. "Immediately" in practice means the same business day. Some state statutes use different language than TCPA's 30-day window, and the FTC's Telemarketing Sales Rule requires internal DNC requests be honored within a reasonable time, which enforcement has treated as no more than 30 days and often less. [8]
For cold call teams buying leads from aggregators, add a contract clause: the vendor certifies consent was obtained one-to-one and that the consent language named your company. Get it in writing before any campaign launches.
Are there state laws that cover B2B outbound calls too?
Yes. TCPA's DNC protections mostly cover residential numbers and cell phones, so B2B calls to landlines sit largely outside its scope, though ATDS calls to cell phones stay regulated whatever the call's purpose. But several state DNC laws reach further and can pull B2B calls in.
Some state statutes protect any telephone subscriber, not only residential ones, which sweeps B2B calls into scope when the called party has registered the number. Colorado's law covers "subscribers" with no residential limit in some provisions. Indiana's DNC list covers numbers registered by any subscriber.
So if a small-business owner puts a business cell on Indiana's state DNC list, an outbound B2B call to that number can violate Indiana law even though TCPA would never reach it.
The honest caveat: B2B-focused teams generally see less TCPA litigation than consumer-facing teams, because the statutory damage structure is less attractive for class certification. But state AG enforcement doesn't need class certification, and a complaint from one business owner to a state AG can trigger the same investigation as any consumer complaint.
The minimum B2B checklist is short. Check whether your target states' DNC lists cover business numbers or "any subscriber," and add those lists to your suppression workflow even if you only call businesses.
Where can I find state-specific telemarketing laws to verify the current rules?
Go to the primary sources. State statutes change, and the table earlier reflects the rules as of mid-2025. Florida amended its FTSA in 2023, Washington passed the My Health My Data Act in 2023, and several states have live legislative proposals. Verifying against the statute itself isn't optional.
Where to look, by state:
- Florida: Florida Legislature's online statute database at flsenate.gov for § 501.059
- Texas: Texas AG telemarketing page at texasattorneygeneral.gov for the Do Not Call rules [4]
- Indiana: Indiana AG consumer protection page for DNC list registration [10]
- Washington: Washington AG consumer protection page for telemarketing rules [3]
- Colorado: Colorado AG consumer protection section at coag.gov [11]
- Federal baseline: FCC's TCPA resource page at fcc.gov [9]
- FTC Telemarketing Sales Rule: ftc.gov for the TSR and National DNC Registry rules [5]
LeadCompliant's compliance kit pulls the key thresholds from each state's statute into a single reference worksheet, which helps when you need to brief a non-lawyer sales manager fast. The free checkers on the site let you verify a phone number against the federal DNC registry before a campaign.
One thing said plainly: nothing here is legal advice. State telemarketing interpretation shifts by circuit, changes with new legislation, and turns on facts specific to your calling practices. If you dial at volume into any of the high-risk states above, a one-hour consult with a TCPA-specialized attorney costs far less than the first demand letter you get.
Frequently asked questions
Which states are the most aggressive about enforcing telemarketing laws beyond TCPA?
Florida, Washington, and Texas lead in 2024-2025. Florida has produced the most private class action litigation under the FTSA since its 2021 amendment. Washington's AG pursues civil penalty actions under the Consumer Protection Act. Texas AG has filed multi-million-dollar penalty suits against telemarketers who ignored the state DNC list. Indiana's AG also actively enforces its DNC list violations.
Does TCPA preempt state telemarketing laws?
No. TCPA's savings clause at 47 U.S.C. § 227(e)(1) preserves state laws more restrictive than TCPA. States set tighter consent standards, shorter calling windows, and separate do-not-call lists. Federal courts have consistently held that state telemarketing statutes are not preempted when they give consumers greater protection than TCPA provides.
How often do I need to scrub against state DNC lists?
It depends on the state. The federal National DNC Registry requires scrubbing every 31 days. Most state DNC statutes use similar 30-31 day windows, but check each one. Indiana and Texas both require scrubbing within 30 days of a registration or update. Some compliance vendors run combined federal-plus-state scrubs on the federal cycle, which is the simplest path for most small teams.
What is Florida's FTSA and why is it generating so many lawsuits?
Florida's Telephone Solicitation Act (Fla. Stat. § 501.059) was amended in 2021 to create a private right of action for automated calls and texts to Florida numbers without prior express written consent specific to automated communications. The $500 per-violation damages require no proof of actual harm, which makes class certification attractive. Dozens of class actions followed in 2022 and 2023, making it the most litigated state telemarketing statute in the country.
Do state calling-hour restrictions apply to the caller's time zone or the recipient's?
The recipient's local time, same as TCPA. Both the TCPA and state telemarketing statutes apply the called party's local time zone to calling hours. If you call a Florida number from California at 5 p.m. Pacific, that's 8 p.m. Eastern, which is the FTSA cutoff. You have to detect the called party's time zone, not your own.
Can a consumer sue under both TCPA and a state telemarketing law in the same lawsuit?
Yes. Plaintiffs routinely plead federal TCPA claims and state law claims in the same complaint. Because they arise under different statutes, damages can theoretically stack, though courts may apply offsets in some cases. That's one reason multi-state exposure is expensive to defend: you face dual-statute claims, and defeating one leaves the other standing.
Does California's CCPA affect outbound calling compliance?
Indirectly but meaningfully. CCPA doesn't set calling hours or ATDS consent standards, but it gives California consumers the right to request deletion of their personal data. If a consumer files a deletion request and you keep calling, you compound TCPA exposure with a CCPA violation. For teams using third-party lead data, CCPA also affects how that data was legally shared and whether the original consent covered your use.
What should consent language say to satisfy both TCPA and strict state standards like Florida's?
The consent should name your company specifically, state that the consumer agrees to receive automated telephone calls or text messages, describe the general subject of those communications, and make clear that consent is not a condition of purchase. Broad language like "I consent to be contacted" has failed in Florida courts. The consent must reference automated technology to satisfy the FTSA's more demanding standard.
Are B2B outbound calls exempt from state telemarketing laws?
Partially. TCPA's residential DNC protections don't cover business numbers, but several state DNC statutes cover any registered subscriber, including businesses. Indiana and Colorado are examples where a business-registered number may sit on the state DNC list. Check whether your target states' statutes say 'subscriber' rather than 'residential subscriber' before assuming B2B calls are exempt.
What is the one-to-one consent rule and how does it affect state law compliance?
The FCC's December 2023 order required telemarketing consent to name a specific seller, so one consumer consent could not authorize calls from multiple companies. The Eleventh Circuit vacated the provision in early 2025, leaving its future uncertain. Several states, Florida especially, already required consent specificity that accomplished the same thing. Teams still using shared lead consent from aggregators stay exposed to state claims regardless.
How do I know if a state has its own do-not-call list?
States with active separate DNC lists include Indiana, Texas, Colorado, Missouri, Tennessee, Louisiana, Oklahoma, Wyoming, and Minnesota, among others. Each state's AG website is the primary source. The FTC's National DNC Registry does not include state lists, so you must check and register separately. Some third-party compliance vendors maintain combined federal-plus-state scrub services for an added fee.
What records should I keep to defend against a state telemarketing claim?
Keep consent records tied to individual phone numbers: the date consent was given, the exact language displayed, the source (URL or form name), the IP address if web-based, and the consumer's affirmative action. Keep DNC scrub logs showing the date, list version, and every number suppressed. Keep opt-out logs with timestamps. Most TCPA practitioners recommend holding these records at least 5 years, matching the TCPA statute of limitations.
If I only call leads who requested a callback, do state laws still apply?
Generally yes. State telemarketing statutes apply to solicitations regardless of how the lead originated. An inbound inquiry does establish a prior business relationship in many statutes, which can exempt you from DNC restrictions for a set period (18 months is common at the federal level for existing customers). But that exception isn't universal across state laws, and it doesn't change calling-hour requirements.
Is there a single tool or service that handles all state DNC scrubbing automatically?
Several commercial vendors offer combined federal-plus-state DNC scrubbing, including DNCCOM, Gryphon Networks, and Contact Center Compliance (800response). Pricing for small teams typically runs $50 to $300 per month depending on volume. None of them handle consent documentation, so you still need a separate consent management process. Evaluate vendors by which state lists they include and how often they refresh them.
Sources
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: TCPA savings clause preserving state laws more restrictive than federal requirements; $500/$1,500 statutory damages; prior express written consent requirement for ATDS calls to cell phones
- Florida Legislature, Fla. Stat. § 501.059, Florida Telephone Solicitation Act: Florida FTSA calling hours 8am-8pm, $500 per violation/$1,500 willful, private right of action for automated calls/texts without specific prior express written consent
- Washington State Attorney General, Consumer Protection Division, RCW 19.86: Washington Consumer Protection Act allows treble damages up to $25,000 per violation and AG civil penalties up to $2,000 per violation for telemarketing violations
- Texas Office of the Attorney General, Telemarketing consumer protection: Texas telemarketing law allows civil penalties up to $10,000 per violation; calling hours 9am-9pm; state DNC list maintained separately from federal
- Federal Trade Commission, National Do Not Call Registry, Telemarketing Sales Rule: National DNC Registry covers interstate calls; sellers must scrub within 31 days of a number's registration; FTC administers TSR requirements
- California Attorney General, California Consumer Privacy Act (CCPA) guidance: CCPA gives California consumers right to request deletion of personal data; businesses have 45 days to respond; deletion requests require suppression from future outreach
- Federal Trade Commission, Telemarketing Sales Rule 16 CFR Part 310: TSR requires sellers to maintain internal DNC lists and honor opt-out requests within a reasonable time; FTC enforcement has defined this as no longer than 30 days
- Indiana Office of the Attorney General, Do Not Call Registry: Indiana maintains its own DNC list separate from the federal registry; $10,000 per violation for DNC violations; calling hours 9am-9pm
- Colorado Attorney General, Colorado Do Not Call law, Colo. Rev. Stat. § 6-1-903: Colorado maintains state DNC list; civil penalties up to $10,000 per violation; statute covers any subscriber not limited to residential