Overview
Addendum template for existing vendor agreements adding TCPA compliance obligations, audit rights, and indemnification. Proper documentation is both a regulatory requirement and your strongest defense against TCPA claims.
Why Documentation Matters
In TCPA litigation, the burden of proving consent often falls on the caller. Without comprehensive documentation, companies cannot demonstrate that proper consent was obtained, DNC procedures were followed, or compliance training was provided. Documentation is not just a best practice; it is a legal necessity.
Core Documentation Requirements
- Consent records: Time-stamped evidence of consumer consent including the specific language presented, method of consent (checkbox, signature), and consumer identifying information
- DNC compliance records: DNC registry subscription records, scrubbing dates and results, internal DNC list with request dates
- Call records: Call detail records showing all outbound calls with date, time, number dialed, duration, and disposition
- Training records: Evidence of employee training including dates, topics covered, attendees, and assessment results
- Policy documents: Current and historical versions of all compliance policies and procedures
- Vendor records: Vendor agreements, compliance certifications, and audit results
Retention Periods
Recommended minimum retention periods for TCPA compliance documentation:
| Document Type | Minimum Retention | Rationale |
|---|---|---|
| Consent records | 5 years from last contact | 4-year statute of limitations plus buffer |
| Call detail records | 5 years | Statute of limitations plus buffer |
| DNC scrubbing records | 5 years | Safe harbor defense documentation |
| Call recordings | 5 years | Litigation defense evidence |
| Training records | 5 years after employment ends | Compliance program evidence |
| Compliance policies | Permanently (all versions) | Historical compliance demonstration |
| Vendor agreements | 5 years after termination | Indemnification claims |
Implementation Steps
- Inventory all TCPA-related documentation currently maintained
- Identify gaps in your current documentation practices
- Create or update documentation templates for each required category
- Establish a centralized document management system or process
- Assign responsibility for maintaining each documentation category
- Implement automated documentation where possible (consent capture, call logging)
- Create a retention and destruction schedule
- Train all relevant staff on documentation requirements
- Conduct periodic audits to verify documentation completeness
Best Practices
- Use version control for all compliance policies and consent language
- Maintain screenshots of web forms and landing pages alongside consent records
- Store documentation in a tamper-evident system with access controls
- Back up consent records and call data to a separate location
- Document the chain of custody for consent evidence
- Create a documentation checklist for new campaigns and lead sources
Technology Considerations
Consider implementing technology solutions to automate documentation including consent management platforms, CRM compliance modules, call recording and storage systems, and document management systems with version control and retention automation.