Table of Contents
Support Guide
Gathering TCPA & First Party Consent
-
Chloe Larson
New Compliance That Can Impact You
Starting in 2025, new TCPA consent and FCC policies will bring significant changes, particularly targeting lead generation practices and enhancing consumer protections. Here are the key updates:
1. One-to-One Consent Requirement
- Specific Consent: The FCC’s new rule mandates that prior express written consent must be obtained on a one-to-one basis. This means consumers must explicitly consent to receive communications from each individual seller, rather than providing blanket consent for multiple sellers or marketing partners. This aims to eliminate the practice where consumers unknowingly consent to communications from a broad list of affiliates or partners.
- Contextual Relevance: Consent must be logically and topically associated with the interaction that prompted it. For instance, if a consumer provides consent on a car loan comparison website, this consent cannot be used to send messages about unrelated products like loan consolidation.
2. New Compliance Obligations
- Record-Keeping: Businesses relying on lead generators must ensure they have verifiable proof of the specific consent obtained. This includes maintaining records that demonstrate compliance with the one-to-one consent requirement and the specific context in which the consent was given.
- National Do-Not-Call Registry: The protections of the National Do-Not-Call (DNC) Registry are extended to text messages, not just calls. This means telemarketing texts to numbers listed on the DNC Registry are prohibited without proper consent.
3. Additional Measures
- Text Blocking: Wireless service providers are required to block text messages from numbers flagged by the FCC as sources of illegal texts. This measure aims to reduce the volume of unwanted and fraudulent messages consumers receive.
- Email-to-Text Restrictions: The FCC encourages making email-to-text an opt-in service to prevent fraudulent messages originating from email addresses.
4. Implementation Timeline
- The new one-to-one consent rule will take effect on January 27, 2025. Businesses must update their consent collection processes and ensure compliance with the new requirements by this date to avoid potential penalties.
Preparing for Compliance
These changes are designed to enhance consumer protections and ensure clearer, more explicit consent mechanisms in telemarketing and text message communications. Businesses should begin reviewing and updating their consent processes now to prepare for the upcoming compliance deadline.
Steps to Prepare:
- Review Current Practices: Evaluate your current consent collection methods to identify areas that need updating to comply with the new one-to-one consent requirement.
- Update Consent Forms: Modify your consent forms to ensure they capture the necessary explicit consent for each individual seller and include contextually relevant information.
- Implement Verification Processes: Establish double opt-in processes and maintain comprehensive audit trails to verify and document consent accurately.
- Train Staff and Partners: Ensure your team and any lead providers you work with are aware of the new requirements and trained in compliant consent collection practices.
- Regular Audits: Conduct regular audits of your consent collection and record-keeping practices to ensure ongoing compliance with TCPA and FCC regulations.
By proactively updating your processes and leveraging tools like Shape to manage and document consent, you can ensure compliance with the new regulations and protect your business from potential penalties.
Gathering First-Party Consent When Using Lead Providers
To obtain first-party consent when using lead providers, businesses must ensure that the consent is explicit, documented, and compliant with regulatory requirements. Here are the steps to effectively gather first-party consent in this context:
1. Clear and Conspicuous Disclosure
- Informative Consent Language: Ensure that the lead provider uses clear and conspicuous language to inform consumers about the nature of the consent they are providing. This includes specifying the types of communications they will receive (e.g., calls, texts, emails) and identifying the specific business that will be contacting them.
- One-to-One Consent: Under the new TCPA rules effective in 2025, consent must be given on a one-to-one basis, meaning the consumer must explicitly agree to be contacted by each individual business, not a group of businesses or marketing partners.
2. Detailed Consent Forms
- Customized Forms: Lead providers should use consent forms that include checkboxes or fields where consumers can explicitly agree to be contacted by the business. These forms should capture all necessary details, including the consumer’s phone number, email address, and the specific content of the consent given.
- Secure Documentation: Ensure that all consent forms are stored securely and can be easily retrieved for compliance verification. Ideally, this information should also be mapped to Shape’s “Marketing Compliance” or “Marketing Insights” tab for proof and audit protection.
3. Verification Processes
- Double Opt-In: Implement a double opt-in process where the consumer receives a follow-up email or SMS to confirm their consent. This additional step helps verify that the consent is genuine and that the consumer is aware of what they are agreeing to.
- Audit Trails: Maintain comprehensive audit trails that log all interactions related to the consent, including timestamps, IP addresses, and the exact language used in the consent forms.
4. Collaboration with Lead Providers
- Contractual Agreements: Establish clear contractual agreements with lead providers that outline the requirements for obtaining and documenting first-party consent. These agreements should specify the lead provider’s responsibilities in ensuring compliance with TCPA and other relevant regulations.
- Regular Audits: Conduct regular audits of the lead provider’s consent collection processes to ensure they adhere to the agreed standards and regulatory requirements.
5. Compliance with Regulatory Updates
- Stay Informed: Regularly update consent collection practices to comply with the latest regulatory changes, such as the new FCC and TCPA rules. This includes adapting processes to ensure consent is obtained in a manner that is logically and topically associated with the consumer’s interaction with the lead provider.
- Legal Consultation: Consult with legal experts to ensure that all consent collection practices are fully compliant with current laws and regulations.
Example Process:
- Lead Generation: A consumer visits a comparison shopping website and fills out a form expressing interest in a product or service.
- Consent Request: The form includes a checkbox where the consumer explicitly agrees to receive communications from the specific business providing the product or service.
- Follow-Up Confirmation: The consumer receives an email or SMS asking them to confirm their consent by clicking a link.
- Consent Documentation: The business securely stores the confirmed consent details, including the consumer’s information, the date and time of consent, and the specific language used in the consent form. This should be mapped to the appropriate fields in Shape’s “Marketing Compliance” or “Marketing Insights” tab.
By following these steps, businesses can ensure they obtain valid first-party consent from leads provided by third-party lead generators, maintaining compliance with regulatory requirements and protecting consumer privacy.
Key Points
- First-Party Consent: This refers to the consent given by a user directly to the organization. Shape requires that this consent is collected and recorded by the organization using the CRM. Shape has fields or modules to document this consent.
- TCPA Consent: The TCPA regulates telemarketing calls, auto-dialed calls, prerecorded calls, text messages, and unsolicited faxes. Under the TCPA, businesses must obtain express written consent before making these types of communications. Shape can help manage and track this consent, but it is the responsibility of the business to ensure they have obtained and documented this consent properly.
Best Practices
- Clear and Conspicuous Consent Forms: Use clear and conspicuous consent forms.
- Secure Storage: Store consent records securely within the CRM.
- Easy Withdrawal: Provide an easy way for customers to withdraw consent. Shape includes an “Unsubscribe” link at the bottom of all bulk or automated messages. Shape’s text messages support opt-out via terms such as “STOP.” Additionally, Shape offers a DNC.com integration to automatically check against national and state DNC lists, known litigators, and EBR. Internally, Shape also has a do-not-call and full opt-out tracking.
- Regular Audits: Regularly audit consent records for compliance.
CRM Features
Shape can help you structure your business needs with built-in tools to help with compliance, such as consent management modules, automated consent capture forms, and compliance reporting tools. However, the configuration and proper use of these tools are crucial for compliance.
In summary, it is up to the organization to ensure that they are collecting and recording consents in accordance with relevant laws and regulations.
Gathering Consent from Referral Leads
When businesses gather leads from referrals, obtaining first-party consent in a compliant manner is essential. Here are some best practices for collecting first-party consent from referral leads:
1. Referral Forms with Consent Checkboxes
- Use of Co-Branded Landing Pages: Utilize Shape’s co-branded landing pages, which include explicit checkboxes where the referrer confirms they have obtained consent from the referred party to share their contact information.
- Clear Explanation: If not using Shape co-branded portals or Lead Engine pages, ensure your forms include a clear explanation of how the referred party’s information will be used and a checkbox for the referrer to confirm consent.
2. Welcome Emails or Messages
- Initial Contact: Once the referred lead’s information is received, send a welcome email or message to the referred individual.
- Request for Consent: This message should clearly state that their information was provided through a referral and request explicit consent for further communication.
- Include Privacy Policy: The message should include a link to the business’s privacy policy and a method for the referred individual to opt-in (e.g., clicking a confirmation link) or opt-out if they do not wish to receive further communications.
3. Double Opt-In Processes
- Verification Step: Implement a double opt-in process to ensure compliance. After the initial referral, send an email to the referred individual asking them to confirm their consent by clicking a link or replying to the email.
- Consent Confirmation: This additional step verifies that the referred individual is aware of and consents to the communication.
4. Consent Capture Forms on Websites
- User-Friendly Forms: If referrals are directed to the business’s website, use a consent capture form. This form should explain that the individual was referred by someone and request their explicit consent to receive communications from the business.
- Clear Purpose: The form should be user-friendly and clearly state the purpose of collecting the consent.
5. Clear Privacy Policies
- Transparency: Maintain a clear and accessible privacy policy outlining how personal information, including referral information, is collected, used, and protected.
- Easy Access: Ensure the privacy policy is easily accessible from referral forms, emails, and any consent capture forms.
6. Training and Guidelines for Referrers
- Educate Referrers: Provide training and guidelines to individuals or partners who refer leads, ensuring they understand the importance of obtaining consent and how to do so properly.
- Provide Templates: Offer sample scripts or templates for how to ask for consent and explain the referral process.
7. Documenting Consent
- Secure Storage: Document and securely store all consents obtained within Shape or a consent management system.
- Tracking Details: Shape’s “Marketing Insights” or “Marketing Consent” tab includes fields to track all consent and opt-out details, including consent date, a unique identifier, IP address, form URL where consent was captured, and types of opt-ins (Call, Text, Email, TCPA, or full opt-out).
- Comprehensive Records: Documentation should include the date, time, and method of consent, as well as any specific terms agreed to by the referred individual.
By following these practices, businesses can ensure they obtain and document first-party consent from referred leads in a manner that complies with relevant laws and regulations.
Step-by-Step Process for Capturing First-Party Consent
You can capture first-party consent using Lead Engine lead forms. This process involves sending a click-through link to request consent with proper language, ensuring compliance and transparency. The collected consent data can be seamlessly populated back into the "Marketing Compliance" or "Marketing Insights" tab, capturing essential details such as the IP address, form URL, opt-in language, consent method, and more.
1. Initial Data Collection with Lead Engine Lead Forms
- Utilize Lead Engine Forms: Use Lead Engine lead forms to gather preliminary lead information.
- Capture Essential Details: We ensure these forms include fields to capture consent details such as the individual’s IP address, form URL, and the method by which the consent was obtained.
2. Sending a Click-Through Consent Request
- Request Consent: If you receive lead information from an external source without first-party consent, send an email or SMS containing a click-through link to the referred individual.
- Clear Explanation: The message should clearly explain why the individual is receiving it and provide a brief overview of the consent request.
3. Designing the Consent Page
- Dedicated Consent Page: The click-through link should direct the individual to a dedicated consent page on your Lead Engine product.
- Explicit Language: This page must include clear and explicit language about how their data will be used, the benefits of opting in, and the nature of the communications they will receive.
- Legal Compliance: Ensure the consent page complies with legal standards and provides links to the privacy policy and terms of service.
4. Capturing and Recording Consent
- Automatic Recording: Upon the individual’s consent via the click-through link, automatically record all relevant information:
- IP Address: To verify the location from which the consent was given.
- Form URL: To track the source of the consent.
- Opt-In Language: The exact wording used to obtain consent.
- Consent Method: Whether consent was given through email, SMS, or another method.
- Timestamp: The date and time when consent was provided.
5. Integrating Consent Data into the CRM
- Automated Workflows: Shape’s automated workflows populate the collected consent information into the “Marketing Compliance” or “Marketing Insights” tab within your CRM.
- Secure Storage: This ensures that the data is stored securely and is easily accessible for future reference and compliance audits.
6. Maintaining Compliance and Auditing
- Regular Audits: Regularly review and audit the stored consent records to ensure ongoing compliance with data protection regulations such as GDPR, CCPA, and TCPA.
- Withdrawal of Consent: Shape’s built-in communication tools allow individuals to easily withdraw their consent, and these requests are promptly honored.
Benefits of this Approach
- Enhanced Transparency: Clearly communicates to leads why their information is being collected and how it will be used.
- Improved Compliance: Ensures all necessary consent details are captured and stored in compliance with relevant regulations.
- Streamlined Process: Automates the collection and recording of consent data, reducing manual effort and the potential for errors.
- Better Data Management: Centralizes consent information within your CRM, making it easier to manage and access.
By following these steps, you can effectively capture and document first-party consent, ensuring both compliance and a positive experience for your leads.
