Federal, state law liability for call center operators

Anthony A. Bongiorno, Matthew R. Turnell and 
Matthew L. Knowles, The Daily Record Newswire

Call center operations are essential for a wide range of businesses. However, both inbound and outbound calls present a complex series of risks in light of overlapping state and federal laws and regulations concerning whom businesses may call and under what circumstances they may monitor and record calls.

Two aspects of call center compliance that have attracted great attention from an active class-action plaintiffs' bar are restrictions on outgoing calls under the Telephone Consumer Protection Act of 1991 - or TCPA - and restrictions on recording calls found in California Penal Code §632.7, known as the California Wiretapping Law.

Both laws include statutory damages that can be quite significant when aggregated across large-scale call center operations.

The TCPA, for example, prescribes statutory damages of up to $1,500 per call for willful violations, and the California Wiretapping Law sets statutory damages at up to $5,000 per call. With that math, as well as the potential for substantial class-action attorneys' fees, it is easy to see why plaintiffs' firms are aggressively stalking their prey.

These lawsuits can be expensive and disruptive, even when a business has done little or nothing wrong. A review of best practices to avoid liability in the first place, as well as steps to better respond should a claim arise, follows.

The TCPA

The TCPA imposes significant restrictions on voice and fax calls made to business, residential and mobile numbers. It also applies with equal force to text messages, which are considered "calls" under the TCPA.

The TCPA contains a complex web of restrictions; it imposes different requirements based on the device linked to the telephone number called and the technology used to place the call.

The strictest limits apply to calls to mobile phones placed using an automatic dialing system or any calls using an artificial or pre-recorded message. As there is no reliable way to distinguish between mobile and landline numbers, businesses are well advised to treat all numbers as mobile numbers until proven otherwise.

That, in turn, requires compliance with one of the TCPA's strictest rules: As of October 2013, the TCPA requires - with very limited exceptions - that businesses have prior express written consent before making automatically dialed or pre-recorded calls to mobile phones.

Consent must be obtained unambiguously, in writing, and cannot be a condition of completing a transaction. While electronic signatures are permissible, the burden of proof to show consent is on the caller, making good recordkeeping essential.

California Wiretapping Law

Another threat of liability comes from the California Wiretapping Law. While it is a California statute, courts have interpreted the law to apply to all calls to or from a California resident, no matter the location of the call center. That means that the California Wiretapping Law is effectively a national standard.

In simple terms, the California Wiretapping Law prohibits recording confidential calls without the consent of all parties. However, under the California Wiretapping Law, when a call is made to or from a mobile phone, the conversation is presumed to be confidential, and thus recording violates the law unless the caller is informed that he will be recorded.

Here again, because call center operators have no reliable way of knowing whether they are calling or being called by a mobile phone or a landline, the operator must assume that the number is a mobile number.

Avoiding liability

If your call center is placing automatically dialed or pre-recorded calls, or if you have a policy of recoding some or all calls you make or receive, the bottom line is that your practices should be reviewed by an experienced data privacy professional. Given the complexity of the rules, this relatively small investment of time is well worth the cost considering the risk of future liability.

With respect to both the TCPA and the California Wiretapping law, you need to keep close records of how consent was obtained for each call, as the caller bears the burden of proving consent.

With respect to TCPA compliance, it is absolutely necessary to make sure that when callers opt out of future calls, thus revoking consent, businesses honor their requests as quickly as possible (and similarly, make sure that your company promulgates updates from the national do-not-call list frequently).

Note that when the FCC's new rules took effect in October 2013, increasing the level of consent required for auto-dialed or pre-recorded calls to mobile numbers, the FCC made clear that there is no "grandfathering" for existing relationships: If the consent you had before is no longer sufficient under the new standard, you must "upgrade" the consent in writing to comply with the new rules.

With respect to recording incoming and outgoing calls, one of the first things callers hear should be an unambiguous message that calls will be recorded. The announcement should be set up so it cannot be bypassed by pressing 0 or any other key, as that protocol presents an opportunity for aggressive plaintiffs.

As with the TCPA, it is essential under the California Wiretapping Law to document business practices carefully. Your records must reflect that you informed callers of your practice of recording calls. That is all the more difficult with respect to outgoing calls, where businesses often prefer to avoid having a robotic message be the first thing that recipients hear.

Likewise, your written customer agreements and disclosures should inform customers that calls to your business may be recorded (but keep in mind that such statements standing alone may not be sufficient for California Wiretapping Law purposes).

Finally, even if you have solid policies in place, errors can happen. Consider investing in insurance that covers TCPA claims.

Similarly, if you contract out your call center operations, make sure your contracts have appropriate representations, warranties and indemnifications such that your call center operator is required to comply with the TCPA and the California Wiretapping Law, and that it will bear responsibility for any noncompliance.

When you get sued

Even the best compliance program will not prevent all lawsuits. Aggressive plaintiffs are known to "shoot first and ask questions later" with respect to TCPA and California Wiretapping Law claims. Accordingly, the reality is that businesses may well face lawsuits despite having done little to nothing wrong.

However, the flip side of this new, high-volume litigation trend is that when plaintiffs can be convinced that they have chosen a poor target, lawsuits can be disposed of quickly and cheaply.

Thus, it is in the defendant's interest to gather the relevant facts as quickly as possible. Consider engaging in early, informal discovery when appropriate. That is where being a good record-keeper helps immensely: Confronted with computer records showing the absence of a violation, plaintiffs' attorneys are typically unwilling to invest significant time and effort in pursuing a class action that is unlikely to pay off.

Finally, remember that, at the end of the day, class certification is the real game. Even if there is liability for a single plaintiff or small group of plaintiffs, when you can show that the necessary commonality, typicality and other qualifications for class certification are absent, litigation typically can be resolved on very reasonable terms.

California courts in particular recently have taken a skeptical view of class certification in wiretapping suits, noting that such claims are often intensely fact specific.

Conclusion

The TCPA and the California Wiretapping Law have drawn the attention of a broad and aggressive plaintiffs' bar. If your business runs a call center of any kind, you must be cognizant of the risk of liability. If you do not use automatic dialing and do not record calls, make sure that the absence of such practices is carefully documented.

If you do place outgoing calls using any sort of automatic dialing system, your policies and practices should be audited for TCPA compliance. And to the extent you need to record calls for quality assurance and compliance, make sure that all callers receive an unambiguous and unavoidable disclosure of the same.

Finally, if you do get sued despite doing the right things, act quickly. Litigation is frustrating and distracting, but the right documentation can help minimize costs when resolving claims under the TCPA and the California Wiretapping Law.

-----

Anthony A. Bongiorno is a partner at McDermott, Will & Emery where he heads the Boston trial group. He dedicates a substantial portion of his practice to data privacy and data security matters. Matthew R. Turnell is a partner in the firm's Boston office and focuses on complex commercial litigation and arbitration, government investigations, and privacy and data security. Matthew L. Knowles is an associate who focuses on complex commercial litigation and government investigations.

Published: Thu, Sep 11, 2014