BLOGS: Privacy and Data Protection

Tuesday, March 29, 2016, 6:23 PM

Top Twelve TCPA DOs and DON’Ts for businesses doing outbound automated or prerecorded calling

We have assembled our “Top 12 TCPA Dos and Don’ts”.  We’re certain others exist that could be added to this list, but this is an introductory sanity check for a company’s outbound calling practices under TCPA laws and regulations.  (Of course, this is not intended as nor should be considered legal advice, and you should consult an attorney for specific legal advice involving your particular business practices.) 


(1)          Maintain an up-to-date, company-specific, written Do-Not-Call Policy to be produced on-demand?

(2)          Need to know the different requirements applicable to autodialed and prerecorded calls to wireless numbers and residential landlines, identify wireless numbers,  and ensure compliant call handling before dialing?

(3)          Treat autodialed texts the same as any autodialed call to a wireless number?

(4)          Keep records of “prior express written consent” to receive autodialed calls or texts, or prerecorded calls, with name and associated telephone number of consenting party, and consent language?

(5)          Incorporate prior express written consent language to receive telemarketing calls and texts in your standard contract for services?

(6)          Scrub your call list at least monthly against the National Do-Not-Call Registry?

(7)          Maintain a current Company-specific Do-Not-Call List?

(8)          Place a telemarketing call to someone on a Do-Not-Call list who contacts a customer service center and requests a call back?

(9)          Discontinue placing calls to a requesting party no later than 30 days after receiving a Do-Not-Call Request?

(10)          Okay to place autodialed or prerecorded debt collection calls to someone who leaves their cell phone number on an application for service or an admission form?

(11)          Avoid calls to reassigned wireless numbers once reassigned even if intending to call the person to whom it was once assigned? 

(12)      Know whether your dialing equipment has the “capacity” to store or produce numbers using a random or sequential number generator and to dial those numbers, even if capacity isn’t utilized?


BONUS vicarious liability points:  Manage your risk by outsourcing outbound telemarketing to an outside vendor and “lead generator” who guarantees TCPA compliance, works on a commission for sales basis, and will agree to indemnify for losses?


ANSWERS (We won't force you to turn to p. 73):

1.            DO

2.            DO

3.            DO

4.            DO

5.            DON’T

6.            DO, unless you have verified that calls are to someone with an established business relationship as defined in the TCPA Rules.

7.            DO

8.            DO (an express invitation under FCC rules).

9.            DO

10.          DO

11.          DO

12.          DO

BONUS:  DON’T (without more protection, including demanding proof of adequate liability coverage covering TCPA liability)

Labels: , , , , ,

Wednesday, March 2, 2016, 3:08 PM

Draft of Text of EU-U.S. Privacy Shield Released

The U.S. and EU are one step closer to implementing the new EU-U.S. Privacy Shield.  The European Commission and U.S. Department of Commerce yesterday announced the release of the legal texts that will put in place the EU-U.S. Privacy Shield, a new framework of rules governing transatlantic data flow.

Continue reading (

Labels: ,

Rebuilding Trust with the Europeans After Snowden: Obama Signs New Privacy Law

The U.S. and E.U. are one step closer to entering into a new data transfer agreement. On Wednesday President Barack Obama signed into legislation the Judicial Redress Act, giving citizens of certain allied countries, including E.U. countries, recourse in U.S. courts to protect their personal data.

The Act allows foreign citizens to take legal action against some U.S. government agencies if the agency misuses their personal information. The Act would give European citizens procedural privacy protections similar to those available to U.S. citizens under the Privacy Act of 1974 for personal information transferred to the U.S. through international law enforcement channels.

Keep reading on

Labels: , ,

Live From ‘Frisco…It’s Ted Claypoole!

Live before a studio audience” works well for “Jeopardy” and “Saturday Night Live.” Now, Womble Carlyle attorney Ted Claypoole is going to see how the concept works for Internet privacy law. Claypoole will discuss “The Gasping Death of the ‘Reasonable Expectation of Privacy’ Standard” at the upcoming RSA Conference in San Francisco. The presentation will take place in front of a live audience at the RSA on-site recording studio and the video subsequently will be published at

The presentation takes place Wednesday, March 2nd.

Labels: , ,

FDIC "Framework for Cybersecurity" Highlights How Financial Institution Information Security Programs Can Better Respond to Evolving Cyber Threats

Authored by Doug Bonner

Every regulated financial institution that needs to maintain an effective information security program under Gramm Leach Bliley should not only ensure that it is complying with all banking regulations, but regularly evaluating banking industry best practices for Cybersecurity.  The FDIC in February 2016 published a "Framework for Cybersecurity" that provides financial institutions a valuable sanity check about what best practices, from the FDIC's perspective, should be followed, and what government and industry resources are available for banks, both large and small to counter cyber threats.

Our linked client alert discusses highlights of the FDIC's recent "Framework for Cybersecurity".

Labels: , , ,

back to top