Do Not Call policy: What businesses need to know
- A Do Not Call policy is required for any business making marketing calls or texts and is a core part of Do Not Call compliance.
- Maintaining an internal Do Not Call list and honoring requests promptly helps reduce regulatory risk and supports safe harbor protection.
- Failing to implement a compliant Do Not Call policy can expose organizations to TCPA lawsuits, including class actions with significant financial penalties.
With the rise of TCPA and telemarketing class action lawsuits, many organizations are reevaluating their approach to Do Not Call compliance. If your business uses phone calls or text messages for marketing, having a Do Not Call policy in place is essential.
A Do Not Call policy helps ensure that consumer preferences are respected and that your organization meets federal and state compliance requirements.
What is a Do Not Call policy?
A Do Not Call policy outlines how a company accepts and honors consumer requests not to be contacted. It also defines the process for maintaining and enforcing an internal Do Not Call list.
Maintaining a written policy and making it available to consumers upon request is a key component of establishing a safe harbor defense under the Telephone Consumer Protection Act (TCPA) and the Telemarketing Sales Rule (TSR).
When is a Do Not Call policy required?
Any company that places calls or sends text messages for marketing or sales purposes must implement written procedures to comply with national and internal Do Not Call requirements.
To meet Do Not Call compliance standards, organizations must:
- Accept and document Do Not Call requests
- Maintain an internal Do Not Call list
- Suppress numbers listed on the National Do Not Call Registry
- Apply established business relationship exemptions appropriately
What is the risk of not having a Do Not Call policy?
Failure to maintain a compliant Do Not Call policy can expose organizations to significant legal and financial risk. A Do Not Call policy is a core component of a compliance program and is necessary to support a safe harbor defense under the TCPA and the Telemarketing Sales Rule.
Without a compliant policy, businesses face increased exposure to:
- Regulatory enforcement
- TCPA lawsuits
- Class action litigation
Recent TCPA litigation continues to focus on failures related to consent, internal Do Not Call list management and employee training, with courts allowing claims to proceed where written policies are missing or not enforced.
Courts have increasingly treated Do Not Call policy requirements, including obligations under 47 C.F.R. § 64.1200(d), as enforceable standards. Businesses that fail to maintain written policies or properly train employees may face private lawsuits.
Under the TCPA, consumers may bring a private right of action and seek damages of up to $1,500 per violation. In class action cases, total exposure can escalate significantly based on the number of calls or messages and affected individuals.
Professional plaintiffs often target gaps in Do Not Call compliance, including failure to maintain a written policy or properly train employees.
What should be included in a Do Not Call policy?
A Do Not Call policy should clearly define how your organization manages consumer requests and maintains compliance.
At a minimum, it should include three key components:
1. Internal Do Not Call list management
A telemarketer must record each Do Not Call request with the consumer’s name and telephone number and add it to the internal Do Not Call list.
2. Timely processing of requests
Requests must be honored within a reasonable timeframe.
Under updated FCC rules effective April 2025, businesses must process Do Not Call requests within 10 business days, replacing the previous 30-day requirement.
3. Training and documentation
Organizations should:
- Ensure all telemarketing personnel understand the policy
- Provide regular training and updates
- Maintain records confirming that employees have reviewed and acknowledged the policy
In addition, companies must be prepared to provide their Do Not Call policy to consumers upon request and document those responses.
How do not call compliance connects to registration requirements
Do not call compliance doesn’t operate in isolation. In many states, organizations that engage in telemarketing are also required to register before accessing state do not call lists.
This means compliance isn’t just about honoring opt-out requests. It also requires:
- Registering as a telemarketer in applicable states
- Obtaining access to federal and state DNC registries
- Maintaining documentation to demonstrate compliant list usage
- Managing renewals and jurisdiction-specific requirements
Organizations often focus on suppression and opt-outs but overlook the registration requirements that enable lawful access to those lists in the first place.
For businesses operating across multiple states, these requirements can quickly become complex and difficult to manage without a structured approach.
How to strengthen Do Not Call compliance
To reduce risk and maintain compliance, organizations should:
- Regularly review and update their Do Not Call policy
- Monitor internal and vendor compliance
- Maintain detailed records of requests and responses
- Align processes with evolving regulatory requirements
How Wipfli can help
Wipfli helps organizations strengthen Do Not Call compliance by evaluating policies, processes and controls related to outbound communications.
Our services include:
- Do Not Call policy development and review
- Internal Do Not Call list management processes
- Compliance assessments and gap analysis
- Training and documentation support
- Ongoing advisory and regulatory guidance
To get help with your Do Not Call policy, learn more about our TCPA compliance services or our telemarketing registration support services.
