SMS compliance/Text messaging laws by state

Text messaging laws by state: Best practices and penalties

Explore detailed text messaging laws state-by-state, including federal regulations and compliance tips for businesses.

Precious Oboidhe
Precious Oboidhe wrote in
August 8th 2024

Latest data by Statista shows a 96% penetration rate of smartphone users in the United States. This presents an incredible SMS marketing opportunity for businesses, but also opens the door to privacy violations.

To keep users safe and prevent spam, the federal and state governments have passed several laws. Complying with these laws will save your business a lot of money and preserve your reputation. 

In this article, we’ll cover both the federal text messaging laws and 10 state-specific laws. You’ll learn about their requirements, penalties for non-compliance, and best practices to maximize the ROI of your telemarketing campaigns.

⚠️ This advice is for informational purposes only and is neither intended as nor should be substituted for consultation with appropriate legal counsel and/or your organization’s regulatory compliance team.

Federal text messaging laws

Federal regulations provide a solid framework to meet minimum legal requirements nationwide. Besides state-specific laws, these regulations protect consumer rights and help you avoid severe penalties. 

Telephone Consumer Protection Act (TCPA)

Passed by Congress in 1991, the Telephone Consumer Protection Act (TCPA) restricts intrusive telemarketing methods, such as auto-dialers and prerecorded messages. Businesses must first get consumers’ signed permission—a.k.a. express written consent—before engaging in such practices.

TCPA’s monetary fines cost up to $500 per unsolicited message or call, but can escalate to $1,500 for willful violations. Violators may also face hefty class-action settlements for implementing a widespread unsolicited text campaign.

CAN-SPAM Act

The CAN-SPAM Act applies to all email messages that advertise commercial products or services. It also covers responsibilities when using third-party email marketing, i.e., when another company handles a business’s email marketing. Here are some notable requirements:

  • Accurate headers
  • Transparent subject lines
  • Ad disclosure 
  • Physical address
  • Opt-out mechanism

Non-compliance penalties can be severe, up to $51,744 per email, with possible criminal charges for offenses like email address harvesting.

Best practices for federal law compliance

The following tips will help your business stay compliant, avoid fines, and streamline processes without unnecessary complexities.

  • Prepare detailed records of consent acquisition, including dates, methods, and recipient details.
  • Use secure databases to safeguard consent records from unauthorized access or manipulation.
  • Send a confirmation message immediately after opt-in to verify recipients’ intent.
  • Allow recipients to unsubscribe via multiple channels (e.g., reply text, web form, toll-free number).
  • Maintain an opt-out do-not-contact list to streamline campaign management and keep your contact list up-to-date.

Audit your SMS and email practices regularly to identify and rectify potential compliance gaps. Following that, attain full compliance on all fronts by addressing text messaging laws by states.

example of a text that displays an opt out option.

State-specific text messaging laws

State laws can be more stringent than federal laws in consent requirements, opt-out procedures, and violation penalties. Here are 10 states with strict rules that address local concerns and protect residents from aggressive marketing tactics and data misuse.

Arizona

Arizona’s House Bill 2312 mirrors the TCPA by mandating prior consent for automated communications. However, it explicitly classifies offenses as Class 2 misdemeanors, meaning violators could face criminal charges, fines, and potential jail time.

House Bill 2498 extends Arizona’s Do-Not-Call Registry to text messaging. It bars businesses from sending unsolicited texts to numbers in the registry unless exempted under federal law or specific circumstances.

California

The California Consumer Privacy Act (CCPA) grants residents the right to know the personal information collected, used, and shared about them. They can also request that it be deleted and not sold or shared. Marketers must disclose these practices, provide clear-cut opt-out methods, and respond to opt-out requests within 15 business days.

Connecticut

Connecticut’s Public Act No. 14–53 curbs unsolicited commercial SMS by requiring businesses to obtain prior express written consent. Similar to federal laws, it focuses on consumer privacy and the right to opt out of receiving unwanted messages. But this state regulation carries stiffer penalties, with fines reaching up to $20,000 per violation.

Florida

Florida-based businesses must get express written consent before using auto-dialing systems or playing recorded messages during calls under the Telemarketing Act. The law restricts calls to between 8 a.m. and 8 p.m. local time and caps calls on the same topic to three times within 24 hours. Also, it criminalizes spoofing phone numbers to conceal caller identities to prevent fraudulent telemarketing practices.

Indiana

House Enrolled Act 1273 amends the regulation of unsolicited text messages sent to residents listed on Indiana’s Do-Not-Call registry. The Indiana General Assembly now treats text messages (SMS), graphic messages, and multimedia messages (MMS) as forms of telephone sales calls.

New Jersey

Under New Jersey’s text message privacy law, A-617, businesses must get explicit permission before sending unsolicited ads. The consent form must include the recipient’s specific phone number. Violators face civil penalties of $500 for the first offense and $1,000 for each subsequent offense.

Oklahoma

The Oklahoma Telephone Solicitation Act of 2022 limits texting to three messages on the same subject within 24 hours and between 8 a.m. and 8 p.m. It exempts particular solicitations for religious, charitable, political, or educational purposes.

Virginia

Virginia amended the TTPA to modernize its regulatory framework in response to changing telecommunications practices. The term “solicitation calls” now includes text messages and applies to residents with Virginia and non-Virginia area codes.

Telephone solicitors must identify themselves by full name and the entity they represent. They can’t initiate calls to numbers on the National Do-Not-Call Registry and must comply with the calling time restriction (8:00 a.m. and 9:00 p.m. local time). 

Washington

The Consumer Electronic Mail Act outlaws sending promotional text messages to Washington residents without prior consent. The liability extends to any individual or entity participating in the transmission process.

For instance, if a data broker knowingly sells databases of Washington contacts to a corporation that delivers unsolicited SMS ads, this law holds both the data broker and the corporation accountable.

Wisconsin

The Department of Agriculture, Trade and Consumer Protection (DATCP) enforces Wisconsin’s Do-Not-Call laws to protect residents from intrusive telemarketing communications. Residents can register their phone numbers for free to prevent marketers from contacting them without prior consent. Registration is permanent.

Note: Federal laws usually take precedence over state laws in cases of conflict. However, some specific state laws have unique provisions that remain valid and enforceable. Knowing how these state-specific laws operate in your jurisdiction is crucial.

How text message types affect text messaging laws

Regulations vary when your text message is marketing-oriented or transactional. Marketing text messages are promotional. They advertise products, services, or events to persuade recipients to buy or take action. Here are the consent requirements for marketing text messages:

  • Voluntary opt-in from recipients
  • Explicit and documented consent (electronic, written, or voice recorded)
  • Disclosure of marketing messages, types (e.g., promo offers, product updates), and potential fees

Transactional text messages confirm a transaction the recipient has previously agreed to. This includes details of order confirmations, delivery notices, account updates, etc. The consent requirements include:

  • Implied consent based on existing business relationships or transactions
  • Optional explicit opt-ins or opt-outs

Marketing messages require more effort than transactional messages because of stricter consent requirements. Understanding these distinctions can help you classify your SMS texts correctly.

How-to guides for compliance

We created a detailed SMS compliance guide and checklist to help you minimize the risk of complaints and regulatory actions.

Federal compliance checklist

  • Familiarize yourself with TCPA and CAN-SPAM regulations.
  • Identify your message type and obtain consent for such.
  • Offer a clear, easy opt-out mechanism.
  • Keep records of consumer consent, opt-in/opt-out requests, and preference changes.
  • Educate staff on compliance requirements, obligations, and best practices.
  • Audit practices at least annually to maintain ongoing compliance
  • Refrain from sending unsolicited messages. Especially those that contain prohibited SHAFT content (sex, hate, alcohol, firearms, tobacco). 

State-specific compliance guide

Here’s a breakdown of the unique requirements and best practices for the text messaging laws by state.

  • Arizona, Connecticut, Florida, New Jersey, Washington, Wisconsin
    • Requirement: Prior consent for automated communications.
    • Best Practice: Offer educational resources or FAQs that explain what to expect and the benefits of opting in. When delivering electronic consent requests, refer to the E-SIGN Act
  • California, Connecticut
    • Requirement: Clear opt-out methods and quick response to opt-out requests.
    • Best Practice: Offer various opt-out options like a toll-free number, email, or online forms.
  • Arizona, Indiana, Virginia
    • Requirement: The Do-Not-Call Registry expands to include text messaging and other media.
    • Best Practice: Always update your contact lists against the National Do-Not-Call Registry and state-specific registries, preferably using automated compliance tools.
  • Florida, Oklahoma, Virginia
    • Requirement: Restricted calls to a specific local time range and limited times on the same topic within 24 hours.
    • Best Practice: Schedule automated systems to adhere to designated calling hours. It’ll also help track and limit call frequencies on identical topics.

Following these tips lets you comply with federal and state-specific SMS laws and avoid penalties.

Understanding penalties and consequences

The weight of non-compliance to text messaging laws is heavy. Financially, non-compliance with federal laws can range from $500 to $1500 per unsolicited message sent. Specific state sanctions can increase the final amount, depending on local regulations and enforcement measures.

Regulatory bodies can issue injunctions or cease-and-desist orders to halt unlawful communications until compliance is achieved. Such orders can disrupt your marketing. Plus, persistent intrusive messages without a care for consumer privacy can lead to negative publicity and loss of customer trust.

Web form showing necessary terms

Gaining user consent is vital to your SMS marketing strategy because it creates trust, respects consumer privacy, and guarantees compliance. Explicit consent builds a willing audience. Here’s how to obtain, manage, and document it.

Best practices for obtaining consent

  • Multichannel opt-in. Make your opt-in forms and disclosures accessible through various channels, such as websites, mobile apps, SMS, or email.
  • Double opt-in. Require consumers to confirm subscriptions to ensure the initial opt-in was intentional and to reduce accidental subscriptions.
  • Segmented consent. Provide options for users to choose their preferred message types (e.g., no promotions; updates only).

Managing and documenting consent

  • Centralized record-keeping. Maintain a centralized database to store consent records. 
  • Robust documentation. Document consent details, including date, time, method (online form, verbal, etc.), and message type.
  • Retention Policy. Set a clear retention policy for consent records in compliance with applicable laws and regulations. 
  • Automated opt-out confirmation. Send an immediate confirmation upon receiving opt-out requests to confirm removal from future communications.
  • Regular audits. Schedule periodic reviews to update consent records, verify opt-in statuses, and address discrepancies.

Note: SimpleTexting automates consent management. This simplifies obtaining and managing consent for your SMS campaigns. 

You can set up customizable embedded web forms, automate explicit opt-in collection (even double opt-ins), and self-clean dead numbers

Our built-in compliance tracking tools are also handy in monitoring adherence to text messaging laws by state

Key takeaways on SMS marketing compliance

  • Adherence to federal and state text messaging laws prevents penalties.
  • Sticking to the SMS regulations prevents a halt in effective customer communication. 
  • Obtaining customers’ explicit consent, managing opt-ins and opt-outs, and safekeeping detailed consent records is vital.

⚠️ This advice is for informational purposes only and is neither intended as nor should be substituted for consultation with appropriate legal counsel and/or your organization’s regulatory compliance team.