Understanding compliance requirements

Mobile text messaging is regulated by the FCC, under the TCPA (Telephone Consumer Protection Act). Best practices and compliance guidelines are compiled and monitored by the CTIA, which creates compliance requirements, publishes a handbook detailing these requirements, and audits messaging programs for compliance with its standards.

To create and maintain compliant text-messaging campaigns:

• Stay up to date
• Obtain written consent
• Review content carefully
• Protect privacy and security

Tip: Messaging services are subject to a number of legal and regulatory requirements. Be sure to consult an attorney before implementing a text-messaging campaign.

Staying up to date

To stay abreast of messaging regulations, go to the FCC website (https://www.fcc.gov).

For more information on text messaging requirements:

• Go to the CTIA website (https://www.ctia.org) and search for the Messaging Principles and Best Practices guide, which provides voluntary guidelines for text-messaging programs.

• Go to the CTIA's Short Code Registry website (https://www.usshortcodes.com), where you can find the Short Code Monitoring Handbook in the Learn more - Resources section.

Note: The use of short codes is monitored by the CTIA. Penalties for violations include correcting or changing a company's message content and suspending a company’s use of assigned short codes. If you are audited by CTIA, you can contact your Upland customer success manager for assistance.

Obtaining written consent

Your text messaging campaign must have a process for obtaining written consent to receive your messages (opt-in) and a written confirmation of consent (second opt-in). This process is referred to as a double opt-in path.

Your campaign must also offer a process for refusing or canceling messages from your promotional campaign (opt-out).

Your customer success manager can help you design a messaging campaign that complies with the opt-in/opt-out requirements and maintains accurate records of opt-in and opt-out requests. This ensures that your campaign always distributes messages to mobile users who are currently opted in to the campaign and prevents you from sending unwanted messages to users who have opted out or who have not fully opted in.

Your carrier may have additional requirements designed to protect users from unwanted messages.

Tip: If your carrier requires pre-approval of your messaging campaign, be sure to vet any changes to your campaign with your carrier before implementing them.

Reviewing content carefully

Even after you have secured the user's consent and established a relationship for your promotion, the content of your messages continues to be regulated by CTIA guidelines. Your carrier may also have messaging standards that you must meet.

• Some carriers have special requirements for programs marketing to children under 13 and prohibit contests and sweepstakes.

• You'll want your messages to be impactful and entertaining but, to remain compliant, avoid explicit references to violence, profanity, hate speech, gambling, illegal drugs, etc.

  Tip: Establish review processes to ensure that you avoid messages with non-compliant content, summarized as SHAFT: sex, hate, alcohol, firearms, and tobacco. Penalties for violations include correcting or changing a company's message content and suspending a company’s use of assigned short codes. For more information, go to the CTIA's Short Code Registry website (https://www.usshortcodes.com) and consult the Short Code Monitoring Handbook in the Learn more - Resources section.

Be mindful that non-compliant messages may spark an audit from the CTIA. If you like to keep it edgy, you may want to review your messaging with your Upland customer success manager.

Note: Your content must comply with state and federal laws. Where there is a conflict, the federal law applies. Be sure to consult an attorney before implementing a text-messaging program.

Avoiding common mistakes

Review your content to ensure that you avoid common mistakes:

• Double-check links added to your messages, to ensure that they are correct. Don't conceal your company’s identify as the source of the message.
• If you use a URL shortener, make sure that the web address and IP address are dedicated to the exclusive use of your company, identify the name of the site owner, and include accurate contact information for the site owner. If you include a phone number, be sure to clearly identify the owner or company owner of the number within the message.
• If you have age or location requirements for your campaign, make sure your opt-in options include age verification or ZIP confirmation.

Protecting privacy and security

To protect your customers from unwanted intrusion by spammers and spoofers, have a security policy in place that protects users’ data from unauthorized access or disclosure.

• Develop a privacy policy that clearly describes how you will collect, use, and share information from users and make your policy available to users in your campaign’s initial messages.
• Consult with an attorney to ensure that your privacy policy is consistent with the applicable law.
• Check with your carrier, which may have additional privacy requirements.

Tip: Schedule a regular risk assessment of your privacy and security policies.