Skip to main content

4 Simple Steps to Comply with New DNC Registry Record Keeping

new regulations sign

By: Isaac Shloss – 4/24/2024 | Navigating Compliance with Clarity and Confidence.
Stay compliant by staying informed.


The FTC has released new rules around record-keeping related to accessing the Do Not Call Registry (DNC), and while these requirements do not appear to be onerous, they do seem to signal pending enforcement action.  

Let's break down the new requirements and how to easily comply with each.  

#1 – The Name of the Entity Which Accessed the Registry

Starting with perhaps the most confusing rule, we can focus on “entity” tracking.  Have you ever noticed in a contract that certain words are capitalized, and often seem out of place?  Well, for those who live and breathe contract revisions, this is commonplace.  Capitalization references a defined “term”.  For example, a contract may have the word “Company” defined at the beginning of an agreement to reference the selling entity and may use a word like “Customer” to reference the buyer.  This is important so that, when the word “Company” is used with a capital “C”, it refers specifically to the defined term of a “Company” whereas, in theory, the usage of that same word with a small “c” would reference that word as it exists in common language.  

For example:
This Agreement is between Contact Center Compliance (“Company”) and Widgets R Us (“Customer”).  The 'Customer' agrees to not share scrub results from 'Company' with any third-party company.  Capital “C” “Company” in that sentence refers to Contact Center Compliance, whereas lowercase “c” “company” refers to just any third-party business.

Thinking along those lines, I was hoping to see a term defined as “Entity” in the TSR.  Unfortunately, I could not find a clear definition.  Why is this important?  Let’s say Widgets R Us – our fictitious new customer – works with BPO X to handle their calling.  BPO X sees the value in running their scrubbing services through, so, using Widgets R Us’s SAN (seen #3 for more on that point), they conduct the scrubbing services.  Who is the entity in this situation?  Is it – the entity that accessed the registry, BPO X – the entity that initiated the scrub request, or Widget’s R Us – the entity that is the legal seller and owner of the SAN?  The answer is…..Unclear!  To be safe, we would recommend anyone in the “chain of custody” be tracked – in this case, all three entities.  While this may seem like more effort, effort tends to go a LONG way with the FTC.  From what I have read and heard, when the FTC comes knocking on your door, showing sincere efforts to be compliant does not go unnoticed.  

Remember, the FTC isn’t the Big Bad Wolf – they are the lumberjack hunting the wolves.  A sheep who makes a minor misstep does not see the same type of enforcement action (from what I have seen) as the truly flagrant bad-acting “wolves” of the telemarketing world.

#2 – The Date the DNC Registry was Accessed

When my children were growing up, I’d have the all-too-common argument of “You never let me do this” or “You always tell me ‘no’.”  When you ask for an example – just 1 time when it happened – the response is always, “Well, I don’t keep track.”  Infuriating!  The FTC agrees, which is why “I always scrub my leads” won’t be good enough. Every time you scrub that lead (which you may need to do regularly), keep a log.   If your dialer cannot track this, contact a member of our team to discuss how we can help with this record keeping process.

#3 – The Subscription Account Number Used to Access the Registry

This one may be one of the more interesting ones.  In February, we reported a story about a settlement between XCAST Labs and the FTC.  Interestingly, there was a heavy emphasis on prohibiting customers from scrubbing the Do Not Call Registry if they did not have a SAN number.  While I saw nothing in the FTC complaint that explicitly stated that XCAST had allowed that to happen at any point, I did speculate that perhaps the FTC suspected it.  I reported that, at Contact Center Compliance, we have been made aware of companies that are allowing this highly illegal process.  I still wonder if there was something in that case the FTC was aware of, or is this becoming a blanket warning they plan to issue ahead of a planned enforcement action?  Remember just last year the FTC launched a massive enforcement action against alleged bad actors in our industry.  Is something similar planned for 2024?

At the Contact Center Compliance Summit in Arizona this year, Michele Shuster briefly discussed SAN requirements.  She stated that, during an investigation, the SAN number of the seller is one of the first things that will be requested regarding a DNC complaint.  In her experience, anyone who states they have no SAN number immediately lose any ability to claim that they scrubbed against the DNC list.  Even if they had checked the list, they did not do so legally, and therefore it is not a valid scrub.

Storing your SAN is just as easy as storing proof of registration for any product or service.  It is important to note that the FTC is adding MFA requirements when accessing your account, but having a current and active SAN is a simple process that simply should not be overlooked or avoided.

#4 – The Telemarketing Campaign(s) for Which it was Accessed

Tracking the campaign may seem like overkill, but when you review the TSR wholistically, it makes a lot of sense.  A customer’s phone number can belong to any range of campaigns in an organization, and depending on the nature of the campaign, DNC rules may not always apply.  Additionally, there are restrictions that are almost never talked about anymore (i.e. call abandonment rates) which are tied to campaigns.  There are also requirements around storing calling scripts, advertisements, and various other promotional materials.  Furthermore, the modern contact center tends to keep records such as this for an extended period of time if, for no other reason, it should need to internally audit their own records.  If your platform lacks this tracking capability or you need help in this area, Contact Center Compliance can assist with that!

Finally, this ruling, perhaps inadvertently, shows the importance of aligning your business with an industry trade group that actively advocates on behalf of its members. This ruling references the PACE Association, which, at one time, was the voice of advocacy and education for contact centers in the United States.  These comments were drafted by Mac Murray & Shuster while Michele Shuster served as the PACE General Counsel.  As the Chair of Government Affairs for PACE at that time, it was an honor to work with her on these comments which were referenced 77 times throughout this article.  This also shows that, despite any feelings one might have towards the regulations imposed by the FTC and FCC, they DO sincerely consider comments presented during that process.  As I now begin my leadership role as Chair of Government Affairs for R.E.A.C.H., I look forward to the next chapter of industry advocacy!

Reach out to our team today if you have any questions on using the Do Not Call (DNC) Registry.  Contact Center Compliance was initially created to help customers comply with DNC regulations, which is why many in the industry refer to us by our website address! 

Stay compliant by staying informed of DNC's expert insights. 
Your one-stop shop for all things compliance.

Disclaimer: This content was created for informational purposes only; the information herein is not intended to be legal advice; anyone reading this should not act, or refrain from acting, upon any of the information herein without consulting an attorney.