This article explains the major U.S. national regulations regarding text messaging communications, including both SMS and WhatsApp. It gives examples of best practices and how you can use Mogli in Salesforce to navigate this regulatory territory. Be sure to read about Canada's (here) and the European Union (here) text messaging policies.
Text messaging is a practical, relatively low-cost way to reach stakeholders across various industries, from financial services and education to commerce and nonprofits. Its efficacy comes not only from the convenience of cell phones and reaching people anywhere they go but from the variety of communications needs a text message can fulfill.
Mogli, for example, can:
These texts, of course, can include alerts, transactional updates, and announcements of events like your brand’s sales, but the possibilities with Mogli are so much more robust than traditional text marketing.
Furthermore, text messaging is the preferred and most popular communication channel amongst consumers due to stringent regulatory requirements that save them from spam text messages. These laws keep the channel clean and help preserve its advantages over other digital communications. Yet, companies who use text messaging must be diligent about compliance to avoid expensive penalties.
Federal laws and regulations state that businesses cannot intentionally or unwittingly text unsolicited spam text messages containing irrelevant marketing information, products, services, or other offers. Nor may businesses collect personal data for any purpose other than to engage and provide value to those recipients.
Below is an overview of the governing laws and the resource to align with best practices.
It quickly evolved to include text messaging, as well. The TCPA is still the primary law in the USA. It sets limits on telephone solicitations and the use of automated equipment requiring businesses to obtain explicit documented written consent before sending text messages. Even if a company already has a relationship with (or the phone number of) an intended recipient, it may only text message if it has opt-in consent. The only exception is a real emergency.
The takeaway: don't hit send on a text message to ask for opt-in. It's illegal. You can land fines between $500-$1500 for each infraction. This range depends on if you send the message knowingly or to what extent you abused information. An unsolicited text or call (yes, each call or text message) counts as a violation of the law, which can quickly amount to millions of dollars in penalty fines. In 2013, Domino’s Pizza famously paid close to $10 million for unsolicited text messages.
For example, if your car insurance company sends you a transactional text message, that could be fine. It’s illegal, however, for a car insurance company with which you don’t have any relationship to solicit one over text message without your explicit written consent, as discussed above.
Additionally, CAN-SPAM requires that any commercial message be readily identifiable as an advertisement by the text message recipient. Consumers must also be able to unsubscribe from text messages whenever they please.
The law governs both US-based and international countries and includes the following new privacy rights:
The CCPA applies to all for-profit businesses serving California residents with at least $25 million in annual revenue or personal data on at least 50,000 people. Additionally, if businesses collect more than half of their revenue from the sale of personal data, they must be CCPA compliant. However, if your organization is not defined by these two characteristics or you are a part of a nonprofit organization, then the CCPA does not apply to you.
To comply with CCPA, businesses must provide a clear opt-in and opt-out process for their clients and provide them with a “notice of collection." The notice of collection must disclose the type of personal information the business is collecting and how it is planned to be used. If the business sells personal data, the notice must contain a Do Not Sell link and a link to the business's privacy policy. If a company does not comply with CCPA, it can incur a fine of up to $7,500 per record.
The changes provide a more concise description of the regulations and clarify the shorthand language previously used. The following summarizes the updates made:
First, ask for consent. This consent to receive text messages on a mobile device can be collected wherever you gather information. Create TCPA-compliant paper, online, email, or website forms, or have your target audience text in a keyword to your organization over SMS or WhatsApp.
For any of these consent forms to be valid, organizations must clearly and prominently disclose a few pieces of information:
For example, one of your web forms could read, “Check this box to subscribe to text messages from us,” and provide hyperlinks to all the necessary disclosures. Additionally, if you plan on selling the personal data you have collected, CCPA requires that a separate opt-in checkbox is used titled “Check to permit sale of information."
Mogli highly recommends the keyword query form (or another data collection methodology) delivered over text message, as we’ve seen our clients ease administrative burdens and painfully low conversion rates of analog or online methods. Keyword queries are inbound marketing at its best. You can create a call to action on your website or other digital and traditional channels, including advertisements, inviting people to text in a keyword to your organization’s phone number.
For example, “Text in the word INFO to 555-555-5555 for more information about our loan / MBA / membership program.” When someone texts in, that’s the first opt-in. If you want to cover your bases (and we encourage you to), obtain double-opt-in by responding with something like, “We would like to send you one to four SMS messages from us per month. Is this okay with you? Please respond with YES or NO.”
If the person answers “YES,” this constitutes a double opt-in. Additionally, this active consent or relationship expires every 18 months. Use Mogli automation on Salesforce to regain opt-in 18 months from the initial day each user subscribes to your text messages.
What if the person doesn’t respond to your double opt-in request? Consider that an opt-out and read on.
No matter how amazing your product, service, or marketing is, there will always be someone who doesn’t want to receive commercial text messages. If you offered an opt-in or double-opt-in and the customer hasn’t responded, consider that an opt-out. It’s safest not to reach out to customers unless they are expecting it.
Your recipients can also opt-out of receiving text messages from you at any time by texting in words “STOP,” “QUIT,” “UNSUBSCRIBE,” “OPT-OUT,” or “CANCEL.” It’s important to make opt-out easy. The message carrier will see these messages and stop any messages from going out to that customer.
Mogli has an opt-out backup using standard Salesforce automation. This automation checks a box on Contact, Lead, or any other Object Record called the Mogli Opt-Out Checkbox, effectively blocking any text messages in Salesforce from being sent to that Contact, Lead, or other Object. For a more in-depth explanation and step-by-step instructions of the Mogli Opt-out automation, see our User Guide.
If your recipients live within the United States, just as with SMS, you need to comply with TCPA, CAN-SPAM, and state-specific laws. WhatsApp allows you to initiate text conversations only by sending transactional messages using pre-approved templates. If a recipient replies or starts a conversation with you, this “Customer Service Window” is a 24-hour window in which you may continue the conversation.
During this time, you’re able to deploy automated Mogli conversations you’ve configured within Salesforce. You still must clearly state how someone can access a human agent for further assistance. If 24 hours pass without receiving a text message from that recipient, you must return to your message templates to reopen communication.
Mogli helps clients with the template approval process and WhatsApp configurations, with the ability to customize automation that suits your Salesforce use case.
SMS compliance can be scary because mistakes can be expensive. If you start with the basic checklist below, you’re sure to add value to your customers.
What Y.O.U. Need to Know About E.U. Text Messaging Laws
All About Canada's CASL: Text Messaging Laws and Regulations
If you still have questions about compliance, feel free to reach out to us.
Please note that the following recommendations are for informational purposes only and are neither intended nor should be substituted for consultation with appropriate legal counsel and your organization's regulatory compliance team. The information provided is "as is" and may be updated or changed without notice.