Sixty-nine percent of consumers across all age groups would like to be able to contact a business via text. But before you start texting all your customers, there are some rules that you need to follow. Here’s a rundown on what you need to know when texting consumers.

What Is a Marketing SMS Text Message? 

A marketing SMS text message is a message you send via SMS or MMS. Your message is received on your customers’ phones after they opt-in to receive texts from you (“opt-in” being the operative word).

It is against the law to send unsolicited messages via text, email, carrier pigeon, telegraph, fax or other means of communications, and your customers must opt-in in writing before you can send them SMS or MMS messages. 

(If you want more information about what SMS/MMS messages are and how to effectively use them, check out 5 SMS/MMS Best Practices, How to Use Text Message Marketing and Generating ROI with SMS.)

Who Regulates SMS Messages?

The Federal Communications Commission (FCC) passed the Telephone Consumer Protection Act (TCPA) in 1991 in response to growing complaints about telemarketing calls, especially those that used robo dialers. Over time, the legislation has expanded to include SMS and email marketing. 

In addition, the industry has developed guidelines and best practices to help marketing companies navigate the world of digital and cyber marketing. 

The Mobile Marketing Association (MMA) issued the U.S. Consumer Best Practices, which summarizes the TCPA provisions, and expects members of the MMA to adhere to the best practices and the regulations. 

While there are no legal enforcement provisions, members who do not adhere to the code of conduct can be removed from the association, and face reputational damage. 

And because people can shop from anywhere now, if you do business with consumers in the European Union, you also need to be aware of the EU’s General Data Protection Regulation, (GPPR), the strictest privacy and data security regulations in the world.

SMS Compliance Laws You Need to Know

In simple terms, the TCPA states before a business can send marketing messages to a consumer, that business must get express written consent from the consumer. Consumers can specify what kind of communications they want to receive. They can also opt out, and that wish must be respected.

Opt-In

Consumers must give written consent before anything can be sent by SMS/MMS. Consent can come in different ways, for example:

• Consumers respond to a call to action (CTA). Something like “TEXT 123 to join our VIP program and receive 10% off your purchase today.”
• Customers scan a widget or QR code that allows them to opt-in by providing their phone number.
• Consumers provide a phone number in response to an email, a pop-up on the website or a prompt during a physical or digital purchase. 

Check out our article on what opt-in locations are effective for SMS.

Confirmation

Once the initial opt-in has occurred, it is important to send a response that requires the consumer to confirm they are aware they are opting in to receive marketing messages, that they can unsubscribe at any time and there may be additional charges to receive SMS/MMS messages. 

(In practice, every provider across the globe allows SMS messages, but not all of them accept MMS. Both SMS/MMS are considered text messages, so it won’t eat into data plans.)

Timing

The TCPA states SMS campaigns can be sent from 8 a.m. to 9 p.m. in the recipient’s timezone. It can be difficult to know a user’s location, and area codes are not a reliable indicator. So, practically this means 8 a.m. to 6 p.m. Pacific Time. That includes weekends and holidays.

Opt-Out

Consumers have the right to opt-in for all, some or none of the marketing messages. 

For example, they can opt in for delivery notifications and order updates or appointment reminders and opt-out of the marketing messages. They can opt-in for SMS and opt-out of email or vice versa. They can also change their minds and opt-out at any time. Businesses must honor consumers’ wishes. 

Every SMS message should include instructions that give consumers a way to opt-out just by replying to the message with “STOP,” “CANCEL”, “END” or a similar keyword. Opt-out should be immediate.

Consumers also have the right to be placed on a “do not contact” registry, and businesses must comply with that request as well. 

GDPR

People shop from all over the world, and area codes may not tell the full story, so it’s good to be aware of the EU guidelines, especially if you allow international orders. 

The GDPR applies to all personal identifiable information that could allow a person to be directly or indirectly identified. That includes name, address, phone number, customer number, etc. 

If you process data you must follow seven principles, including transparency, only using the data for what you need it for and for what the person agreed to, ensure that data is kept safe and secure and you must be able to show compliance at any time on demand. 

There are also strict rules about what constitutes consent and opt-in, and under what circumstances you can use the data in the first place. If you adhere to GDPR guidelines, you will be compliant with any regulations anywhere else in the world. 

The regulations themselves are more than 88 pages, so take some time to study them. Not only are they the most comprehensive, they are also expensive if you mess up: “There are two tiers of penalties, which max out at €20 million or 4% of global revenue (whichever is higher), plus data subjects have the right to seek compensation for damages.”

SMS Compliance Checklist: 7 Tips 

To sum up, here is a quick list of things to keep in mind:

1. Consent: Before you send so much as a smiley face, you need to have written consent from your customer that you can send messages via SMS or MMS. It’s not enough for them to provide their phone number--they need to agree in writing how you may use it. 
2. Transparency: Be very clear about what customers are signing up for, how you will use their information, how often they will receive messages, and that there could be additional charges.
3. Accuracy: Make sure you keep track of who opted in and just as important, who opted out. If the GDPR comes calling, you need to be able to prove compliance on the spot. Remember, providing a phone number is not consent. You must have written consent that they agreed to receive marketing messages. 
4. Opt-out: You must tell customers they have the option to opt-out at any time, even after they have opted in. In addition, every SMS message needs to include an opt-out keyword they can reply to a message with to stop receiving messages.
5. Timing: The TCPA allows you to send SMS texts from 8 a.m. to 6 p.m. Pacific Time only.
6. Integrity: This is a GDPR requirement, but it’s a good rule of thumb: Treat the customers’ information with respect and safeguard it. If there is a breach (and it happens), take ownership and tell people right away. 
7. Limitation: Another best practice that will make you GDPR compliant: Your customers are entrusting you with their information. Do not sell it to others, don’t use it for anything other than what they are agreeing to, and if they opt-out, do not keep the information forever. 

Final Thoughts 

For many people, their mobile phone has become their primary means of communication. When they give you their cell number, they are trusting you with their personal information. 

Before you send any form of communication by SMS/MMS, make sure you are following all the rules. Not only can you be subject to hefty fines if you don’t, but it could cost you much more than that in terms of your reputation. 

When you violate a customer’s trust in you, you may never get it back, and that kind of word tends to spread. Follow these guidelines and add a powerful tool to your marketing toolbox with SMS.