Several laws in the US and Canada regulate communications between businesses and their customers. These laws include, but are not limited to, the TCPA, CAN-SPAM, and CASL. Additionally, the US wireless communications industry has published principles and best practices regarding text communications. The underlying goal of these regulations and best practices is to protect consumers against unwanted communications. Weave is your partner in understanding these requirements and ensuring that your messages are delivered to your customers with minimal disruption.
The following information regarding these laws is not legal advice and is provided for information purposes only. You are encouraged to seek competent legal counsel for specific guidance related to compliance with these laws.
TCPA
The US Telephone Consumer Protection Act (TCPA) regulates telemarketing calls, auto-dialed calls and text messages, artificial or pre-recorded calls, and unsolicited faxes. The TCPA requires prior express consent to send text messages to customers. While there are some exemptions to TCPA requirements for certain healthcare-related communications under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), TCPA requirements still apply to marketing communications and any other non-healthcare-related communications. For example, text messages that contain marketing or advertising content require you to obtain prior express written consent from your customers.
You can learn more about the TCPA from the Federal Communications Commission’s (FCC) FCC website.
TCPA exemptions for healthcare providers
The TCPA provides exemptions specifically for healthcare-related calls and text messages which apply to HIPAA-covered entities, created by the FCC in its Declaratory Ruling and Order on July 10, 2015. Under one exemption, calls or texts made by or on behalf of a covered entity or its business associate and which have a healthcare treatment purpose do not require the prior express written consent of the receiving party. Such calls or messages include:
- Appointment and exam confirmations and reminders
- Wellness check-ups
- Hospital pre-registration instructions
- Pre-operative instructions
- Lab results
- Post-discharge follow-up intended to prevent re-admission; prescription notifications
- Home health care instructions
The following additional conditions for each exempted voice call or text message, made by or on behalf of a healthcare provider, must be met:
- Call or text messages must be sent only to the mobile number provided by the patient.
- Name and contact information of the healthcare provider must be stated at the beginning of each call or included in each text message.
- Limit calls and text messages to one per day and no more than three calls or text messages per week.
- Calls and text messages must comply with the HIPAA Privacy Rule.
Despite these exemptions, you should always discuss with your customers what information may be communicated via text, especially sensitive information. It is important to note that texts related to accounting, billing, debt collection, or that contain other financial content or texts that include advertising content are not part of this exemption. Additional details can be found in the FCC’s July 2015 Declaratory Ruling and Order.
CAN-SPAM
The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) establishes requirements for commercial emails and gives recipients the right to have you stop emailing them. CAN-SPAM applies to all commercial email messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” CAN-SPAM’s primary requirements include:
- Email header and routing information must be accurate and identify the person or business who initiated the message.
- The subject line should not be deceptive and must accurately reflect the content of the message.
- Messages must be identified as an ad.
- Messages must include your valid physical postal address.
- Messages must include a way to opt-out of receiving further messages.
- Honoring a recipient’s opt-out request within 10 business days.
You can learn more about CAN-SPAM from the Federal Trade Commission (FTC) website and the FTC’s compliance guidelines .
CASL
Canada’s anti-spam legislation (CASL) regulates commercial electronic messages (CEM) that are sent to or by Canadians. A CEM is any electronic message (including a text or email) that encourages participation in a commercial activity. For example, a CEM would include a text or an email that offers to provide a service or a product (including a text or email that contains a coupon or describes a promotion). CASL does not apply to a pure service message (such as a simple reminder of an existing appointment), unless the message also encourages participation in a commercial activity (such as a reminder of an existing appointment which also promotes a sale on other services).
Key requirements of CASL include:
- Before sending a CEM, the sender must have express consent or implied consent from the recipient, or fall within one of the exemptions specified in CASL. You can learn more about the requirements for express and implied consent and exemptions here.
- Unless the sender has a complete exemption from CASL, the CEM must include (1) the name by which the sender carries on business, if different from its name, and if not, its actual name, (2) the sender’s mailing address and either a phone number or an email address or web address, valid for 60 days, and (3) an unsubscribe mechanism that allows the recipient to opt-out of receiving all future CEMs.
- The unsubscribe mechanism must be available to the recipient without cost, be easy to use, and must use the same electronic means as the CEM. The sender must process an unsubscribe request without delay, and in any event within 10 business days.
- CASL regulators expect senders to have a CASL corporate compliance program and CASL training materials. CASL also imposes certain record-keeping requirements relating to express consents, implied consents, opt-outs, and CEMs. Weave does not maintain those records for you. For information on these requirements, see the links provided below or speak with your lawyer.
You can learn more about CASL from the Canadian government’s overview and frequently asked questions.
CTIA Messaging Principles and Best Practices
The CTIA, an organization representing the US wireless communications industry and companies throughout the mobile ecosystem, has developed and published Messaging Principles and Best Practices (Principles and Best Practices). The Principles and Best Practices reflect the wireless industry’s efforts to preserve trust in the messaging services provided by mobile network operators (MNOs), such as Verizon, AT&T, and T-Mobile. The Principles and Best Practices also support a wireless messaging community where message senders and consumers can exchange wanted messages and while still protecting consumers from unwanted messages, in conformity with applicable laws and regulations, such as TCPA and CAN-SPAM.
The Principles and Best Practices include parameters for facilitating business text messages, also known as “non-consumer” or “Application-to-Person” (A2P) messages, such as those sent by Weave subscribers through the Weave service. Regardless of regulation, the CTIA recommends that all A2P message senders should take the following actions to maintain consumer confidence in messaging services:
- Obtain a consumer’s consent to receive messages generally.
- Obtain a consumer’s express written consent to specifically receive marketing messages.
- Ensure that consumers have the ability to revoke consent.
Consent may vary on the type of message content exchanged with a consumer. The Principles and Best Practices provides examples of the types of messaging content and the associated consent that should be expected for A2P messages.
10DLC Brand and Campaign Registration
In addition to the CTIA Principles and Best Practices, the mobile network ecosystem has been working to find ways to better support businesses sending A2P messages to consumers and reduce the number of spam text messages that consumers receive. In 2021 the MNOs began implementing standards to register and validate businesses that send A2P messages using 10-digit long codes (10DLC) (a 10-digit telephone number designed for A2P messaging). This is referred to as “brand” and “campaign” registration and validation. Providing visibility into the source and content of A2P messages allows the MNOs to provide more reliable and trustworthy messaging services. Businesses that send A2P messages via 10DLCs are required to register their brand and messaging campaigns through their service providers, like Weave, to take advantage of increased messaging deliverability and throughput, and avoid potential fees or disruption to texting services. Businesses that are registered and verified with the MNOs are less likely to be flagged for sending spam messages. You can find more information about these requirements here.
Your Responsibility to Use Weave in Compliance with the TCPA, CAN-SPAM, CASL, and other best practices
Weave text and email features have been designed with features to support you in complying with the TCPA, CAN-SPAM, and CASL and enable you to make the most of your communications with customers. However, primary responsibility for compliance with TCPA, CAN-SPAM, CASL, and other best practices rests with you. You are responsible for the communications that you cause to be sent through the Weave service and for ensuring that those communications comply with all applicable laws. This includes, but is not limited to:
- Obtaining, documenting, and tracking customer consent.
- The content and frequency of communications.
- Promptly honoring opt-out and withdrawal of consent requests.
More details on your responsibility for compliance with laws and regulations can be found in Weave’s Terms of Service.
Weave has implemented the following features which support you in complying with the TCPA, CAN-SPAM, CASL, and the CTIA Principles and Best Practices:
Text messaging
- All automated texts have opt-out instructions appended to the end of the message. Additionally, regardless of the type of text message, the standard "STOP" reply will automatically unsubscribe customers from further text message communications. You can learn more about how customers can opt out of texts here.
- Our default text message templates include the name of the subscriber (e.g., "Hello {first name}, this is {subscriber name}"). These templates can be modified by you to include additional information, including contact information, message frequency, and applicable terms and conditions.
- Weave is your partner in registering and validating your 10DLC messaging brand and associated messaging campaigns with the MNOs and their partners. The majority of our existing subscribers’ brands and campaigns are already registered and validated. New subscribers are registered and validated during the onboarding process.
Email marketing
- Weave’s email marketing tool includes the following information as standard at the bottom of every email campaign:
- Unsubscribe instructions and automatic opt-out when requests are received
- Business and contact information, including postal address
- Required email subject and “From” email address for every email campaign.
Keep in mind, we aren’t your lawyers, so we cannot give you legal advice. Compliance with the TCPA, CAN-SPAM, CASL, and other applicable laws, regulations, or best practices will depend on your particular use case and context. This information should not be relied upon as legal advice or to determine how legal requirements apply to your use of the Weave service. We encourage you to seek guidance from your legal counsel regarding the requirements of TCPA, CAN-SPAM, and CASL and other relevant laws and regulations to ensure compliance.