'They signed up on a form' is not a complete answer to a TCPA lawsuit. The question is not whether the consumer gave their phone number somewhere. The question is whether the specific consent they gave was legally adequate for the specific calls you're placing — and whether you can produce the documentary proof in court.
Two Standards of Consent Under TCPA
Prior Express Consent (Informational Calls)
For calls that are not telemarketing — appointment reminders, account notifications, transactional confirmations — only 'prior express consent' is required. This can be established by the consumer providing their phone number in a context that indicated related calls were expected.
Prior Express Written Consent (Marketing and Sales Calls)
For any call that constitutes telemarketing or solicitation — including insurance sales calls, cross-sell offers, and new policy quotes — the FCC's 2012 order requires prior express written consent. This is the standard that applies to most insurance outbound calling.
The Six Required Elements of Valid Consent
All six must be satisfied:
- Written agreement: Electronic records satisfy this under the E-SIGN Act (15 U.S.C. § 7001)
- Consumer signature: Form submission, click-to-accept, or typed signature all potentially qualify
- Specific authorization: Must name your company specifically (generic 'insurance partners' is increasingly insufficient under the 2025 one-to-one consent rule)
- ATDS disclosure: Must disclose the consumer is agreeing to receive calls using an ATDS and/or prerecorded voice
- Not a condition of purchase: Must state consent is not required to buy goods or services
- Contact number specified: The number must be the one the consumer provides on the consent form
"Courts have rejected consent documentation that showed only the current form language without evidence of what the form said at the time of submission."
What Consent Documentation Must Contain
In a lawsuit or FCC inquiry, you need:
- The form itself: A copy of the web form or electronic agreement as it appeared at the time of submission
- Consumer-provided data: Name, phone number, and date/time of submission
- IP address and timestamp: Server-side proof that a real person completed the form
- Source URL: The page where consent was captured
- Form version: The exact text of the consent disclosure on the date of submission — not the current version
The One-to-One Consent Rule: What Changed in 2025
Effective January 27, 2025, the FCC's new rule (FCC 23-107) requires that a single consent form cannot cover calls from multiple unrelated companies. Each company that intends to call must be individually named in the consent disclosure.
For agents buying leads: any lead purchased before January 27, 2025 under old multi-party consent should be treated as potentially lacking valid consent for ATDS calls. Manual dialing may still be permissible; autodialed campaigns require fresh consent.
How to Build a Defensible Consent System
- Build a consent form with legal review: Have a TCPA attorney review your lead forms before they go live
- Implement server-side logging: Log timestamp, IP address, form URL, and form version on every submission
- Match consent records to phone numbers: Every mobile number must have a matching consent record
- Set a consent staleness policy: Re-evaluate consent older than 2 years
- Train agents on consent limitations: Consent must pre-date the call
Consent From Lead Vendors: What to Ask
Before purchasing leads, ask every vendor:
- Does the consent form specifically name my agency?
- Will you provide a copy of the consent form version live when each lead was captured?
- Do you log IP addresses and timestamps for every submission?
- What is the date range — are any leads older than 2 years?
- Have these leads been sold to other companies, and how many?
Clean Leads 365 provides consent documentation detail with each lead record →
