SMS Laws, Regulations, & Abuse Prevention
Because SMS messages are one of the most direct ways to reach customers and users, going directly to the user’s phone, regulations must exist that prevent brands from abusing or over-using this relationship, and fines for violations could cost thousands of dollars.
This article is not intended to provide, nor may it be relied upon as providing legal advice. The use of SMS is subject to specific legal requirements. To ensure that you are using the SMS Services in compliance with all applicable laws, you should seek the advice of your legal counsel.
The Six Rules to Get Compliance Right
In general, we encourage using your best judgment when approaching SMS sending. Braze, as well as our sending partners, have checks in place that prevent most SMS abuses.
There are the six rules you should follow:
- Obtain explicit consent from users before sending them SMS. Whenever users provide consent, it’s your responsibility to log, update, and maintain that information in a compliant user database. According to basic legal guidelines, the most important information you need to retain regarding consent is:
- The time and date the user gave consent
- The type of SMS messaging they consented to
- The users’ phone number
- The language in which they opted-in
Clearly communicate the types of SMS you’ll be sending. Users should understand what messages to expect from your brand in this channel and the kinds of information or offers they’ll be receiving. Explicitly state the purpose of your future campaigns, message frequency, and remind users that message/data rates apply.
Only send SMS to legally obtained, opted-in phone numbers. As part of technical migration planning, ensure that your team understands the mechanism for tying opt-in statuses to each and every user profile in your customer engagement platform.
Ensure SHAFT compliance in the US and other relevant regions. Sending SMS messages that contain language around sex, hate, alcohol, firearms, and tobacco (SHAFT) is generally considered to be illegal in the US and some other regions.
- Double-check everything. Work with your legal team to ensure that your SMS program is fully compliant with all applicable rules and regulations for the regions your brand operates in.
Here are some links you might need to consult as you build up your SMS campaign:
- CTIA’s Messaging Principles and Best Practices for 2019
- Twilio’s Guide to US SMS Compliance
- IBM’s Introduction to SMS Compliance
Considerations for Compliance
Data and Privacy
A customer’s privacy is key to a meaningful and respectful relationship. Respecting a customer’s privacy and information is just another opportunity to create a bond between them and your brand. Sometimes, using marketing tools can put data and privacy last.
Opt-in, help, and opt-out options are an absolute must when creating SMS campaigns.
The Telephone Consumer Protection Act (TCPA) mandates that a business must receive “express written consent” to send customers messages - you can do this in a multitude of ways, including web or mobile. You must be clear with the customer about how you intend to use SMS to communicate with them.
Remember to comply with the National Do Not Call Registry.
Braze uses Subscription Groups to manage groups of users based on their level of consent.
Spam and Cadence
Similar to email, your users or customer can experience inbox burnout. But this is only one reason not to relentlessly message your customers. You should look specifically at Section 5 of the FTC Act to ensure compliance (in the U.S.).
Some spam considerations are built into SMS capabilities in general (long and short code sending limits), as well as Braze’s rate limits. However, you should still consider compliance laws when planning your campaigns.
This can be a tricky one, but when in doubt, avoid topics that involve violence, sex, drugs, tobacco, or other paraphernalia. Be wise when sending messages regarding these topics—you may still be charged for messages that are blocked by various carriers.
The CTIA recommends that you ensure SHAFT compliance, which defines the following topics as generally “illegal” when messaging in the United States:
Please ensure you comply with the TCPA, which dictates that you shouldn’t send messages during late hours. Refer to the regulation’s contents for exact hours. However, you shouldn’t send messages that late anyway—don’t you want high engagement?
Most of these best practices apply to guidelines set forth in the United States of America. If you’re reaching customers outside of U.S. regions, please research best practices and laws in those areas. It’s always a best practice to act in a way that adheres to the most stringent regulations, which are usually applied in the United States, Canada, and countries part of the European Union.