Compliance with legal frameworks, such as the TCPA and HIPAA, may be fact- and context-specific. The information contained in this checklist should not be relied upon as legal advice or to determine how the TCPA or other laws or standards apply to your use of SMS and our service. This SMS compliance information is provided “as is” and may be updated or changed without notice. You may use this checklist for your internal reference purposes only.
SMS compliance is critical to staying on the right side of the law—and your customers’ trust. But it can be hard to know which standards your brand needs to adhere to, and what steps to take to reach compliance.
SMS Compliance for the Telephone Consumer Protection Act (TCPA)
The TCPA protects consumers from receiving messages that they don’t want to receive. It’s one of the most well-known regulations in the business SMS industry. TCPA text message compliance focuses on ensuring that your customers are ready and willing to message your brand. One of the most well-known requirements is that you ask customers to opt in before you message them.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA protects sensitive patient data. It applies to any business that works around the healthcare industry or uses SMS for healthcare. HIPAA compliance for text messages spans not only how businesses send messages, but how they store and protect electronic protected health information (ePHI). To follow the basic tenets of HIPAA compliance for text messages, you should be careful to message customers with administrative information only and take particular care when handling ePHI.
Service Organization Control 2 (SOC 2)
Service Organization Control 2 (SOC 2) is a new guideline created by the American Institute of Certified Public Accountants (AICPA). SOC 2 reports review the effectiveness of your business’s data security. Achieving SMS compliance with SOC 2 is an involved undertaking, requiring you to ensure that your customer data processes and workflows are well-documented and secure. To achieve official compliance, you must have a third-party provider review and evaluate your data management.
SMS Compliance for A2P 10DLC
Ten-digit long codes (10DLC) are typical phone numbers you see on your phone every day; they have 10 digits and a local area code. Carriers have upgraded businesses’ 10DLC capabilities, allowing them to send a higher volume of messages to customers. To access 10DLC, your business must comply with your carrier’s registration requirements. See this article for the most up-to-date information on 10DLC registration.
