The Telephone Consumer Protection Act and Sales Agents: The Dangers of the ‘Canary Trap’

Quick Hits

• The Telephone Consumer Protection Act (TCPA) of 1991 was established to protect residential telephone subscribers’ privacy by allowing them to opt out of unsolicited telemarketing calls through a “do not call list.”
• Some individuals exploit the TCPA by using tactics like the “canary trap” to create cycles of alleged violations and file numerous lawsuits, as seen with one person’s filing sixty-eight lawsuits in Michigan since June 2017.
• Companies can defend against TCPA lawsuits by clearly defining agency relationships in written agreements, ensuring compliance with the TCPA, and regularly updating and checking their call lists against the National Do Not Call Registry.

The ‘Canary Trap’

The intention behind the TCPA has been undermined by individuals who have made it a full-time job to trap individuals and companies into alleged violations. For example, since June 2017, one individual has filed sixty-eight lawsuits in Michigan alleging TCPA violations. This individual utilizes what he characterizes as a “canary trap,” which he describes as an “investigative technique” by which he provides false personal information and his actual phone number on the TCPA do-not-call list. He then waits to see where the false information reappears. For example, he will give the false information, and an actual do-not-call phone number, to an insurance agent and use the false information to apply for insurance. Then he waits for other insurance agents, using the same false information, to cold call him using his actual do-not-call telephone number. In this way, he creates a cycle of alleged violations and then files a lawsuit.

Key Issue: Vicarious Liability

For most companies, a key issue when defending against this type of lawsuit is that “under federal common-law principles of agency, there is vicarious liability for TCPA violations” (i.e., liability imposed on a company through the actions of its agents), as the Supreme Court of the United States stated in a 2016 decision, Campbell-Ewald Company v. Gomez. In this context, vicarious liability can be established through apparent authority, actual authority, or ratification. (Previously, in Keating v. Peterson’s Nelnet, LLC, the U.S. Court of Appeals for the Sixth Circuit explained in 2015 that the Federal Communications Commission (FCC) had concluded that defendants could be held vicariously liable for TCPA violations under federal common-law agency principles, including actual authority, apparent authority, and ratification.)

“[A]n agent acts with actual authority ‘when, at the time of taking action that has legal consequences for the principal, the agent reasonably believes, in accordance with the principal’s manifestations to the agent, that the principal wishes the agent so to act,’” the Michigan Court of Appeals noted in 2022 in Dobronski v. NPS, Inc., citing the Restatement (Third) of Agency.

Under Section 2.03 of the Restatement (Third) of Agency, “apparent authority” requires that the principal made manifestations to the third party—normally the plaintiff—that created in the third party a reasonable belief that the agent “had authority to act on behalf of the principal.”  Finally, under Section 4.01(1) of the Restatement (Third) of Agency, “[r]atification is the affirmance of a prior act done by another, whereby the act is given effect as if done by an agent acting with actual authority.”

Avoiding the ‘Canary Trap’

A key strategy for defending against TCPA lawsuits brought by high-volume litigators alleging agency is to readily demonstrate that an agency relationship does not exist. This can be done by carefully defining the scope of the agency relationship in a written producer’s agreement. Ideally, the agreement will expressly require compliance with the TCPA and state that conduct that violates the TCPA falls outside the agency relationship. The communications between the agent and the customer must make it clear that the agent is not acting as an agent for the company.

In addition, the company may want to require agents to:

• check the National Do Not Call Registry every thirty days and remove registered numbers from call lists;
• obtain express written consent before making an automated or prerecorded call or sending a text message, and keep a record of this consent;
• provide opt-out mechanisms for recipients of calls and messages; and
• keep records of all compliance efforts.

The constant filing of lawsuits under the TCPA by using canary traps needs to be stopped. Companies can go a long way in advancing this goal by taking reasonable steps to ensure TCPA compliance.

Ogletree Deakins’ Cybersecurity and Privacy Practice Group and Technology Practice Group will continue to monitor developments and will provide updates on the Cybersecurity and Privacy and Technology blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts