Consent Documentation for Outbound Campaigns: What to Capture and Why
Collecting consent is only half the requirement — the half that gets companies in trouble is failing to prove what consent was collected, when, and in what form. Here is a practical framework for consent documentation.
Disclaimer: This post is general information only and does not constitute legal advice. Consult qualified counsel before designing or modifying your compliance program.
Why Documentation Outweighs Intent
Regulatory enforcement and private litigation both operate on evidence, not intent. A company that obtained valid consent but cannot demonstrate it is in a materially weaker position than one that can produce a timestamped record showing exactly what the contact agreed to and when. The FCC, FTC, and state attorneys general all treat documentation gaps as aggravating factors.
For outbound calling programs — especially those that use autodialing, prerecorded messages, or contact wireless numbers — consent documentation is the primary defense against per-violation statutory damages under the TCPA. At $500–$1,500 per call, the math on a documentation failure across a large campaign is severe.
The Four Elements of a Defensible Consent Record
Regardless of where or how consent was collected, a defensible record should capture:
1. Identity of the consenting party. Name, contact number, and enough information to tie the record to a specific person and number. A consent record that covers a phone number but cannot identify who provided it is weaker than one that links to a CRM contact with a verified identity.
2. The specific consent given. What exactly did the contact agree to? "Receiving calls about our services" is vague. "Receiving autodialed or prerecorded calls about mortgage refinancing offers from ABC Lending" is specific. Consent that does not name the calling party or describe the type of communication is subject to challenge.
3. How consent was obtained. Was it a checked box on a web form? A signed paper authorization? A verbal agreement recorded during a prior call? Each mechanism carries different evidentiary weight and different documentation requirements.
4. When consent was obtained. A timestamp accurate to the second, stored in a format that cannot be retroactively modified, is the minimum standard. IP address at the time of web form submission strengthens the record further.
Web Form Consent: Common Gaps
Web forms are the most common consent collection mechanism for outbound campaigns. Common documentation failures include:
- Checkbox pre-checked at page load rather than requiring affirmative action
- Consent language buried in terms of service with a general "I agree" checkbox, rather than specific standalone disclosure
- No server-side logging of the form submission with timestamp and IP
- No version control on the consent language — if the text changed since the contact signed, you cannot prove what they agreed to
Capture the exact consent text as it appeared at the time of submission, not just a reference to your current terms. Regulatory investigators know that websites change, and they will ask to see the language as it existed on the date of the consent record.
Verbal Consent: Call Recording as Documentation
When consent is obtained verbally — during a prior call, at a point of sale, or at an event — the gold standard is a call recording or video capture of the moment. The recording should be stored, indexed to the contact record, and retrievable on demand.
If you record calls in your outbound program, your platform should provide CDR exports that tie call IDs to recording storage references. UnlimCall's network supports call-level CDR data that can anchor consent and activity records in a single evidence chain. Review our audit trails guide for how to structure that chain.
Consent Revocation Is Part of the Documentation Requirement
Consent documentation does not end at acquisition. When a contact revokes consent — whether by saying "stop calling me," clicking an unsubscribe link, or submitting a written request — that revocation must be logged with the same rigor as the original consent:
- Who received the revocation
- Through what channel
- Exact timestamp
- What action was taken and when
Revocation must be applied to your internal DNC list within the timeframe your counsel specifies. A revocation that was properly recorded but not acted on creates liability, not protection.
Third-Party List Consent: The Highest-Risk Scenario
When you purchase or rent a contact list, the consent representations that came with that list are made by someone else — a party who may have limited ability to produce documentation, may have collected consent years ago for different purposes, or may have misrepresented the nature of the consent.
Before dialing third-party lists, your compliance program should require the list vendor to provide a sample of consent records, describe the consent language used, and state when consent was collected. Your counsel may advise that certain third-party lists are too high-risk to include in autodialed campaigns.
Takeaways
- A consent record must capture identity, the specific consent given, the mechanism, and a precise timestamp
- Web form consent requires server-side logging of submission timestamp and IP, plus version-controlled consent text
- Verbal consent documentation relies on recordings indexed to contact records and retrievable on demand
- Revocation must be logged and acted on with the same rigor as original consent
- Third-party list consent carries higher risk because the documentation lives with someone else
A Network Designed for Documented Outbound
Every call on the UnlimCall network generates a CDR you can export and cross-reference with your consent records. Flat-rate pricing at $99 per seat per month means no per-call cost distorts your documentation decisions. Learn more about our outbound network or see how we compare to per-minute SIP trunking.