FirstLeads Logo
12 min readLegal Compliance

Legal Compliance Guide: How to Use Fire Damage Leads Legally

A comprehensive guide to using fire incident data legally and ethically while staying compliant with TCPA, privacy laws, and consumer protection regulations.

Legal compliance and regulations

Introduction: Why Legal Compliance Matters

Fire damage leads represent significant business opportunities—but with that opportunity comes serious legal responsibility. A single compliance misstep can result in penalties ranging from $500 to $51,744 per violation, class action lawsuits, and permanent damage to your reputation.

This guide covers everything you need to know to use fire incident data legally, protect yourself from liability, and build a sustainable, compliant lead generation strategy.

Understanding Your Legal Obligations

1. TCPA (Telephone Consumer Protection Act)

CRITICAL: TCPA Compliance is Non-Negotiable

The TCPA restricts telemarketing calls, auto-dialed calls, prerecorded messages, text messages, and faxes. Violations can cost:

  • $500 per violation (standard penalty)
  • $1,500 per violation (willful or knowing violation)
  • $51,744 per violation (TSR violations for Do-Not-Call violations)
  • Class action exposure (can reach millions of dollars)

2. TCPA One-to-One Consent Rule (Effective January 27, 2025)

The new FCC rule requires that you obtain Prior Express Written Consent (PEWC) from each individual on a one-to-one basis before making robocalls or sending robotexts.

What This Means for Fire Leads:

  • You CANNOT use skip trace phone numbers to make cold calls or send unsolicited texts
  • Consent must be specific to YOUR business (not generic lead generator consent)
  • Consent must be topical and contextual (related to fire damage services)
  • You must maintain detailed records of consent (date, method, scope)
  • Manual dialing does NOT exempt you from TCPA (wireless numbers still require consent)

3. Do-Not-Call (DNC) Registry Compliance

The National DNC Registry and state DNC lists restrict telemarketing calls to consumers who have opted out.

DNC Requirements:

  • Subscribe to DNC Registry: www.telemarketing.donotcall.gov (fees apply)
  • Scrub phone numbers: Before calling, scrub against National DNC and state registries
  • Re-scrub every 31 days: TSR requires monthly updates
  • Maintain internal DNC list: Honor all "do not call" requests immediately
  • Document compliance: Keep records of DNC scrubbing dates and results

Important: FirstLeads provides litigator scrubbing (TCPA lawsuit risk), but this does NOT replace DNC registry compliance. You must scrub both.

4. CAN-SPAM Act (Email Compliance)

If you use skip trace email addresses for marketing, you must comply with CAN-SPAM:

  • Use accurate "From," "To," and "Reply-To" information
  • Include a clear subject line (no deceptive headers)
  • Identify the message as an advertisement
  • Include your physical mailing address
  • Provide an easy opt-out mechanism (unsubscribe link)
  • Honor opt-out requests within 10 business days

Privacy Laws: CCPA, CPRA, and GDPR

California Consumer Privacy Act (CCPA/CPRA)

If you contact California residents, you must comply with CCPA/CPRA:

  • Right to Know: Consumers can request what personal data you have about them
  • Right to Delete: Consumers can request deletion of their data
  • Right to Opt-Out: Must provide "Do Not Sell My Personal Information" option
  • Right to Correct: Consumers can request correction of inaccurate data
  • Penalties: $2,500 per unintentional violation, $7,500 per intentional violation

Best Practice: Privacy Policy Requirements

If you collect personal data from fire leads, you should have a privacy policy that discloses:

  • Categories of personal data collected (name, phone, email, address)
  • Sources of data (fire incident databases, skip trace services)
  • Purposes for collection (marketing fire damage restoration services)
  • Third parties with whom data is shared (subcontractors, partners)
  • Consumer rights and how to exercise them

GDPR (If Contacting EU Residents)

If you ever contact EU residents (unlikely for U.S. fire data, but possible for international clients):

  • Must have a legal basis for processing (consent or legitimate interest)
  • Must provide clear privacy notices
  • Must honor data subject rights (access, deletion, portability)
  • Penalties: Up to €20 million or 4% of annual global revenue (whichever is higher)

Ethical Considerations Beyond Legal Requirements

1. Respect the Property Owner's Situation

Fire victims are in a vulnerable state. Your approach should be:

  • Empathetic: Lead with compassion, not sales pressure
  • Helpful: Provide genuine value (free estimates, emergency services info)
  • Transparent: Be clear about who you are and why you're calling
  • Respectful: Honor "no thank you" immediately without pushing

2. Avoid High-Pressure Tactics

Do NOT:

  • Call repeatedly if the property owner asks not to be contacted
  • Use scare tactics about insurance deadlines or property deterioration
  • Misrepresent your relationship with insurance companies or fire departments
  • Show up uninvited at the property (trespassing risk)
  • Contact at inappropriate hours (before 8am or after 9pm local time)

3. Fair Housing and Anti-Discrimination

If you're a real estate investor, lender, or housing provider:

  • Do NOT discriminate based on race, color, religion, national origin, sex, disability, or familial status
  • Do NOT target or exclude specific neighborhoods based on protected characteristics
  • Comply with Fair Housing Act, Equal Credit Opportunity Act, and state anti-discrimination laws

Step-by-Step Compliance Workflow

Compliant Lead Contact Process:

  1. Receive Fire Lead from FirstLeads: Review incident details, address, and any available contact info
  2. Verify Data Accuracy: Cross-check address with public records, Google Maps, property databases
  3. Check Litigator Scrubbing: Review FirstLeads litigator flags to avoid known TCPA plaintiffs
  4. Scrub Against DNC Registries: Use www.telemarketing.donotcall.gov to scrub phone numbers (required)
  5. Check Internal DNC List: Ensure property owner hasn't previously requested no contact
  6. Determine Contact Method: Choose compliant approach (see next section)
  7. Make Initial Contact: Follow TCPA calling time restrictions (8am-9pm local time)
  8. Document Everything: Record date, time, outcome, consent (or refusal)
  9. Honor Requests: If asked not to call, add to internal DNC list immediately
  10. Follow Up (If Permitted): Only if consent was obtained and documented

Compliant Contact Methods

Method 1: Direct Mail (Lowest Risk)

✅ RECOMMENDED: Safest Approach

Why it works: No TCPA restrictions, no DNC issues, no consent required

  • Use fire incident address from FirstLeads
  • Send professional, empathetic letter offering assistance
  • Include opt-out mechanism (email or phone to decline future mail)
  • Provide multiple contact options for property owner to respond
  • Cost: $0.73 per letter (postage + printing)

Method 2: Manual Dialing (Medium Risk - Requires DNC Compliance)

Requirements:

  • Must scrub against National DNC and state DNC lists
  • Must call between 8am-9pm local time
  • Must provide immediate opt-out option
  • Must honor internal DNC list
  • Document all calls (date, time, outcome)
  • Do NOT use: Auto-dialers, predictive dialers, or robocalls without prior consent

Method 3: Email (Medium Risk - Requires CAN-SPAM Compliance)

Requirements:

  • Include clear unsubscribe link
  • Honor unsubscribe requests within 10 days
  • Use accurate headers and subject lines
  • Include physical mailing address
  • Identify email as advertisement

Method 4: In-Person Visit (Highest Risk - Not Recommended)

⚠️ HIGH RISK: Proceed with Extreme Caution

  • Trespassing Risk: Do not enter property without permission
  • Safety Risk: Fire-damaged structures may be unstable
  • Harassment Risk: Property owner may view as intrusive
  • Better Alternative: Use direct mail first to request permission for visit

Record-Keeping Best Practices

What to Document

Maintain detailed records to defend against potential TCPA or privacy lawsuits:

  • DNC Scrubbing: Date scrubbed, registry version, results (clean/flagged)
  • Litigator Scrubbing: Date checked, FirstLeads litigator status
  • Contact Attempts: Date, time, phone number called, outcome
  • Consent Records: Date obtained, method (written/verbal), scope of consent
  • Opt-Out Requests: Date requested, method (phone/email), action taken
  • Internal DNC List: Continuously updated list of do-not-contact requests

Retention Period

Minimum: Keep records for 4 years (statute of limitations for TCPA claims in most states)

Common Compliance Mistakes to Avoid

❌ AVOID THESE MISTAKES:

  1. Assuming litigator scrubbing = DNC compliance: FirstLeads litigator scrubbing identifies TCPA lawsuit risks, but does NOT replace National DNC scrubbing
  2. Using auto-dialers without consent: TCPA applies to auto-dialers even if you manually press "send" for each call
  3. Calling before 8am or after 9pm: Local time of recipient matters, not your time zone
  4. Continuing to call after "no": Single request to stop must be honored immediately
  5. Not scrubbing every 31 days: TSR requires monthly DNC updates
  6. Relying on "established business relationship" exception: Fire victims you've never worked with before do NOT have EBR with you
  7. Buying "consent" from lead generators: Third-party consent does NOT satisfy TCPA one-to-one consent rule

What to Do If You Receive a TCPA Complaint

Immediate Actions:

  1. Do NOT ignore the complaint
  2. Add complainant to internal DNC list immediately
  3. Cease all contact with complainant
  4. Gather all documentation (call logs, DNC scrubbing records, consent records)
  5. Contact a telecommunications attorney (do NOT try to handle alone)
  6. Notify your E&O insurance carrier
  7. Do NOT contact the complainant to "explain" or "apologize" (creates evidence)
  8. Review your entire compliance program to prevent future violations

Compliance Checklist

✅ Before Contacting Any Lead:

  • ☐ Verified data accuracy (address, phone number)
  • ☐ Checked FirstLeads litigator scrubbing status
  • ☐ Scrubbed phone number against National DNC Registry
  • ☐ Scrubbed phone number against state DNC registries
  • ☐ Checked internal DNC list for previous opt-outs
  • ☐ Determined compliant contact method (mail, manual dial, email)
  • ☐ Prepared documentation template for recording contact
  • ☐ Confirmed calling time is 8am-9pm local time (if calling)
  • ☐ Reviewed privacy policy and CCPA compliance (if applicable)
  • ☐ Trained staff on TCPA compliance and opt-out procedures

Resources

Government Resources

Professional Assistance

  • Find a TCPA Attorney: Search for telecommunications or consumer protection attorneys in your state bar directory
  • Compliance Software: Consider compliance platforms like Gryphon, Retreaver, or Call Tools for automated DNC scrubbing and call monitoring
  • Insurance: Obtain E&O insurance that covers TCPA claims (typical coverage: $1-2M)

Conclusion: Compliance is a Competitive Advantage

Legal compliance isn't just about avoiding lawsuits—it's about building a sustainable, ethical business that earns trust and generates long-term results.

By following the guidelines in this article, you'll:

  • Protect yourself from TCPA penalties and class action lawsuits
  • Build a reputation as a professional, ethical service provider
  • Maintain higher conversion rates (compliant outreach = better reception)
  • Create a defensible, scalable lead generation system
  • Sleep better knowing you're operating legally

Remember: When in doubt, consult a telecommunications attorney. The cost of legal advice ($200-500) is far less than the cost of a single TCPA violation ($500-$51,744).

Related Articles