Most residential window contractors think compliance starts and ends with TCPA federal rules. That's incomplete. Several US states have layered “mini-TCPA” statutes on top of federal law, with stricter consent requirements, broader coverage, and in some cases lower thresholds for what triggers liability. A contractor operating across multiple states inherits the strictest applicable rule for each customer's location. Here's the framework, the most-active state laws to know, and the practical compliance posture that protects you.
The compliance pyramid
For SMS and call compliance, three layers stack:
- Federal TCPA, the federal floor. Applies everywhere. TCPA basics here.
- State-specific statutes, additional requirements based on the recipient's state.
- Carrier rules (A2P 10DLC, TCR), commercial SMS routing requirements layered on top of legal compliance.
Compliance posture must satisfy the strictest applicable layer for each contact. For a multi-state contractor, that effectively means designing the system to satisfy every layer.
The lookup-by-recipient principle
The state laws to know
Florida, FTSA (Florida Telephone Solicitation Act)
Florida's FTSA, particularly post-2021 amendments, is the most-litigated state telemarketing statute in the U.S. Key provisions:
- Prior express written consent required for autodialed/prerecorded calls and SMS.
- Consent must be specific to the seller, not bundled with general “our partners” consent.
- Calling hours: 8am-8pm local time (slightly stricter than federal 8am-9pm).
- Statutory damages: $500 per violation, trebled to $1,500 for willful violations. Class actions common.
Florida is the most aggressive plaintiff jurisdiction. Window contractors with Florida customers should design their compliance posture to FTSA standards.
Oklahoma, Oklahoma Telephone Solicitation Act
Oklahoma passed a TCPA-style statute in 2022 with contours similar to Florida's, express prior consent, statutory damages, private right of action. Plaintiff activity has been growing.
Washington, CEMA (Commercial Electronic Mail Act)
Washington's CEMA covers email more aggressively than federal CAN-SPAM. Bars deceptive subject lines, requires accurate sender identification, mandates clear opt-out mechanisms. Statutory damages of $500 per violation.
Massachusetts, Mass General Laws Chapter 93A
Massachusetts uses its general consumer-protection statute to cover unfair telemarketing practices. Multiple damages available for willful violations.
California, multiple statutes
California layers several statutes: CCPA/CPRA (data privacy), the California Invasion of Privacy Act (call recording requires two-party consent), and California's contribution to TCPA enforcement through state AG actions.
New Jersey, TCFA (Telemarketing Consumer Fraud Act)
Layers additional restrictions on prerecorded messages and requires registration of telemarketers in some scenarios.
Various other states
Texas, Georgia, North Carolina, Indiana, and others have narrower mini-TCPAs or robocall statutes. Coverage and damages vary; CRM systems should track state-specific rules.
The FTSA litigation surge
Practical compliance posture for multi-state operations
For a window contractor operating in multiple states, the cleanest compliance approach is a single high-bar standard that satisfies all applicable state rules:
1. Express prior written consent on every form
Single TCPA-compliant consent text that names your specific business, covers SMS + autodialed calls + prerecorded messages, includes opt-out instructions and HELP keyword. No bundled “and our partners” language.
2. Server-side consent record capture
At submission: exact consent text shown, IP address, timestamp, page URL, user agent. Stored alongside the contact record, retained 4+ years. Compliance audit framework here.
3. State-aware sending hours
Default to the strictest applicable window: 8am-8pm in the recipient's local time zone. CRM should be aware of recipient state and time zone; outbound SMS/calls respect both.
4. STOP/HELP keyword propagation
STOP / STOPALL / UNSUBSCRIBE / CANCEL / QUIT / END all immediately propagate to DNC list. Federal allows 10 business days; many states match or stricter. Process within minutes via SMS platform automation.
5. Two-party-consent recording where required
California, Florida, Pennsylvania, and others require two-party consent for call recording. If your AI receptionist or sales reps record calls, ensure consent notification matches state requirement (typically a beginning-of-call disclosure).
6. State-specific privacy disclosures
California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Washington (My Health My Data), Oregon, Texas, and others all have state privacy laws. Privacy policy should address each.
The CRM-side requirements
State-specific compliance requires CRM-level capability:
- Recipient state and time zone tracked per contact.
- State-aware sending logic that applies the strictest applicable rule to each outbound message.
- Consent metadata stored server-side, queryable for discovery requests.
- DNC list propagation across all messaging systems.
- Audit logging for all sends and consent updates.
Most contractor CRMs handle some of this; few handle all without configuration work. CRM selection considerations here.
The legal-review cadence
State telemarketing law is genuinely volatile in 2026, new state statutes emerging, federal interpretations shifting. Recommended cadence:
- Annual review of consent text and disclosures with counsel.
- Quarterly audit of CRM compliance configuration.
- Real-time monitoring of major-state legal updates (Florida and California specifically).
- Documented compliance trail in case of plaintiff demand letter.
$500-$1,500
Per-violation statutory damages typical across state mini-TCPA statutes (Florida FTSA, Oklahoma OTSA, etc.). Class actions can scale to seven figures quickly. Legal review investment is a fraction of even a single settlement.
Ready to talk numbers on your own pipeline?
45-minute strategy call. Live look at your ad accounts. Written diagnosis you keep, whether you sign or not.
Final thought
TCPA federal rules are the floor, not the ceiling. State statutes layer additional requirements that can produce substantial liability for contractors operating cross-state. The cleanest posture for a multi-state residential window contractor: design to the strictest applicable rule, capture compliance metadata robustly, configure the CRM for state-aware sending, and review annually with qualified counsel. The cost of doing this right is an order of magnitude less than the cost of getting it wrong.
This article is for informational purposes only and is not legal advice. State and federal telemarketing law changes frequently. For specific compliance questions about your business, consult qualified counsel.
Tagged