S2 E10: Why You Need to do Calling Data Audits

Why You Need to do Calling Data Audits


Jordan Eisner: Welcome back, everybody. I’m your host, Jordan Eisner, and this is Compliance Pointers.

It’s going to be a difficult session to keep a straight face in, as Megan’s staring at me just thinking, this guy hosting this podcast, but that’s okay.

I’m excited about today’s session. This one’s going to be a little different from what we normally get into or what we typically get into, which is more information security, data privacy, that sort of piece. But you hear us always talk about our marketing compliance group and this niche practice we have, helping organizations with outbound marketing, direct-to-consumer marketing, calling, texting, emailing.

And so, Kevin Mayfield and Megan Rose, who I have with me today, are both very experienced, very expert consultants in that group.

Kevin, I think you’re going on 10 years at CompliancePoint this year.

Kevin Mayfield: 10 years this year, yeah.

Jordan Eisner: And Megan, I’m guessing here, this is like seven, going on eight.

Megan Rose: Seven, yeah, going on eight.

Jordan Eisner: So a combined almost 20 years of experience in this industry. It’s pretty good. So excited what you guys bring to the table.

And I’m trying to think about other things our audience should know about the two of you. Megan’s a cat person. I think that’s important, right?

And Kevin, I always like to tell clients this. Proud recipient of the Brad Pitt Award at CompliancePoint several years back. So you guys can’t see us, but Kevin’s quite the handsome chap.

Kevin Mayfield: It’s the hair.

Jordan Eisner: And it’s definitely the hair.

So, okay, enough intros. We’ll dive in the topic. Thank you, listeners, for listening to another session.

So we’re talking about specifically in the realm of outbound marketing and organizations doing a lot of dialing direct to consumers as a lot of consumers may or may not know, there’ are do not call laws. There are calling time restrictions. There are all sorts of requirements for organizations that they need to abide by legally for how they’re calling.

And so we at CompliancePoint have been doing for a number of years now what we call calling data audits. I understand recently these have evolved and we’re doing direct marketing optimization audits now, too.

So that’s a pretty bland term, calling data audits. We haven’t found anything better to call it that right over the years. But give us a little history. What are calling data audits? What are direct marketing optimization audits?

Kevin Mayfield: Well, first of all, I’ll just say that, you know, when we were interviewing Megan to become a consultant seven years ago, we said, you know, what really makes you tick? What really floats your boat? And she’s like, oh, you know, I really like work with the data and the numbers. And you’re like, yeah, we don’t really do that here much. So but she took a she took a leap of faith on us anyway. And she’s really been she’s really been instrumental in growing this part of the practice. And I’ll let her tell you a little bit more about how it all works. But she’s the brains behind the operation.

Megan Rose: I got a little lucky when I first started. We’d had our first large data-focused client come on board. We were sort of in a position of having to audit things we might not have had a ton of experience auditing before, like calling times, attempts, internal DNC, things along that route.

And we also got very lucky that this client is heavily engaged with all of their compliance. They just came out of a recent TCPA settlement. They wanted to get all buttoned up.

And the first month we did the audits, you know, we’re telling them, don’t expect perfection, even though you guys have been making outbound dials for a long time. And it wasn’t perfect. There were about one hundred and twenty thousand exceptions found, which they sort of raised their eyebrows out a little bit. Not quite what they were expecting, but it definitely got them engaged.

And then as fixes went into place over the months, we got it down to forty thousand exceptions, ten thousand exceptions. And I think now five years later, I mean, sometimes we have zero months where they’re perfect.

Jordan Eisner: Two things that got me there, A for our listeners, what’s a TCPA suit? I know what it is, whether you guys believe that or not. But what’s a TCPA?

Megan Rose: So the TCPA, it’s the Telephone Consumer Protection Act. FCC law and under the TCPA, Joe Schmoe can bring a lawsuit against you for making outbound calls. So you’re more likely not to wait on enforcement from the FCC or state Attorney Generals. Regular consumers can say you called me and I think you’re out of compliance and then build a class off of that. You can end up getting fined up to fifteen hundred dollars per call, which if you’re like this client and you make fifteen million calls a month, it adds up.

Jordan Eisner: So that’s where we see organizations, hundreds of millions of dollars fined under these sort of things.

Kevin Mayfield: I’ll just add too, like Megan was talking about, these guys were really engaged and we’ve had so much success with this that we’ve kind of made it a part of our gap assessments that we do now where it’s not maybe an ongoing client, but we’re asked to come in and do a gap assessment of someone’s telemarketing or outbound operations.

It’s amazing how often we hear, I mean, we’ve been doing this a while. I mean, we think we’re pretty buttoned. We know what’s happening over here and only to find out that they don’t really have any idea at all about what’s happening where the rubber meets the road and the outbound dials are being made.

Megan Rose: Kevin’s favorite quote when we go on-site is, you don’t know what you don’t know. And I think that’s very true.

I mean, we’ve walked out of assessments before where we’ve spent all day on site thinking, oh, these guys are pretty buttoned up. They know what’s going on. And then the data comes in and just tells a completely different story.

Jordan Eisner: The other thing you said was 120,000 exceptions, 40,000 exceptions down to 10,000. Define exceptions. What are you talking about when you say exceptions? Why are you calling them exceptions?

Megan Rose: So we never want to say anything is an issue because it could just be a data error or it could be a mis-campaign error or something like that. So we use the term exception as to say, hey, this might be a potential dial made out of compliance without actually coming out and saying you made an illegal call because it very well could have been legal and we just got bad data. So that’s where the term comes from.

Jordan Eisner: When clients come to you or come to us, are they asking us to audit their calling data? Do they know this exists? Is this something that we’re educating them on? I know the answer to this question, but I want to hear you talk about it for our audience.

Kevin Mayfield: Well, I would say kind of going back to what I said a minute ago a little bit, we bring it up almost every time. It’s us bringing it to the table and a lot of times we get pushback of people that just don’t want to put the time and effort into it because they think they know what’s going on. And I would say that probably a hundred percent of these that we’ve done, there’s something found that is enlightening to the client that they didn’t know what was happening.

Megan Rose: And I will say too, as we’ve sort of evolved this program over the years, I think there’s an audit that’ll fit everyone. I mean, we’re auditing caller ID route backs now or caller ID complaints, we’re doing calling times or even doing like attempts for business rules. So even if you think, oh, I can’t benefit from us, there’s probably some kind of audit we can do that’ll be insightful.

Jordan Eisner: If you have a call-in program and you have, obviously you’re going to have legal requirements but this kind of segues into another question we wanted to make sure we asked, right? What about business rules?

So if you have a call in program and you have legal things you need to abide by, this can audit your files, tell you where you’re in or out of requirements. But what about business rules? What can organizations do beyond just maybe legal requirements or maybe not necessarily beyond but parallel with?

Megan Rose: Yeah, so a lot of companies have their own business rules where they sort of go above and beyond the legal requirements just from a customer experience perspective. So we see often where companies won’t want to call a consumer more than once in a two-hour period. So that’s something we’ll check for. How often are you actually calling this person? I mean, are you calling them right now and then calling them again 10 minutes later?

Other things we do, and this is sort of where the direct marketing optimization comes into play, is those aren’t really compliance audits. It more so stemmed from we always come in and are seen as the do not call police. So we use DMO to sort of open up calling. We’ll look at the suppressions and say, actually, you’re being a little too restrictive in this state. You could have called this person.

Or we’ll look at the attempts frequencies and say, hey, maybe you’re not reaching your file penetration. You’ve called this lead 27 times and you only called this lead twice. We see that you typically get sales around the 13 attempts if you’re going to make them. Maybe don’t call past that.

So different things like that where it’s not just legal requirements. It’s your business rules, too. You don’t want to call people past five on a Sunday. We’ll check for that.

Kevin Mayfield: Yeah, and it’s really customizable, too, by client. So some people will say, OK, on this particular campaign, we only want to call this person eight times over the life of the campaign, whereas this other campaign, we want to call them two times a day for 10 days and then stop.

So Megan and her team can even look at it by campaign. I mean, as granular as that.

Jordan Eisner: So they give us the KPIs that they want. And then we can really build the audit out to that and include the requirements that we have.

OK, Kevin, you might have already answered this. So I’m going to ask you a different way instead of how often are you finding issues? Have you ever not found issues? Earlier you said perfect report, maybe, but then you said 100% of the time.

Kevin Mayfield: I was saying on the initial audits, you know, I’ve got I’ve got one client. They fought me for years on getting data, right? I mean, I’ve got 30 days dialing data and give me your internal DNC list and let’s have a look at it. If everything’s working just like you think it is, that’s great.

They were enlightened to find out that they made 19,000 telephone calls to numbers on their internal DNC list last month. And they were only talking about two million outbound dials. So I mean, to say that they got their attention is an understatement, you know, and so now we do them every quarter for them.

Jordan Eisner: What are people doing wrong? Why is that happening? Why are they so confident that they’re doing well? Then we get the results. There are tens of thousands of errors. Is it human error? Is it the way they filter?

Megan Rose: A lot of things. So I think too, when you have a lot of moving parts in compliance programs, so you have the agents making the call, you’re relying on them to disposition. You have your campaign managers that are loading the calls. You have your suppression team. There’s just so many different moving parts.

And as the laws and requirements change over time, especially, and you have to update your rules, I mean, that just leaves room for error where we see things that break all of the time, where it’s new issues that come up after we’re doing audits month over month.

And it could be, hey, we introduced this new campaign. We’re supposed to suppress national do not calls in Arizona. We missed it. We didn’t update the settings right.

Jordan Eisner: A lot of potential points of failure. So how can companies get better? They reduce the points of failure. They put more, you know, redundancy in the process, more checks and balances.

Kevin Mayfield: I mean, I think it’s just a learning process, right? People over time figure out that that they don’t know what they don’t know. And you’re trusting lots of moving parts, like Megan said, in the in the system. And the only way to successfully monitor it really is to audit it, whether you’re doing it yourself or having us do it.

Jordan Eisner: I think we covered the DMO pretty well, unless there’s anything more you would add on that.

Kevin Mayfield: I’ll just say that that the DMO, you know, it I think everybody that we’ve done it for and I’ll say, too, that that’s not something that is ongoing, like the audits is right. A lot of times we might do it once might do it again in a year. But really, that’s more like looking at the data to find the sweet spot, maybe for like the number of attempts or, hey, if we call this these numbers X number of times, we see a huge jump in DNC’s DNC requests after the 11th attempt, let’s just say for argument sake.

And so, I mean, I think it gives a lot of kind of a window to where the success and failures are.

Jordan Eisner: Not only are there diminishing returns after a certain number of attempts, but you start to approach territory where you may not even be able to call that person over again.

Kevin Mayfield: That’s right.

Megan Rose: And there are also costs associated with every call that you make. I mean, it’s time spent making the calls time across the network. So we say, hey, you call this number 16 times and got a busy signal every time, maybe finalize dispositions after three busy signals or something like that. It’s just giving our clients the chance to go on to maybe call some more fruitful leads.

Jordan Eisner: This was a positive consequence we found right through the data audits in a way because we are always coming from this from a compliance risk management standpoint. And we just found situations where people were calling old, you know, fax lines, right, and spending resources that way. So organizations are starting to wise up and use actual compliance data that we showed them to help make their marketing efforts more efficient.

Megan Rose: Well, it started to be a question. I think we got a lot from clients and we’d bring up the attemps is because there is no legal requirement for how often you can call someone. You just can’t harass them.

Jordan Eisner: Except Massachusetts, right?

Megan Rose: Debt collection.

Jordan Eisner Oh, is that right?

Megan Rose: Well, yeah, but there’s no federal requirement.

Yeah, so clients would say, well, I mean, how much is too much? And then we would say, well, let’s take a look at your data and we can tell you how much might be too much.

Jordan Eisner: Well, I think a lot of this has demonstrated why this is important. What would you add for our listeners in closing as to why these data audits are important? Why do them? Is it us or internally? And this podcast, despite how it sounded, is about them and what they’re doing and not necessarily our service in another way. You can do this yourselves too. We just have a very powerful data set. We’re kind of uniquely qualified to do that shameless plug.

But why is this important?

Kevin Mayfield: I’d say it’s the monitoring piece. I mean, you got the DNC Safe Harbor that’s built into the federal law and it says that if you do these things and you can document that you do these things, then you can seek safe harbor if an error is found or if an error is made.

And so I think that the real power of it is the documentable history that you are monitoring and enforcing compliance in your organization. And we supply folks with a tracker of, hey, here’s the issues that we found and here’s what we did to fix them. Here’s the date that we fixed it. And so I think that’s where I would say the real power is.

Megan Rose: I agree. I think the key word there to is enforcing because if you’re finding issues and not fixing anything, then that doesn’t really help you in the end.

Kevin Mayfield: It hurts you.

Jordan Eisner: And not breaking the law on some instances, but also, I would say, protecting your brand and your image with consumers and word of mouth and this company calls me so many times, no matter how many times I tell them to stop, avoiding those sort of things long term.

Kevin Mayfield: And it’s really not that much of a heavy lift on the client side. I mean, it’s typically a few clicks to download last month’s dialing data in the internal DNC list and it’s not much to it really.

Megan Rose: And it’s good practice too because if you do have an enforcement action, the FTC or the FCC or plaintiff’s attorneys, they’re going to ask for all of your dialing data. So if you’re trained and in the practice of having to provide it to us month over month, you can pretty much guarantee whatever you give them is going to be clean.

Because I would say that’s another pitfall we often see when clients first come on board for a monitoring program. They’ll give us dials that probably shouldn’t be included in outbound dialing. So they’ll have a bunch of internal numbers that are on their internal do not call list. So it looks like they’re making these calls when really they’re just transferring between offices or something like that. Or they’ll give us a bunch of inbound dials.

And we would say if you do find yourself in a position where you’re facing some kind of enforcement action, you pretty much only want to supply the data that you’re asked to supply.

Jordan Eisner: I remember an instance with a client, actually, I think the one you’re referring to, where the data file that we requested of them for like clean suppression records included their internal do not call list as well. And we said, hey, that’s fine. We knew that was a mistake, but a regulator might not.

Kevin Mayfield: I would say more often than not, the initial date that we receive is wrong.

Megan Rose: I was going to say. It’s just asking questions too that you probably don’t normally get asked because we have to say, how are you identifying the time zone of the consumer? What are you using?

And I mean, the client has to be able to put what time zone are you giving us the call time in? So things like that where it makes you really stop and think about, okay, how are we doing this? What are we doing? Could we be doing it better?

Jordan Eisner: Kevin, Megan, thank you guys for your time and being on the Compliance Pointers podcast. I know you enjoyed it. You’ll be back.

Kevin Mayfield: I’m sure I will be.

Jordan Eisner: And to our listeners, thank you once again for listening in. I know today’s topic was pretty niche, but for those of you out there with marketing compliance concerns or data privacy or information security, please come to our website, connect with us, connect@CompliancePoint.com.

Kevin’s on LinkedIn. You can check for yourself and see if the Brad Pitt profile matches.

Megan’s on LinkedIn. No cat’s in her photo on LinkedIn now.

And so am I. So reach out to us there if you have any questions in this realm or others. We will see you or no, we won’t. And you’ll hear us next time.

Let us help you identify any information security risks or compliance gaps that may be threatening your business or its valued data assets. Businesses in every industry face scrutiny for how they handle sensitive data including customer and prospect information.