Convoso
go to search
Customer LoginSchedule a demo
News - Compliance

    Third-Party Leads: Avoiding Litigation in a Risky Landscape

    Convoso
    8 min. read

    Call centers and lead buyers are staring down a wave of litigation, and most won’t see it coming until it hits their inbox.

    That was the focus of the webinar “Minimize Litigation Risks Through Sustainability in Third-Party Lead Gen,” hosted by ActiveProspect.

    The session featured two industry insiders: Margaret Wise, Chief Revenue Officer at ActiveProspect, and Michele Shuster, Managing Partner at Mac Murray & Shuster. Together, they laid out exactly how unchecked third-party lead gen practices are triggering lawsuits and sinking budgets.

    The upshot: Regulators are more aggressive. Plaintiffs are more strategic. And AI-driven fraud is rising fast. But companies that get ahead of the mess are finding that compliance can actually be a competitive edge.

    Wise and Shuster shared what’s working, what’s getting companies sued, and how to reduce your risk.

    Key takeaways

    • Regulatory risk is exploding: TCPA filings are up 300 to 400%, and new state laws are stacking penalties up to $6,500 per violation on top of standard TCPA penalties. 

    • You need evidence of consent: When a threat letter arrives, your ability to respond immediately with documentation can shut it down before it escalates.

    • Tech is essential, but you have to use it right: Tools like TrustedForm are critical for handling lead volume and compliance at scale, but they don’t confirm consent for you. You still need to verify that the form meets legal standards and retain the records yourself.

    • Your contracts can make or break you: Have a lawyer review your agreements to ensure they clearly define liability and include strong indemnification clauses. 

    State laws, stacked claims, and the litigation surge you can’t ignore

    Shuster shared a shocking stat: “TCPA filings are already up 300 to 400% this year. It’s an insane amount.” And that’s just federal. States are piling on with their own privacy laws, telemarketing regulations, and private rights of action.

    The trend? Stacked claims, where plaintiffs bundle federal and state violations together to drive up the damages. “The states are becoming very aggressive,” Shuster said. If you think a $1,500 TCPA fine is bad, you’re going to be shocked when that’s stacked on top of state penalties, which get up to $6,500. 

    What happens when the threat letter lands

    Threat letters can come from one of three places: a pro se plaintiff, a plaintiff’s attorney, or a regulator. The format may vary, but the demand is always the same: prove the call was lawful.

    Michele Shuster laid out the playbook. “You go back, you investigate the call, you make sure that you actually did make the call. Believe it or not, sometimes they get it wrong,” she said. Once confirmed, you need to pull all your documentation, from the form to how the call was initiated.

    “Being able to provide that type of information to whoever has sent that threat letter is critical,” Shuster said, “because the best possible outcome is to shut those down immediately.”

    And that outcome is possible. “About 25% of the time you’re effective at shutting those things down at the threat level,” she added.

    Bottom line: Consent alone isn’t enough. You need records for a defensible position.

    What really matters: transparency, consent, and lead validation

    If you can’t clearly show how a lead was captured, what the consumer agreed to, and whether the data is valid, you’re exposed.

    That’s where transparency comes in. Wise emphasized that one of the first questions her team asks clients is: “Is there a transparent data collection through that [lead capture] process? Can you see all of that?” You must be able to verify every step of the process.

    She also pointed to the need for validation and fraud prevention. “Are you taking steps to help prevent fraud? Eliminate that out of the system [so you’re] calling people who are expecting to be called.” That expectation is everything. When consumers know they’re going to get a call, conversion rates go up and legal risk goes down.

    Shuster reinforced that clarity is still the standard, even with the one-to-one consent rule vacated. “The language in a lead has to be clear and conspicuous,” she said. “It needs to be readily apparent to the consumer what’s going to happen as a result of completing that form.”

    That includes letting them know who might call and why. If your form includes multiple potential sellers, that needs to be clearly communicated so that “any reasonable consumer would have understood that by selecting this call-to-action button…they were going to get a call,” she said.

    This is where many companies fall short, not because they’re trying to do something shady, but because they assume the form is “good enough.” It’s not. You have to be able to prove that a consumer knew what they were signing up for otherwise you don’t have the consent you think you do.

    Tech that protects: how smart lead buyers are using tools to stay out of court

    Technology doesn’t make your lead gen compliant, but it can prove whether you are. And when a threat letter shows up, proof is everything.

    Wise explained that many companies don’t fully understand the role of their tech tools. Many ActiveProspect customers assume that if a lead has TrustedForm, that automatically means consent was captured. 

    Customers say, “‘Oh, well, it has TrustedForm, so therefore it must be consent.’ We're like, ‘No, because it's recording the activity, the lead capture,’” she said.

    In other words, TrustedForm gives you a snapshot of what happened, but it's still your job to make sure the consent meets legal requirements. 

    She also pointed out the risk of assuming your vendor will hold onto that record for you, which Shuster confirms: “The TSR is now specific as to who has that recordkeeping requirement, and whoever is placing the telephone call is the one required to keep that record.”

    That means if you're the one making the call — even if the lead came from a third party — you’re on the hook to store and produce the consent documentation. If you can’t pull the certificate, show the full form, and confirm the language meets legal standards, you’re exposed.

    Contracts, liability, and the fine print that can wreck you

    You don’t need a full-time legal team to protect your business, but you do need to know what’s in your contracts and whether they’ll actually protect you when something goes wrong.

    Shuster said that having a lawyer review your contracts and consent language is an “ounce of prevention that is definitely worth the pound of cure.” And here’s some good news: She says “it’s not as expensive as you would think” to get a lawyer to review them.

    The goal is simple: build a defendable position. If a threat letter lands in your inbox, you want to know immediately how to respond, what to show, and who’s responsible.

    That starts with contracts. If your company is placing the calls, you hold direct liability. But Shuster pointed out that vicarious liability is also a risk if your lead provider mishandles consent. That’s why your agreements need strong indemnification clauses. If your lead source doesn’t follow the rules, you have recourse.

    But she also added a caution: “Those indemnification clauses are only as good as the company that is providing them.” If your vendor disappears or can’t pay, that clause won’t do much.

    To go a step further, Shuster recommended asking your vendors to carry TCPA insurance and reviewing your own policies as well. “TCPA insurance has become affordable for companies again,” she said. “It can be incredibly helpful. It covers the defense costs and usually damages up to a certain amount.”

    One more hidden trap? Some contracts push all liability onto the publisher, even when the form, consent, and usage are technically compliant. If you’ve signed an agreement that says you’ll indemnify your client for any lawsuit tied to a lead, regardless of fault, you could end up holding the bag.

    The fix: get your contracts reviewed now. Build indemnification in both directions. Ask about insurance. And make sure your agreements reflect how risk is actually shared.

    The AI, bots compliance risks you might be overlooking

    AI isn’t just powering your tech stack; it’s also creating new legal risks in lead gen.

    Shuster flagged a growing trend: bad actors are using bots and AI systems to fill out lead forms and simulate user activity. 

    “We're also using a lot more artificial intelligence systems for placing telephone calls [and] for engaging in text messaging,” she said. And that comes with serious compliance consequences.

    AI-driven calls are legally treated as pre-recorded messages. That means if they’re used for marketing, “you need prior express written consent to place that call,” Shuster explained. Text messaging isn’t immune either. AI monitoring or routing can raise privacy and wiretapping concerns under certain state laws.

    The takeaway? If you’re using AI to generate leads, make calls, or manage outreach, you need to treat it like a legal variable, not just a software upgrade.

    What to do now: build a lead gen machine that can take a hit

    The companies that survive legal threats don’t panic; they prepare.

    Shuster said, “We talk about having a defendable position. That's really what it all comes down to. Do we have a defendable position, so that when we get that threat call, we know exactly how we're going to respond?”

    Here’s the speakers’ best practices for reducing risk:

    • Audit everything. Your forms, your vendors, your data collection process. Can you pull proof of consent today, without scrambling?

    • Get serious about contracts. Indemnification isn’t just boilerplate. Know who’s liable for what, and make sure your vendors are insured and legit.

    • Don’t wait for a threat letter to start asking questions. Build your processes around worst-case scenarios, not best intentions.

    Shuster wrapped up the webinar with one final piece of advice: “[Stay] educated, attend these types of webinars, get on our mailing list so you get those updates and solid legal analysis from the folks that are doing this every day.”

    Get a recap of the latest contact center compliance news delivered monthly to your inbox. Subscribe here>

    DISCLAIMER: The information on this page and related links is provided for general education purposes only and is not legal advice. Convoso does not guarantee the accuracy or appropriateness of this information to your situation. You are solely responsible for using Convoso’s services in a legally compliant way and should consult your legal counsel for compliance advice. Any quotes are solely the views of the quoted person and do not necessarily reflect the views or opinions of Convoso.

    Schedule a demo

    Supercharge your sales with our AI-powered contact center platform.

    4x your contact rates today!