TCPA compliance for MVA lead buyers
The consent rules that govern calling accident victims, what documentation every lead must carry, and the questions to put to any vendor before you buy — written for the law firm doing the buying.
By Tarun Kapoor, Founder · Published 2026-07-13 · Not legal advice — consult your own counsel on compliance questions.
What the TCPA requires
The Telephone Consumer Protection Act (47 U.S.C. § 227) restricts calls and texts made with automated dialing systems or prerecorded voices. For marketing contact — which is what an MVA lead follow-up call is — the operative standard is prior express written consent: the consumer must have agreed, in a signed writing (an online form qualifies), to receive calls or texts, after a clear and conspicuous disclosure. The statute carries a private right of action with $500 per violation, trebled to $1,500 for knowing or willful violations — per call or text, which is why TCPA class actions settle in the millions (FCC: telemarketing and robocalls).
The five artifacts every lead must carry
- The consent language itself — the exact disclosure the consumer saw.
- Timestamp of the consent event.
- IP address of the consumer at capture.
- Source URL — the page where the form was submitted.
- A replayable certificate where possible (TrustedForm, Jornaya LeadiD) preserving the form session.
Every lead we deliver includes consent capture with timestamp and IP as standard — it is a line item in the lead record, not an attestation in a contract.
Why the buying firm carries risk too
TCPA liability can attach to the party on whose behalf a call is made. A firm dialing purchased leads is exposed if the underlying consent is missing or defective, regardless of what the vendor promised. The practical protections are contractual (indemnification plus a per-lead documentation requirement) and operational (retain consent records, spot-audit them, and stop buying from any vendor that cannot produce them on request).
State mini-TCPAs
Federal law is the floor, not the ceiling. States including Florida (Telephone Solicitation Act), Oklahoma, and Washington enforce their own telemarketing statutes with private rights of action, separate consent standards, and calling-hour limits. If you buy leads in a state, the consent flow has to satisfy that state’s statute — this is one reason state-specific supply matters. See our Florida, Texas, and other state pages for each market’s legal context.
Seven questions to ask any MVA lead vendor
- Do you provide the consent language, timestamp, IP, and source URL on every lead record?
- Do you use TrustedForm or Jornaya certificates, and do we get the certificate URL?
- Does the consent name the firm (or category of firms) that will call?
- How do you handle reassigned numbers and Do-Not-Call scrubbing?
- Will you indemnify the firm for consent defects on delivered leads?
- How long do you retain consent records, and can we export them?
- Which state mini-TCPA flows do you maintain for the states we buy?
A vendor that answers all seven in writing is safe to trial. A vendor that answers with “we’re fully TCPA compliant” and nothing else is asking you to carry their risk.