Scrub Phone Lists with RND Every 31 Days to Avoid TCPA Risk

Phone numbers are a lot like apartments: people move out, someone new moves in, and if you keep showing up with the old tenant’s mail,
eventually the new resident is going to get annoyed. Under the Telephone Consumer Protection Act (TCPA), “annoyed” can quickly turn into
“lawsuit,” especially when calls or texts are automated.

That’s why list hygiene is not just a data-quality hobbyit’s a risk-control system. And one of the most practical habits you can build is
simple: scrub your calling/texting lists against the FCC’s Reassigned Numbers Database (RND) on a 31-day cadence, then document it like you
mean it.

TCPA Risk Is About One Bad NumberRepeated at Scale

TCPA exposure often comes from a frustratingly ordinary moment: you call or text a number you believe belongs to someone who gave you consent,
but the number has been reassigned to a different person. That new subscriber did not consent to your outreachand if your system is sending
repeated attempts (or blasting a campaign), the “one wrong number” problem becomes a repeatable, expensive pattern.

TCPA damages can be assessed per call or text, and claims are frequently brought as class actions. Translation: the math gets loud fast. The goal
isn’t to panicit’s to build a defensible process that prevents “wrong-party contacts” and shows reasonable compliance if something slips through.

What the RND Actually Does (In Human Words)

The FCC’s Reassigned Numbers Database is designed to help callers determine whether a phone number has been permanently disconnected
since a date the caller provides (usually the date consent was obtained or the last reliable contact date).

When you query the RND, you submit:

• The telephone number you intend to call or text
• A “date of consent” (or a date you reasonably believe the consumer could still be reached at that number)

The database returns one of three responses:

• Yes: the number was permanently disconnected on or after your date (meaning it may have been reassigned)
• No: the database indicates it was not permanently disconnected since your date
• No Data: the database can’t determine the answer for that query

Key idea: RND is not a “who owns this number” lookup. It’s a “has this number been permanently disconnected since this date” check.
That’s exactly what makes it useful for reassignment risk.

The RND Safe Harbor: Helpful, But Not a Force Field

The FCC created a limited safe harbor tied to the RND. In plain terms, it’s meant to protect callers who:
(1) had prior express consent, (2) queried the database using the most recent data and got a “No,” and (3) still reached a reassigned number
only because the database response was wrong.

That last part matters. The safe harbor is not “I checked once, so I’m immune.” It’s closer to: “I checked properly, right before outreach, and
the system I was instructed to rely on gave an erroneous green light.”

Also, safe harbor or not, you still need the rest of your TCPA house in order: consent rules, opt-outs, time-of-day restrictions, internal DNC,
and vendor oversight. RND is a reassigned-number control, not your entire compliance program.

Why Every 31 Days (Not “Whenever We Remember”)

Two separate compliance realities make “31 days” a smart operational standard:

1) The RND is updated monthlyyour process should match that rhythm

The RND relies on monthly reporting and monthly updates. If you want to be able to say you used the most recent database information, you need
a schedule that keeps your list aligned with those monthly updates.

2) Regulators already love the 31-day concept in list scrubbing

The National Do Not Call (DNC) Registry framework is famously strict about timing: telemarketers must scrub at least every 31 days. While DNC
and RND are different tools (opt-out list versus reassigned-number database), the operational lesson is identical: a 31-day cadence is frequent
enough to keep “freshness” defensible, without requiring daily chaos.

Practically, a 31-day policy keeps you from accidentally drifting past a month because “next month” turned into “next quarter.” It’s the difference
between a living compliance process and a dusty checklist.

A 31-Day RND Scrub Workflow You Can Defend

The best compliance workflows have two features: they’re consistent, and they leave footprints. Here’s a structure that works for most organizations
running outbound calling or texting at scale.

Step 1: Define which lists must be scrubbed

Start by tagging every outbound source list with a purpose and channel:

• Telemarketing vs. informational (marketing often triggers stricter consent requirements)
• Voice calls vs. texts
• Manual dialing vs. automated dialing (automation tends to increase TCPA sensitivity)
• Vendor-run campaigns (your brand can still be the one named in the complaint)

If a list could be used for automated calls/texts or high-volume outreach, treat it as “RND-required” by default.

Step 2: Build a consent record that can survive cross-examination

RND queries require a date. That means your CRM needs a real, reliable date fieldnot “sometime in 2022” energy.
Minimum recommended fields:

• Consent type (e.g., prior express consent, prior express written consent)
• Date/time consent captured
• Source (web form, inbound call, paper form, SMS keyword, etc.)
• Proof artifact reference (form ID, call recording ID, screenshot ID, etc.)
• Revocation/opt-out status and timestamp

If you can’t confidently produce a consent date, you will struggle to use RND correctlyand you’ll struggle even more if challenged.

Step 3: Query RND in a way that scales

Most teams use one of these approaches:

• Direct portal queries (fine for small batches and spot checks)
• API / system-to-system integration (best for scale, consistency, and logging)
• Caller agent or compliance platform integration (useful if you need workflow tooling and audit support)

Because RND access is subscription-based and tiered, estimate volume realistically. If your marketing team sends “just a few texts” but defines
“few” as “thirty thousand,” you’ll want to know that before the billing cycle teaches you.

Step 4: Apply suppression rules that are simple and strict

Notice what’s missing: “We’ll call anyway and see what happens.” That’s not a compliance strategy; it’s a plot twist.

Step 5: Stamp every callable record with proof

For every number you keep, record:

• RND query date/time
• Query input date (the consent/last-contact date used)
• Response (No / Yes / No Data)
• Batch ID or transaction ID (so you can reconstruct what happened)
• Expiration date (e.g., “Do not dial after 31 days without re-check”)

This is the difference between “we think we scrubbed” and “here is the audit trail.”

Step 6: Pair RND scrubbing with DNC scrubbing (same cadence, different purpose)

Think of DNC and RND as two different bouncers at the same door:

• DNC scrubbing checks whether the person has told telemarketers “don’t contact me.”
• RND scrubbing checks whether you might be contacting the wrong person because the number changed hands.

Run both on a 31-day rhythm for telemarketing lists. Then layer your internal DNC list on top in near-real-time
(because opt-outs shouldn’t wait for the next calendar event).

Specific Examples: Turning Policy Into Reality

Example 1: Home services campaigns (high volume, high risk)

A regional HVAC company runs seasonal SMS promotions: “$49 tune-up this week.” Leads come from web forms, partner referrals, and past customers.
Their most common failure is assuming the number is stable because it used to work.

A defensible workflow looks like this:

• Every lead record stores a clear consent event (date/time + source + proof reference).
• Every outbound campaign list is generated only from records with a non-expired RND “No” stamp (queried within the last 31 days).
• “No Data” numbers go into a re-consent journey (email or inbound call confirmation) instead of automated texting.
• Any STOP request updates internal DNC immediately and blocks all channels.

Example 2: Appointment reminders (still needs discipline)

A medical practice sends automated appointment reminders. Even when messages are informational, the practice still benefits from avoiding reassigned
numbers because “wrong patient” texts can create privacy headaches, angry complaints, and reputational damage.

They run a monthly “active patient” scrub:

• Patients who updated contact info within the last 30 days are queried with that update date.
• All other patients are queried using the last confirmed contact date stored in the patient record.
• Any “Yes” response pauses texts and triggers a manual confirmation step at the next inbound touchpoint.

Result: fewer wrong-party messages, fewer confused replies, and fewer staff hours spent playing “phone number detective.”

Common Mistakes That Blow Up an Otherwise Good Program

Using a fake consent date (or the same date for everyone)

If every record has the “date of consent” set to the day you imported the list, your RND results won’t mean what you think they meanand your
documentation will look sloppy.

Treating “No Data” like “No”

“No Data” is the database saying, “I can’t confirm what you’re asking.” It’s not a green light. The safest move is to route “No Data” numbers to
a lower-risk path where you can collect fresh confirmation.

Scrubbing once, then reusing the list forever

Reassignment risk is time-based. Scrubbing is not a tattoo; it’s a timestamp.

Forgetting revocation and internal DNC

RND does not override opt-outs. If someone says “stop,” your system should treat that as immediate, permanent until the person clearly opts back in.

Assuming vendors handle it (and you don’t have to check)

If a vendor is calling “on your behalf,” make RND and DNC scrubbing a contractual requirement, demand reporting, and spot-check the logs. Trust is
great; timestamps are better.

A Quick 31-Day RND Compliance Checklist

• Policy: RND scrub cadence set to every 31 days (documented and enforced).
• Data: Consent date captured and tied to proof artifacts.
• Workflow: Automated suppression rules for Yes / No / No Data.
• Logging: Query timestamps, batch IDs, and expiration dates stored per record.
• DNC: National DNC scrubbed on schedule; internal DNC applied immediately.
• Vendors: Contracts require scrubbing + audit logs; periodic compliance reviews scheduled.
• Training: Marketing and operations teams trained on what RND does (and doesn’t) mean.

Conclusion: A Small Habit That Prevents Big Problems

“Scrub every 31 days” is not an arbitrary compliance superstitionit’s a practical rhythm that matches how phone-number status changes in the real
world and how regulators think about list freshness. RND scrubbing won’t fix every TCPA issue, but it removes one of the most common and most
preventable sources of risk: calling the right number for the wrong person.

If you do it consistently, automate it, and document it, you’ll reduce reassigned-number mistakes, improve contact efficiency, and sleep better
during campaign season. And if a complaint ever lands on your desk, you’ll have something far more persuasive than “we tried our best”:
you’ll have a repeatable, timestamped process.

Important note: This article is for general informational purposes and is not legal advice. For guidance tailored to your specific calling
practices and industry, consult qualified counsel.

Field Notes: What Teams Learn After Adopting 31-Day RND Scrubbing (About )

The first month a team rolls out 31-day RND scrubbing usually feels like spring cleaningequal parts satisfying and slightly embarrassing.
Satisfying because the process immediately catches a batch of “bad” numbers that would have wasted agent time. Embarrassing because it reveals how
many records were quietly living in the database with the digital equivalent of “address unknown.”

One common surprise is that the benefits show up before anyone files a complaint. Call centers often notice improved contact metrics because fewer
calls go to confused new subscribers who hang up or mark calls as spam. Text programs see fewer “wrong person” repliesthose short, irritated
messages that never show up in dashboards as “risk,” but absolutely show up as brand damage.

Another lesson: the hardest part isn’t the queryit’s the date discipline. Teams discover quickly that “consent date” can’t be a vague
concept. It has to be a real field with real governance. Marketing wants to move fast; compliance wants to be precise. The organizations that win are
the ones that turn precision into automation. They build a rule: “No consent date, no outbound automation.” Then they give the business a clean way
to fix it: a re-consent flow, a confirmation touchpoint, or a customer-service script that updates the record during inbound calls.

Over a few cycles, teams also learn that “No Data” is not a dead endit’s a decision point. Instead of calling anyway, they create a “safer lane.”
Maybe that means shifting from automated outreach to a manual confirmation step. Maybe it means limiting outreach to customers who recently engaged
and can be verified through a fresh interaction. The key is that “No Data” becomes a managed queue, not a forgotten pile.

Vendor management often improves, too. Once you require RND logs from third parties, you learn which partners run tight processes and which ones
run on vibes. The good vendors love it because it protects everyone. The weak vendors complain that it’s “too complicated”which is useful
information, even if it’s not the kind they meant to share.

Finally, teams discover that 31 days is a sweet spot culturally. Weekly scrubs can create fatigue and shortcuts. Quarterly scrubs create amnesia.
A monthly cadence is memorable, budgetable, and easy to audit. It fits alongside other monthly governance routines: lead-source reviews, compliance
spot checks, and performance reporting. After a few months, the workflow stops feeling like a special project and starts feeling like brushing your
teeth: not glamorous, but you definitely notice if you stop.