This article first appeared on the Ontario Systems Blog and is republished here with permission.
Your collector is on the phone with a consumer. The conversation is going well. And then the consumer asks if your collector could shoot him an email explaining the payment plan.
Most agencies are ill-equipped to properly handle these kinds of email communications. But it really should come as no surprise that consumers are asking to communicate with debt collectors that way. To add, most ARM executives dream about reducing postage expenses. And fortunately, there is no legal reason why consumers and debt collectors cannot communicate by way of email if the proper steps are taken to protect the consumer’s privacy, prevent unauthorized third-party disclosure of the debt, and obtain the consumer’s express consent.
The average agency must simply consider four strategic factors before executing email communications:
Risk vs. Reward
As you consider whether to adopt an email communication policy, you must consider a number of risks. The most obvious risk presented by any email communication with a consumer is the risk of violating the Fair Debt Collection Practice Act’s (FDCPA) prohibition against the unauthorized disclosure of the debt to a third party. Many consumers share their email address with family members, roommates, friends and others who fall outside the definition of consumer under Section 805 of the FDCPA or state law. So great care must be taken to obtain the consumer’s consent for you to send an email to a particular address in light of this risk. And under no circumstances should you knowingly accept a consumer’s consent to communicate with them using an email address associated with their place of employment or work.
Managing Express Consent
Even after obtaining consent from the consumer to communicate with him or her by email and the consent is entered into the collection agency’s system, it is prudent for the collection agency to conduct an email scrub before sending any email communications to the consumer. The scrub will determine whether the agency does indeed have the express consent of the consumer on file, and remove those consumers from the campaign who have not provided email consent.
These steps are critical to prevent the release of e-communications to consumers for whom the agency does not have consent to communicate with via email. And unfortunately, the risk of a home-grown solution may exceed the perceived reward. So consider using third-party software as a form of insurance, as most provide 24/7 monitoring, well-maintained systems, immediate corrective action, and have experience in litigation. Using these services also bolsters your bona fide error defense, and provides proof the agency’s alleged violation was not willful or intentional. Together, these not only prevent single violations of the law from occurring, but class actions.
Email communications are writings and like all other written communications with consumers, must comply with state and federal law including the FDCPA, Fair Credit Reporting Act, the Gramm Leach Bliley Act, the Health Insurance Portability and Accountability Act and the Electronic Signatures Act, to name a few. Keep in mind, state licensing and state collection notice text requirements present an inherent risk for the debt collector. In those states that require licensure as a condition of collecting consumer debt or require specific language on debt collection notices, debt collectors may fall victim to the highly mobile consumer who moves, vacations, works or visits a state where your agency is not licensed. Agencies that are not licensed nationally should take great care to include a provision in their email consent form that addresses both the issue of licensure and state text requirements. Also, be aware some services can push an email as a text message to a consumer’s phone. Absent clarification from the Federal Communications Commission, the Consumer Financial Protection Bureau or the Federal Trade Commission, we can only assume the resulting text message has become a “call” under the Telephone Consumer Protection Act (TCPA). If you have a reasonable basis to believe you have obtained proper consent to contact a consumer pursuant to the TCPA; you should be fine. As always, consult with your legal counsel for specific advice about this scenario.
Unlike paper letters, the content of an email can be modified by others and altered such that the email no longer complies with the law. Before embarking on any plan to communicate with consumers by way of email, agencies should work closely with their IT department to ensure copies of all email communications are secure, impenetrable, and retained and retrievable for a minimum of at least one year plus one month from the date the email is sent to the consumer. This step is important in case the agency finds it necessary to provide evidence of compliance with applicable law at the time the email was sent to the consumer. Your legal counsel may want you to retain the copies of the email communications for a much longer period of time.
So how do you go about putting these considerations into practice? Take the following steps to get started on the right path:
The 13-Step Email Communications Plan
- Review e-signature requirements largely driven by changes to the New York State Collection law requirements.
- Adopt an email communication policy approved by legal counsel which includes a data security and document retention plan for all email communications.
- Prepare an email consent form you may mail to the consumer and/or prepare a web-based consent form the consumer must click and agree to before he or she can proceed to authorize you to communicate by way of email. If you opt to obtain consent to email over the phone, make sure you record the conversation, mark the account with the consent and retain the wave file and the screen notes indicating the address, date and time of consent in accordance with your document retention policy.
- Add a field to your collection screen that will allow you to record your receipt of consent to email the consumer or design a program that will update the collection screen when the consumer consents to email communications via your website.
- Inform the consumer under no circumstances may the consumer use an email address provided to them by their employer or related in any manner to their workplace or place of employment. There can be no expectation of privacy with respect to an email associated in any way with one’s place of employment. Alternatively, you may want to proactively warn consumers of the risks associated with providing you with consent to email them using a work email address.
- Establish a standardized protocol for completing the From, To and Subject line of any email to a consumer.
- Never include any language in an email you would not include in a paper letter.
- Identify and train the employees who will have the authority to communicate with consumers by way of email about the timing, format and the content of email communications with consumers. Consider using preformatted templates.
- Conduct a thorough scrub of all email communications before they are sent to consumers.
- Reach out to the vendor community for assistance.
- Use the E-Sign Act as a tool. It is a tool you may use to obtain consumer consent via electronic means. In short, this federal law ensures the execution of electronic documents and signatures have the same binding effect as their hard copy and handwritten counterparts if certain requirements are met.
- Embrace the use of secure email platforms that are password protected.
- Standardize your email communications as you standardize your letters and have them reviewed by your compliance counsel or a collection notice review attorney.
Each of these steps is critical to the email workflow process. Omitting or overlooking any one could potentially lead to an alleged violation of the law, particularly a violation of the FDCPA. So make sure you consult with legal counsel, and tread lightly as you wade into a new form of mass communication.