A recent decision in the 3rd Circuit should prompt debt collectors to review their inclusion of viewable bar codes, QR codes or other technologies when sending debt collection letters.
In the wake of Hunstein v. Preferred Collections and Management Services, Inc., in which the 11th Circuit determined that a debt collection company violated the Fair Debt Collection Practices Act (FDCPA) by disclosing a consumer’s debt-related information to a mailing vendor, the 3rd Circuit recently ruled that the presence of a bar code on the envelope sent to the debtor, which when scanned revealed certain protected debtor-related information, was a violation of the FDCPA and constituted a concrete harm sufficient for Article III standing.
In Morales v. Healthcare Revenue Recovery Group, LLC, the plaintiff received a debt collection letter from Healthcare Revenue Recovery Group displaying a bar code on the envelope. Morales filed a class action lawsuit, claiming the envelope violated the FDCPA because a smartphone could scan the envelope’s bar code to reveal the debt collector’s internal reference number and the first ten characters of Morales’ street address. The District Court dismissed Morales’ complaint for lack of standing, finding that he suffered no harm. Morales appealed after the 3rd Circuit decided another case, DiNaples v. MRS BPO, LLC, ruling that a quick reference (QR) code disclosing an account number was sufficient harm for Article III standing. The District Court reasoned that the disclosure of an account number (like in DiNaples) was different and more serious than disclosure of an internal reference number.
The question for the 3rd Circuit in Morales was whether the Healthcare Revenue Recovery Group’s internal reference number was protected like the account number in DiNaples. The 3rd Circuit said yes. The court first pointed to the seminal case of Spokeo, Inc. v. Robins which held that intangible harms, such as privacy harms, can be concrete. The court referenced its reasoning in DiNaples that “[t]he injury was concrete – and ‘closely related to’ common law privacy torts – because the QR code made protected information accessible to the public.” The court concluded that because an internal reference number embedded in a bar code is “a piece of information capable of identifying [Morales] as a debtor,” its disclosure was a concrete harm. The case now heads back to the District Court to continue the litigation.
Morales is the latest significant addition to a body of case law addressing debt collection-related information that is protected by the FDCPA. While the facts of individual cases may affect their ultimate outcome, disclosing such information on an envelope transmitting a debt collection letter may well violate the FDCPA and suffice for Article III standing.