Last month, the entire ARM industry was caught by surprise when the Eleventh Circuit held that a debt collector’s transmittal of information to a third-party letter vendor violated Section 1692c(b) of the FDCPA. Hunstein v. Preferred Collection and Management Services, Inc., 2021 U.S. App. LEXIS 11648, 994 F.3d 1341 (11th Cir. 2021). While the case will continue to be contested in the Eleventh Circuit, collection agencies and others who rely upon third party vendors have been left to contemplate what comes next. This article will examine the decision, its immediate impacts, and considerations for the industry as it moves toward implementation of the debt collection rule.
A Quick Summary
In Hunstein, the debt collector engaged a third-party vendor to prepare and send its demand letter. In doing so, the debt collector electronically transmitted certain information to its letter vendor, including: (1) the consumer’s name and address; (2) the balance owed; (3) the name of the creditor; “(4) that the debt concerned his son’s medical treatment;” and (5) his son’s name. Id., 2021 U.S. App. LEXIS 11648 at *4. The consumer sued the debt collector, alleging that the transmittal of that information was a communication in connection with the collection of a debt and violated 15 U.S.C. §1692c(b). The District Court dismissed the complaint concluding that the transmittal of information did not qualify as a communication ‘in connection with the collection of a[ny] debt.” Id., at *3-4. On appeal, the Eleventh Circuit reversed and held: (a) that that the plaintiff had standing to sue because the transmittal of the information was an invasion of privacy; and (b) that the transmittal of such information to a letter vendor stated a claim for a violation of Section 1692c(b). In doing so, the Court recognized the impact of its decision, stating
It's not lost on us that our interpretation of § 1692c(b) runs the risk of upsetting the status quo in the debt-collection industry. We presume that, in the ordinary course of business, debt collectors share information about consumers not only with dunning vendors like Compumail, but also with other third-party entities. Our reading of § 1692c(b) may well require debt collectors (at least in the short term) to in-source many of the services that they had previously outsourced, potentially at great cost. We recognize, as well, that those costs may not purchase much in the way of "real" consumer privacy, as we doubt that the Compumails of the world routinely read, care about, or abuse the information that debt collectors transmit to them.
What are the Immediate Impacts of the Decision?
It’s important to note a couple of things regarding Hunstein and its immediate impact. First and foremost, it’s not over. While the decision has precedential value in the Eleventh Circuit, the battle rages on. The debt collector is petitioning for an en banc review which, if granted, will give the industry an opportunity to change the Court’s mind. Moreover, the collection agency has the support of the industry and several trade associations and other interested parties intend to file amicus briefs in support of the collection agency’s position. While that petition is pending (it’s due to be filed in late May), lower courts in the Eleventh Circuit will likely encounter copycat suits and will have the choice to follow Hunstein or to stay the case pending the outcome of Hunstein.
Secondly, while the opinion may be binding in the Eleventh Circuit, that’s not the case in other circuits. In other jurisdictions, the case would only constitute “persuasive” authority, meaning courts may consider it but are not bound by it. Debt collectors need to expect copycat cases to continue popping up in other jurisdictions as the consumer bar tries to leverage this legal theory and the ARM industry pushes back seeking a different result in other jurisdictions.
Finally, it’s important to keep in mind that the Court’s ruling simply means that the complaint’s allegations were enough to state a claim. It does not mean that the consumer is entitled to a judgment for damages or will ultimately prevail.
What Does this Mean Regarding Collection Agencies’ Current Use of Third Party Vendors?
For now, Hunstein calls into question the sharing of certain consumer specific communications with third-party vendors. But are all third-party vendors created equal for purposes of Hunstein? The answer is likely no. Compliance teams therefore will need to assess their third-party vendor relationships and assess each one under the microscope of Hunstein. In doing so, it’s important to remember that the Court in Hunstein was concerned that the information transmitted to the letter vendor rose to the level of being a communication “in connection with the collection of a debt.” That information included not only the consumer’s name and address but also the amount of the debt, the name of the creditor and the nature of the debt.
Moving forward, compliance teams will need to review and assess the specific information shared with each of their third party vendors and ascertain whether it rises to the same level as Hunstein such that it would be considered a communication in connection with the collection of a debt. Communications with, for instance, a third-party company scrubbing for location information may not require the sharing of the same level of information as that provided to a letter vendor and therefore may carry a lesser risk. Similarly, working with a letter vendor to set up a form letter does not require the conveyance of any information specific to a consumer and likely would not meet the same scrutiny. For now, compliance departments will have to assess the risk associated with each of its third-party vendors by reviewing the information shared with each and ascertain whether it rises to the level of a communication. Depending upon their level of risk tolerance and the amount of information conveyed, debt collectors may consider bringing some backroom services back inhouse for the time being.
How Does Hunstein Align With or Impact the Debt Collection Rule?
Interestingly, the CFPB’s views do not appear to align with those of the Eleventh Circuit. The CFPB has always understood and contemplated the use of third-party vendors. As early as 2012, the CFPB recognized that the use of service providers “is often an appropriate business decision.” CFPB Bulletin 2012-03; see also CFPB Bulletin 2016-02. The CFPB went as far as to say that “[s]upervised…nonbanks may outsource certain functions to service providers due to resource constraints… or relay on expertise from service providers that would not otherwise be available without significant investment.” Id. Consistent with this, the CFPB set forth guidelines for vendor risk management to protect consumers from harm and ensure vendors are complying with federal consumer financial law. In setting out these guidelines, the CFPB, however, was quick to point out that “the mere fact that a supervised… [entity] enters into a business relationship with a service provider does not absolve the supervised…[entity] of responsibility for complying with Federal consumer financial law to avoid consumer harm.” Id. at p. 3.
All of this aligns with the CFPB’s views of third-party vendors in the context of the Debt Collection Rule (the “Rule”). The CFPB expressly contemplated and seemingly endorsed the use of third-party vendors in the final version of the Rule.
The Rule in fact discusses and contemplates the use of data vendors for skip tracing, as well as for letters. With respect to letter vendors, the CFPB is aware of the prevalence of the practice. Its Operations Study undertaken during the formulation of the Rule noted that 85% of debt collectors surveyed used letter vendors. In its in its Section by Section Analysis of the debt validation provisions, the CFPB contemplated this practice continuing when it stated that the costs associated with reformatting validation notices and understanding the requirements could reasonably be borne by debt collectors and their vendors. Carrying this further, the Rule expressly allows debt collectors to include a vendor’s mailing address if that is an address at which the debt collector accepts disputed and requests for original-creditor information. See Section 1006.34(c)(2)(i) and Comment 34(c)(2)(i)-2.
How Hunstein will impact the Debt Collection Rule remains to be seen. When it published the Rule, the CFPB clearly did not see the use of letter vendors as violating Section 1692c and it will be interesting to see (although unlikely) if they submit an amicus brief taking a position either way. While the CFPB has already proposed pushing back the Rule’s effective date until January 2022, there is nothing thus far that would indicate they will push it back further.
Hunstein has opened Pandora’s box and the industry’s use of third-party vendors will now have be defended through the courts. In the interim, compliance departments should be discussing their tolerance for risk and reviewing their use of other third- party vendors and the amount of information shared to ascertain whether they run similar risks.