Editor's Note: This article previously appeared on the Ontario Systems Blog and is republished here with permission.
Is communicating via email and text still a pipe dream for your collection operations? If so, you might want to settle in and keep reading. It really isn’t as scary as you might expect.
Despite the high costs and marginal returns of relying on phone calls and printed letters, many ARM agencies and healthcare providers have yet to embrace email and text. Widespread confusion and uncertainty about various state and federal requirements (including the proposed CFPB rules and E-Sign) can make digital communication an intolerable compliance risk.
I recently had the pleasure of discussing email and text compliance standards as well as their practical implications for businesses with David Kaminski, chair of the Consumer Financial Services Law Practice at Carlson & Messer LLP in Los Angeles. Although we weren’t in a position to offer legal advice, our goal was to help listeners better understand the laws governing electronic channels so they can move forward with greater confidence.
Legally Speaking, Emails are Considered Writings
Emails are writings. If sent to a consumer by a third-party debt collector, emails must comply with the Fair Debt Collection Practices Act (or FDCPA). If the email communication pertains to healthcare debt, the Health Insurance Portability and Accountability Act (HIPAA) applies.
Emails trigger compliance with the CAN-SPAM Act as well, meaning they must (among the law’s other requirements) include an opt-out or unsubscribe provision. Emails must also include any state-required disclosures and special verbiage requirements.
There is no legal requirement per se to obtain the consumer’s consent to email. This means third-party collection agencies may rely on client-provided email addresses. Just remember to include the required opt-out/unsubscribe language in the body of every consumer-facing email and, as a routine practice, ask consumers to confirm their consent for you to email the particular address.
Whether you’re sending legally required documents via email or text, you’ll need E-Sign consent (more on that below).
Legally Speaking, Text Messages are Considered Calls
Text messages are calls. As such, texts must comply with the requirements of the Telephone Consumer Protection Act (TCPA). The TCPA requires the “calling” party to obtain the express prior consent of the consumer associated with the mobile phone number.
The TCPA is not limited to debt collection calls. In fact, it applies to any person placing a call or text to a consumer using the consumer’s mobile number. As is the case with emails, text messages sent to a consumer by a third-party debt collector must comply with the FDCPA.
Text messages initiated by a third-party debt collection agency are subject to call restrictions and auto dialer rules, and frequency of delivery can run afoul of state harassment laws and FDCPA laws. If you don’t have TCPA-mandated consent, you may be subject to legal action. Even prior verbal consent is fine, as long as you record it for legal purposes.
Mobile numbers are often reassigned, so consider the source of the number you’re using and the currency of the information to gauge the risk of third-party disclosure. Certain technologies can determine whether a mobile number has been deactivated or ported and, if so, block any further text communications.
As a practical matter, both emails and text messages may contain links to secure URLs and must encrypt data at rest and in transit.
When and How Does E-Sign Apply?
Informal consent and formal consent (E-Sign) come into play at different times, depending on the nature of the communication. Informal consent relates to getting the consumer’s permission to use email or text to relay basic information—payment receipts, account balance, verifying a payment plan, etc. Formal consent, or E-Sign, is needed for all legally required notices.
For an initial communication—which you would use to introduce your organization and purpose, confirm you’re dealing with the correct person, and secure permission to use that channel—E-Sign is not needed. You’re free to send your 1692G notice in that first communication. But for validation notices and other legally required documents not included in the initial communication (a post-dated payment notice, for example), E-Sign is a must.
What Should Collectors Consider When Crafting Emails and Texts?
You’ll need to think carefully about how emails and texts are worded and what they will include. Even the most (seemingly) minor details can mean the difference between a positive, productive interaction and a costly legal challenge.
For emails, you’ll want to include your true name in the “From” field (an attorney might advise you to use a DBA), keep subject lines simple and professional (e.g., “Your [Creditor Name] Account,” “Your Payment Date”), and avoid any verbiage that might trigger a spam filter.
Text messages must include certain disclosures as required by the Cellular Telephone and Internet Association (CTIA). Short codes can be used in text messages to allow consumers self-service options such as accessing account information, making payments, and communicating with you. Avoid using words that could be confusing, misleading, or inflammatory. If you don’t have prior written consent, including any type of marketing or solicitation in a text message can land you in hot water.
Coming Up: Creating the Right Setup for Compliant Emails and Texts
In the second half of this blog series, I’ll recap the rest of my discussion with David about emails and texts—particularly when it comes to technology and what you’ll need to launch a program you can trust.