Section 1006.6 Electronic Communications
The following perspective was provided by Mike Frost of Malone Frost Martin.
The Consumer Financial Protection Bureau’s (CFPB) final debt collection rule (“Rule”) provides a safe harbor from civil liability for unintentional third-party disclosures resulting from these types of communications. The Rule defines specific requirements for electronic mail communications and text messages, separately. Sections 1006.6(d)(4)(i)-(iii) provide safe harbor procedures with respect to e-mail communications with consumers and Sections 1006.6(d)(5) provides safe harbor procedures with respect to text message communications with consumers.
Email: A debt collector may send an email to an email address if the consumer used the email address to communicate with the debt collector about the debt and the consumer has not opted out of email communications to the email address provided. A debt collector may also send an email communication to an email address if the debt collector received prior consent directly from the consumer to use the email address and the consumer has not since withdrawn that consent. Where the consumer provides his or her email address through an online web portal or other electronic method, the debt collector may treat such action as consent to use the email address for communications. However, the debt collector is required to disclose clearly and conspicuously that the debt collector may use the email address to communicate with the consumer about the debt. Debt collectors may also receive the safe harbor for unintended third-party disclosures where the consumer consent is provided to the underlying creditor. In this instance, the Rule requires the creditor to send an opt-out notice that informs the consumer that the debt has been or will be transferred to the debt collector and that if others have access to the email address, such communication could be seen by those individuals. The creditor must provide a reasonable method of opt-out and provide a deadline to the consumer to opt-out that is no sooner than thirty-five (35) days after the notice is sent to the consumer. Said notice may be sent to the consumer at the e-mail address for which transfer of consent is sought. The final option for obtaining the safe harbor for unintended third-party disclosures through this Rule is related to e-mail communications where consent was obtained through one of the prior two options by the immediately prior debt collector and the immediately prior debt collector used the email address to communicate with the consumer about the debt, and the consumer did not opt-out of such communications. The Rule also suggests that consent can be transferred only for addresses that are on domains that are available for use by the general public, unless the debt collector is informed by any person that the address is provided by the consumer’s employer.
Text: A debt collector may qualify for one of two available safe harbors for unintended third-party disclosures. The Rule does not address consent for text messages from a creditor or immediately prior debt collectors as provided in the email option. The first option provides that a debt collector may send a text message to a number the consumer used to communicate with the debt collector about the debt by text message and the consumer has not since opted-out from receiving text message communications to the telephone number. In addition, the debt collector must show that within the past sixty (60) days, either the consumer sent a text message to the debt collector or the debt collector confirmed, using a complete and accurate database, that the telephone number has not been reassigned since the date of the consumer’s most recent text message. The “complete and accurate database” is identified in the official commentary is FCC’s reassigned number database or any commercially available database that is substantially similar in terms of completeness and accuracy to the FCC’s database. As an aside, the FCC’s reassigned number database was not fully developed, nor released at the time the final rule was issued in the Federal Registry. The second option provided in the Rule allows a debt collector to send a text to a telephone number if the debt collector receives prior consent to use the telephone number direct from the consumer to communicate via text message and the consumer has not withdrawn said consent. In addition, the debt collector must show that within the past sixty (60) days either the consumer has set a text message to the debt collector renewing consent or the debt collector, using a complete and accurate database, confirmed the telephone number provided by the consumer had not been reassigned since the date of the consumer’s most recent text message.
With respect to both email and text message communications, the Rule requires that opt-out methods must be reasonable and simple. Reasonable and simple are not defined in the Rule and the CFPB declined to specify, exactly what reasonable and simple means. There are examples in the Official Commentary of the Rule that provide guidance on what constitutes reasonable and simple methods. One example provided that if notice is sent in writing, providing the consumer with an opt-out form and pre-addressed envelope would be reasonable and simple, whereas requiring the consumer to call or write to request an opt-out form would not be. Most companies that provide email or text messaging services call provide opt-outs through simple and manageable links or responses like “STOP” as a response through the text platform.
The CFPB provided these safe harbor options for unintended third-party disclosures for both text message and email. The final rule was more narrowly tailored in scope than what was provided in the proposed rules. This is good for debt collectors since many of them have already developed other third-party disclosures processes that provide protection under the FDCPA in situations where information is or may not be accurate. This Rule does not prevent debt collectors from utilizing other forms of safeguards to protect against unintended third-party disclosures, instead the Rule provides very, narrowly tailored options for these limited safe harbors. Furthermore, the CFPB declined to clarify how the final rule interacts with the Telephone Consumer Protection Act (TCPA), both in terms of text messages to cellular telephone numbers or transfer of consent protocols.