27 Apr 2012

What you Need to Know when Using Email for Compliant Consumer Debt Collection

Today, the collections industry, like many others, are transitioning to more use of email. The cost savings are significant. The compliance issues are important as well. During the Federal Trade Commission (FTC) workshop, “Debt Collection 2.0,” RPost provided expert testimony related to email use in the collections process.

I have prepared a memo that reviews five important topics that were discussed at the FTC workshop relating to email use in the collections process in compliance with the Fair Debt Collection Practices Act (FDCPA) relative to electronic transactions laws:

I.    Email Use and the Burden of Proof of Compliance with FDCPA
II.   Relevance of Electronic Transactions Laws to Email Use in Debt Collections
III.  Data Imported into Collections Platforms are for Internal Convenience but not for Court
IV. Special Email Services Provide Benefits over Traditional Methods of Collections Communication
V.  Minimum Requirements for Email Use in Debt Collections

This 6 page memo can serve as a comprehensive guide for companies that are interested in using the best technologies to complying, and retain records of compliance, with Fair Debt Collection Practices Act (FDCPA) requirements.


To: Ron Isaac, Attorney, Division of Financial Practices, United States Federal Trade Commission
cc: Julie Bush, Bureau of Consumer Protection, United States Federal Trade Commission.
cc: Corey Stone, Assistant Director, Credit Information & Specialty Finance Markets, Consumer Financial Protection Bureau.
cc: Frank Maguire, Vice President Business Planning & Strategy, RPost

This memo reviews five important topics that were discussed at the FTC workshop relating to email use in the collections process in compliance with the Fair Debt Collection Practices Act (FDCPA) relative to electronic transactions laws:

I.    Email Use and the Burden of Proof of Compliance with FDCPA
II.   Relevance of Electronic Transactions Laws to Email Use in Debt Collections
III.  Data Imported into Collections Platforms are for Internal Convenience but not for Court
IV. Special Email Services Provide Benefits over Traditional Methods of Collections Communication
V.  Minimum Requirements for Email Use in Debt Collections

I. Email Use and the Burden of Proof of Compliance with FDCPA

The Fair Debt Collections Practices Act requires the sending of notices and other disclosures at various points in the collections process. While email is a permitted and appropriate form of notice and transmission of disclosures, it is important to acknowledge that special email services would need to be employed to provide the sender of such notices with a means to prove sending in compliance with FDCPA should electronic debt collection activities become challenged after the fact, given that simple email falls short in this regard.

Consumer advocates on the panel made it clear they have and will continue to use the court system to challenge debt collectors on compliance issues relating to FDCPA. The burden is on the sender / debt collector to prove compliance. In a challenge on compliance with FDCPA related to electronic transmission of notices and disclosures, proving compliance is further complicated by common misconceptions related to electronic transmission and electronic transaction laws. For example, electronic text records of message data stored in a debt collectors system that are not independently verifiable may prove to be inadequate to protect the debt collector in a compliance challenge. Further, it is unlikely that imported text records that are not independently verifiable would meet the court-admissibility standards if the integrity of the record is challenged or if the record is required to be presented in court.

Upon employment of electronic delivery systems, the burden will fall upon debt collectors to collect and store such electronic transaction records in a court-admissible format.  This record would need to be independently verifiable and associated with (a) the original message content (and all attachments), (b) the uniform time of transmission (sending and/or receipt) of the message, and (c) the underlying transmission metadata that for court purposes serves as the recorded digital snapshot of both servers’ sender / recipient / collection transaction data that under electronic law proves legal delivery.

The court admissibility standards are discussed in detail in the Locke Lord Bissell & Liddell LLP legal analysis entitled, “Legal Review of RPost Registered E-mail® service in context of Electronic Law relative to Authentication / Admissibility Requirements” provided to workshop attendees.

Should the consumer claim non-receipt or untimely receipt of a required notice or disclosure, and therefore non-compliance with FDCPA, the burden will fall upon the collector / sender to prove he or she complied with the relevant legal requirements and such proof should be held at least to the standards of ‘sending’ as defined by the Uniform Electronic Transaction Act (UETA) — and preferably to the level of legal delivery as further defined by UETA. The proof should be verifiable in terms of integrity and court admissibility as defined in the landmark case law on point — the decision found in Lorraine v. Markel American Insurance Company, 2007 WL 1300739 (DMd May 4, 2007) by United States Magistrate Judge Paul W. Grimm is an excellent guide for the careful steps that must be taken when parties choose to offer electronic information in evidence.  A legal brief discussing this Lorraine v. Markel court opinion prepared by Locke Lord Bissell & Liddell LLP serves as an “electronic primer” on the issues of electronic records and signatures, legal delivery, record authentication, etc.

Should the debt collector choose to employ simple plain vanilla email to transmit relevant collection notices, etc., with or without an encrypted attachment, consumers and litigators will quickly learn that they can easily delay collection activities by challenging such unprotected and inadequate electronic correspondence and underlying records, as simple email transactions cannot withstand successfully a court’s legal scrutiny. The use of simple email in the debt collection practice is likely to open a whole new field of technical violations / challenges and consequently, regulators and industry alike must acknowledge the need to employ only special email services that provide efficiency and protection both for collector and consumer.  In short, a best practices directive would be an invaluable tool in this regard as expressed by some attendees at the workshop.

[Note: The defensive points the consumer might raise are detailed in the paper that RPost provided attendees entitled, “Converting Legal Notices from Paper to Electronic,” prepared by Stan Gibson of Jeffer Mangels Butler Mitchell LLP and available for download, with particular interest directed to the page 7 section entitled, “Common Misconceptions and Challenges with Standard Use of Electronic Technologies.”]

II. Relevance of Electronic Transactions Laws to Email Use in Debt Collections

Electronic laws were enacted to promote commerce through the use of electronic signatures and records and basically the law(s) afford properly recorded / executed email transmissions the same force of law as wet signatures / hard copy with expressed exceptions clearly delineated. Therefore, despite the antiquated FDCPA provisions, the FTC has opined that electronic law does indeed allow for the use of email in the collections process, and consequently with electronic statutes in hand references to ‘mail’ may be interpreted to mean ‘email’.  As a practical matter, if there is no pre-existing business relationship, the collections agent may first want to obtain and retain a recorded consent document (hard copy, recorded phone, website menu choice, or electronic format by Register Reply email, etc.) for continuing the electronic collections activity per provisions of the Electronic Signatures in Global and National Commerce Act (ESIGN) in order to proceed with collections resolution to conclusion.  Properly executed and recorded email employed in the collection process would in effect involve the consumer acknowledging his or her debt and a willingness to repay, terms, conditions, payment schedules, etc.   In this regard, collectors must employ “special feature” email services that protect both sender and recipient alike and create a “legal record of proof” that can be verified by either party to the transaction, or third party adjudicator – attributes not imbedded within plain vanilla email.

Panel(s) discussion on the use of email in the debt collection process underscored the need for the debt collector to be able to prove to any challenging party that the debt collector’s email procedures were on a par with the proof of compliance afforded the sending of a notice by hard copy mail.

The Uniform Electronic Transactions Act (UETA) applies to these transactions. UETA Section 15(a) defines an email as deemed “sent” as follows:

Unless otherwise agreed between the sender and the recipient, an electronic record is sent when it:

(1) is addressed properly or otherwise directed properly to an information processing system that the  recipient has designated or uses for the purpose of receiving electronic records or information of the type sent and from which the recipient is able to retrieve the electronic record;

(2) is in a form capable of being processed by that system; and

(3) enters an information processing system outside the control of the sender or of a person that sent the electronic record on behalf of the sender or enters a region of the information processing system designated or used by the recipient which is under the control of the recipient.

In short, this means that an electronic record found either in the sender’s archive, sent folder, printed sent item, or record of processing by a third party electronic mailing operation IS NOT a legal record (under terms of UETA) of having sent the challenged message by email.  Demonstrating non-receipt of an email “bounce” notice when sending email does not mean successful delivery and is not a record of sending.

Further, one must be able to prove the content of that particular message to show that what was said in the notice / transmission is what was required under FDCPA to have been sent to the recipient. Special email services, for example, that use cryptographic techniques to logically associate the message content to the transmission metadata / audit trail and the legal time of sending and/or receipt would provide an adequate, court admissible record of compliance with FDCPA.

Also discussed on one of the panels was a method whereby the sender posts information to a website and requests the recipient take appropriate steps to retrieve it.  However, this scheme does not satisfy the test of generating a legal record of sending as the information has not entered “an information processing system outside the control of the sender or of a person that sent the electronic record on behalf of the sender” and cannot therefore be considered a record of sending, delivery, or mailing (under terms of UETA).  One must be able to demonstrate irrefutably that the message has entered the recipient’s information processing system or server of record.

This is discussed in detail in the previously cited Locke Lord Bissell & Liddell LLP legal analysis entitled, “Legal Review of RPost Registered E-mail® service in context of Electronic Law relative to Authentication / Admissibility Requirements” provided to FTC workshop attendees, with particular attention directed to Section III(A) entitled, “Registered E-mail Receipt is a Statement of Fact of the E-mail Transaction.”

III. Data Imported into Collections Platforms are for Internal Convenience but not for Court

Also discussed at the workshop by consumer protection advocates was the need for the maintenance of debt collectors’ records in a form that would not only mitigate disputes but again, stand up to challenges of court admissibility.  If simple email is employed in the collection transaction and data provided by the email sending parties is imported into collections platforms in a manner that cannot be verified, cannot be irrefutably associated with the message content, and official times of sending/receiving cannot be proven to be authentic, this data may become useless when challenged and can be easily manipulated or claimed to have been easily manipulated.  With that point made, the FTC workshop discussion went into more detail with respect to the need for an underlying record that would be a court admissible record capable of third-party verification of delivery / receipt times, content, and transmission meta-data, with each capable of independent verification.

IV. Special Email Services Provide Benefits over Traditional Methods of Collections Communication

The FTC workshop discussion highlighted three benefits of email use in debt collection correspondence as compared to traditional mail and telephone use; assuming “special” email services are employed.

  1. Consumers can more easily respond to correspondence in a timely manner by email, at little or no cost.
  2. Some special email services can send email in a manner that ensures the message may only be viewed by the intended consumer recipient.
  3. Some special email services can record back-and-forth correspondence between collector and consumer such that it leaves a written record of correspondence that can be verified in terms of message content, time, and transmission should there be a later dispute around who said what when.

V. Minimum Requirements for Email Use in Debt Collections

At a minimum if debt collectors choose to employ email in the debt collection process subject to the provisions of FDCPA, the following provisions should be considered when compiling a best practice directive: 

  1. A method for the sender of email to record the reply emails from the consumer, with those reply emails maintained in a form that may serve as proof.  If there is no pre-existing business relationship, one could record a reply email with the consumer’s consent to correspond at a specific email address and for the purposes of the collections process to later serve as proof of the consumer’s consent.
  2. A method for the sender to prove compliance with notice and disclosure requirements / timeframes when such notices and disclosures are sent by email.
  3. Such proof being packaged in a court-admissible and verifiable form with the capability of authenticating and cryptographically / mathematically associating together the (a) message content, (b) uniform time the message at least enters an information processing system outside the control of the sender or sender’s sending agent for records of sending, (or in the case of recording the reply email, that the reply email originated from a processing system outside of the control of the sender and time of receipt of the reply by sender), and (c) underlying internet transmission metadata to validate the information and transmission details.
  4. If privacy is required due to the nature of the information, the message content should be transmitted in a manner that cannot be read by others in the normal course of operating the recipient’s email system, and importantly,
  5. If privacy is required, the sender should retain auditable proof of compliance with the privacy requirement to protect – proof of encrypted delivery end-to-end.

RPost services provide an automatically returned Registered Receipt email record for each Registered Email message sent, that provides the sender with verifiable legal and court-admissible records that serve as proof of delivery, content and official time stamp with options that allows for the consumer recipient to be protected as a “good will” gesture on the part of the sender.  Additional options provide for the recording of receivers’ reply emails, encrypting for message content privacy, and limiting the viewing of message content to designated recipients.

Consumer protection advocates who spoke on various FTC panels during the day predicted that going forward, enhanced employment of email in the debt collections process will likely be met by stepped-up legal challenges.  With that as a back-drop it is critical that efficiency and cost savings for both debt collector and consumer not be allowed to suffer the consequences that can be averted easily by debt collectors using only those email services that provide legally valid records to serve as proof that can withstand these anticipated attacks.  Familiarity with the electronic statutes on the part of the collectors would be helpful but at a minimum they need to appreciate the shortfalls of plain vanilla email and standard email encryption services in order to remain compliant with FDCPA, and going forward the collections industry must focus on the fact that protections and efficiencies afforded by FDCPA compliant “special” email services are a benefit to collector and consumer alike.