Editor’s Note: This article was previously published on the Ontario Systems Blog and is republished here with permission.
Is communication by e-mail and SMS still a pipe dream for your collection operations? If so, you might want to sit back and read on. It’s really not as scary as you might expect.
Despite the high costs and marginal returns associated with phone calls and printed letters, many ARM agencies and healthcare providers have yet to adopt e-mail and SMS. Widespread confusion and uncertainty about various state and federal requirements (including the the proposed CFPB rules and E-Sign) can make digital communication an intolerable compliance risk.
I recently had the pleasure of discussing email and SMS compliance standards and their practical implications for businesses with David Kaminski, President of the Consumer Financial Services Law Practice at Carlson & Messer LLP in Los Angeles. While we were unable to offer legal advice, our goal was to help auditors better understand the laws governing electronic channels so they can move forward with more confidence.
Legally speaking, emails are considered writing
Emails are written word. If sent to a consumer by a third-party debt collector, emails must comply with the Fair Debt Collection Practices Act (or FDCPA). If the email communication relates to health care debt, the Health Insurance Portability and Accountability Act (HIPAA) applies.
Emails also trigger CAN-SPAM compliance, which means they must (among other legal requirements) include an opt-out or unsubscribe provision. Emails should also include all state-required disclosures and special verbiage requirements.
There is no legal obligation per se to obtain the consumer’s consent to send e-mails. This means that third-party collection agencies can trust the email addresses provided by customers. Remember to include the required unsubscribe / unsubscribe language in the body of every consumer email, and as standard practice, ask consumers to confirm their consent for you to send an email to the address. in question.
Whether you are sending legally required documents via email or SMS, you will need E-Sign consent (more details below).
Legally speaking, SMS are considered calls
SMS are calls. As such, the texts must comply with the requirements of the Consumer Protection Act by Telephone (TCPA). The TCPA requires the “calling” party to obtain the express prior consent of the consumer associated with the mobile phone number.
The TCPA is not limited to collection calls. Indeed, it applies to any person making a call or an SMS to a consumer using the consumer’s mobile number. As with emails, SMS sent to a consumer by a third-party debt collector must be FDCPA compliant.
Text messages initiated by a third-party debt collection agency are subject to calling restrictions and automatic numbering rules, and the frequency of delivery may violate state and law harassment laws. FDCPA laws. If you do not have the consent mandated by TCPA, you may be subject to legal action. Even prior verbal consent is acceptable, as long as you register it for legal purposes.
Mobile numbers are often reassigned, so consider the source of the number you are using and the timeliness of the information to assess the risk of third party disclosure. Certain technologies can determine whether a mobile number has been deactivated or ported and, if so, block further text communication.
In practice, emails and text messages can contain links to secure URLs and must encrypt data at rest and in transit.
When and how is E-Sign applied?
Informal consent and formal consent (E-Sign) come into play at different times, depending on the nature of the communication. Informal consent is obtaining the consumer’s permission to use email or text to convey basic information: payment receipts, account balance, verification of a payment plan, etc. Formal consent, or E-Sign, is required for all legally required notices.
For an initial communication, which you would use to introduce your organization and purpose, confirm that you are dealing with the right person, and obtain permission to use this channel, E-Sign is not necessary. You are free to send your 1692G notice in this first communication. But for validation notices and other legally required documents not included in the initial communication (a post-dated payment notice, for example), E-Sign is a must.
What should collectors consider when creating emails and texts?
You will need to think carefully about how emails and texts are written and what they will include. Even the most (seemingly) minor details can make the difference between a positive, productive interaction and a costly legal challenge.
For emails, you’ll want to include your real name in the “From” field (a lawyer might advise you to use a DBA), keep the subject lines simple and professional (for example, “Your [Creditor Name] Account ”,“ Your payment date ”), and avoid any verbiage that could trigger a spam filter.
Text messages must include certain information required by the Cellular Telephone and Internet Association (CTIA). Short codes can be used in text messages to provide consumers with self-service options such as accessing account information, making payments, and communicating with you. Avoid using words that could be confusing, misleading, or inflammatory. If you don’t have prior written consent, including any type of marketing or solicitation in a text message can put you in the hot seat.
Coming soon: create the right configuration for compliant emails and texts
In the second half of this blogging series, I’ll recap the rest of my discussion with David about email and texting, especially as it relates to the technology and what you’ll need to start a program you can do. confidence.