April 27, 2021

Financial Services Industry Braces for Impact of Eleventh Circuit's Hunstein Decision

Relying on the Plain Language of the Fair Debt Collection Practices Act and Privacy Principles, Court Holds That Sharing Consumer Data with Third-Party Vendors Without Consumer Consent Violates FDCPA
Holland & Knight Alert
Joshua C. Prever | Eugene Chikowski | Courtney Oakes

Highlights

  • The U.S. Court of Appeals for the Eleventh Circuit's recent ruling in Hunstein v. Preferred Collection and Management Services, Inc. may upend the long-standing and rather routine business practice of financial services companies using third-party vendors to manage, service and collect on outstanding debt.
  • Citing ostensibly to general privacy concerns and applying a textual analysis of the Fair Debt Collection Practices Act (FDCPA), the Eleventh Circuit reversed the lower court, holding that when a debt collector provides an outside letter vendor with personal account information relating to the collection of a debt, it rises to the level of an impermissible communication with a third party to which there is no exception if there is no consumer consent.
  • Although the "offending" vendor in Hunstein is a letter vendor, the case could potentially be used by the plaintiff's bar to implicate a variety of other vendors, including target loan servicers, subservicers and others in both single action and class action litigation across a wide range of financial products, as opposed to just "pure" debt collectors.
  • If left unchecked, the opinion will significantly broaden the scope of the FDCPA. In addition, expect consumer advocates and courts to continue finding privacy rights imbedded in other consumer protection laws.

In a first-of-its-kind ruling, the U.S. Court of Appeals for the Eleventh Circuit may have upended the long-standing and rather routine business practice of financial services companies using third-party vendors to manage, service and collect on outstanding debt. If left unchecked, the opinion will significantly broaden the scope of the Fair Debt Collection Practices Act (FDCPA).

In Hunstein v. Preferred Collection and Management Services, Inc., No. 8:19-cv-00983-TPB-TGW (11th Cir. April 21, 2021), the appellate court reversed the lower court and held that when a debt collector provides an outside letter vendor with personal account information relating to the collection of a debt, it rises to the level of an impermissible communication with a third party to which there is no exception if there is no consumer consent.

This case does not expand who is a debt collector under federal law. The impact, however, is concerning for financial services companies. One example of the potential unintended consequences and expanding net of this decision is in cases where a lender uses a vendor to service mortgage loans that have gone delinquent. When that loan is transferred, the servicer becomes a debt collector. If that servicer then hires a vendor to assist with documenting loan modification agreements as consumers come off of COVID-19 forbearances, courts may now see this as a FDCPA violation.

Although the "offending" vendor in Hunstein is a letter vendor, the case can — and many expect it will — be used by the plaintiff's bar to implicate a variety of other vendors. It will likely be used to target loan servicers, subservicers and others in both single action and class action litigation across a wide range of financial products, i.e., auto loans, credit cards, mortgages, etc., as opposed to just "pure" debt collectors. The court's holding may very well be weaponized and serve as a new wellspring of litigation, especially in the wake of the U.S. Supreme Court's recent Telephone Consumer Protection Act (TCPA) decision in Facebook, Inc. v. Duguid et al., which was seen as a financial industry win. (See Holland & Knight's previous alert, "Supreme Court's Facebook Decision Impacts TCPA Litigation," April 1, 2021.)

At first blush, the Eleventh Circuit's ruling can be viewed as an additional limitation on how the debt collection industry does business rather than advancing consumer protection. The court itself hints that this may be the case. Hunstein, No. 8:19-cv-00983-TPB-TGW at 22. In potentially dismantling how financial services companies have done business for the past few decades, the court focused its attentions on a strict textual reading of the FDCPA and to a theme that is rooted in all consumer protection laws: privacy.

Over the past decade, privacy has become a powerful tool used by litigants to generate class claims from seemingly innocuous and widespread activities such as call recording and website activity. In this case, the Eleventh Circuit used what it determined is the plain language of the FDCPA to once again place a spotlight on privacy. Expect this to be a continuing theme as courts are asked to find privacy rights imbedded in other consumer protection laws.

The Statute

The specific section of the FDCPA at issue is 15 U.S.C. § 1692c(b). In this section, the FDCPA sets forth who a debt collector can communicate with in connection with the collection of a debt without the consumer's consent. In relevant part, this section states that:

Except as provided in section 1692b of this title, without the prior consent of the consumer given directly to the debt collector, or the express permission of a court of competent jurisdiction, or as reasonably necessary to effectuate a postjudgment judicial remedy, a debt collector may not communicate, in connection with the collection of any debt, with any person other than the consumer, his attorney, a consumer reporting agency if otherwise permitted by law, the creditor, the attorney of the creditor, or the attorney of the debt collector.

15 U.S.C. § 1692c(b) (emphasis added)

The case ultimately turned on two things. First, what the court understood the following eight words to mean in § 1692c(b) — "in connection with the collection of any debt" — when a debt collector communicates with a third party without consent. Second, the interplay between the statute and ostensible privacy concerns.

The Case

The unanimous decision was issued by a mixed panel of judges appointed by Presidents Ford, Clinton, Obama and Trump, and written by Judge Kevin Newsom, who was appointed to the bench in 2017. In some ways, the opinion creates a judicial alliance of strange bedfellows to tackle what the judges perceive to be privacy violations, rather than more traditional abuses in debt collection practices. The invasion of privacy concept is a theme that runs throughout the opinion, and the court cites to congressional findings that the FDCPA, at least in part, was drafted to address privacy concerns. Sharing information, however, with a third-party letter vendor, is far different than disclosing debts a consumer may owe with their employer. Yet the court did not appear overly concerned with this distinction or attempt to reconcile these differences. Given the court's later musings that its holding may not provide consumers with any further privacy protections, it seems possible that the specter of privacy found its way into the opinion in a bid to make the case's holding somewhat more palatable.

The lawsuit itself stems from a collection or "dunning" letter sent to the plaintiff, Richard Hunstein, relating to a debt incurred from medical treatment his son received. To send the letter, the defendant, Preferred Collection and Management Services Inc. (Preferred Collection), took steps that are not uncommon in the financial services industry, employing the assistance of a third-party letter vendor. So that the vendor, Compumail Inc., had the necessary information to "create, print and mail" the letter, Preferred Collection shared data showing that Hunstein was a debtor, the amount he owed, the entity to which the monies were owed and the name of his son. Hunstein, No. 8:19-cv-00983-TPB-TGW at 2. Hunstein asserted that in doing so, the defendant violated the FDCPA when sharing that data with an unauthorized third party.

The Ruling and Arguments

In making its ruling, the Eleventh Circuit first addressed whether there was a true case or controversy giving Hunstein standing to file suit. In resolving this issue in favor of the plaintiff, and citing to Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 1547 (2016), the court noted that standing requires there to be an injury in fact, causation and redressability. The court took great pains in analyzing whether there was an injury in fact, and ultimately found that because it deemed the communication of data to a third party to be a violation of Section 1692c(b), that this statutory violation was enough. The court also examined precedent stemming back more than a century involving invasion of privacy cases and noted that the FDCPA shares a common structure with other laws that say "A may not share information about B with C." Hunstein, No. 8:19-cv-00983-TPB-TGW at 11. In addition, the court noted that Congress "identified the 'invasion[] of individual privacy' as one of the harms against which the statute is directed." Id. at 12 (internal citations omitted).

With standing established, the court looked at three key arguments that Preferred Collection made in asserting that its actions did not constitute violations of the FDCPA. First, the defendant asserted that for a communication to be made "in connection with the collection of any debt," there must be a corresponding demand for payment. Next, it asked the court to adopt a multifactor balancing test used in the Sixth Circuit, in which district courts there classify a communication as being made "in connection with the collection of any debt." And lastly, Preferred Collection asked the court to consider the impact to the industry if its actions were found to constitute a violation of the FDCPA, given widespread reliance on third-party vendors for a variety of services such as mailing.

The court found each of Preferred Collection's arguments unpersuasive. In reviewing the text of the statute, the court said it was obligated to find meaning to every word and provision, and rejected Preferred Collection's argument that Congress intended to limit the scope of § 1692c(b) to include only demands for payment. In so ruling, the court sidestepped other courts that interpreted similar language in other sections of the FDCPA to require a demand for payment before a communication could be classified as being "in connection with the collection of any debt." After dispatching this argument, the court next refused to adopt the multifactor test used in the Sixth Circuit.

Finally, the court held that it could not take into account the potential impact of its decision across the financial services industry.

We presume that, in the ordinary course of business, debt collectors share information about consumers not only with dunning vendors like Compumail, but also with other third-party entities. Our reading of § 1692c(b) may well require debt collectors (at least in the short term) to in-source many of the services that they had previously outsourced, potentially at great cost.

Id. at 22 (emphasis added)

The court instead held that it was bound by the confines of the statute, which Congress could change if it so desired.

Impact and Takeaways

While the court acknowledged that a consequence of its decision is the likely substantial costs associated with rolling back the financial industry's decades-long reliance on vendors, it was not sympathetic to the enormous challenge of in-housing all currently outsourced processes. There is no switch to flip. People need to be hired and trained amid a global pandemic. Software, printers and other letter-writing tools need to be purchased and then tested. Meanwhile, in the interim, lenders, servicers and other parties in the financial industry must weigh a Hobson's choice of not communicating with their customers, which is not always an option given competing regulatory requirements at the federal and state level, or facing litigation when they do.

In a statement that appears to rub salt in the wound, the court recognizes that the sweeping changes that its decision will necessitate are unlikely to usher in "much in the way of 'real' consumer privacy, as we doubt that the Compumails of the world routinely read, care about, or abuse the information that debt collectors transmit to them." Id. Nevertheless, the court concluded that its "obligation is to interpret the law as written, whether or not we think the resulting consequences are particularly sensible or desirable." Id.

An en banc appeal to the full Eleventh Circuit is underway, but even if the case is accepted and the panel is reversed, that new decision will not likely arrive before millions of communications with consumers will need to be made. As industry members consult with counsel on potential litigation, regulatory and statutory fixes, those in the financial industry must come to grips with how it will handle the fallout from this case. Now is the time to take stock of not only how you communicate with your customers, but also what vendors you use more broadly and for what functions, and what third parties your vendors use as well.


Information contained in this alert is for the general education and knowledge of our readers. It is not designed to be, and should not be used as, the sole source of information when analyzing and resolving a legal problem, and it should not be substituted for legal advice, which relies on a specific factual analysis. Moreover, the laws of each jurisdiction are different and are constantly changing. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. If you have specific questions regarding a particular fact situation, we urge you to consult the authors of this publication, your Holland & Knight representative or other competent legal counsel.


Related Insights