In Eggleston v. Reward Zone USA LLC, No. 2:20-cv-01027-SVW-KS (C.D. Cal. Jan. 28, 2022), the U.S. District Court for the Central District of California rejected the argument that text messages are “artificial or prerecorded voice messages” under the Telephone Consumer Protection Act (the TCPA).

The plaintiff, Lucine Trim, alleged that Reward Zone USA LLC (Reward Zone), sent spam advertisements and promotional offers to her cellphone via text message in violation of TCPA § 227(b). This provision makes it unlawful to “make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice” to any telephone number assigned to a cellular telephone service.

In granting a motion to dismiss the § 227(b) claims, the District Court first held that the system at issue does not qualify as an automatic telephone dialing system (ATDS) as defined by the statute. Under the TCPA, an ATDS consists of “equipment which has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator; and to dial such numbers.” In interpreting this definition, the District Court held that calling equipment only qualifies as an ATDS “if it uses a number generator to generate the phone numbers themselves — not if the number generator is used merely to index the phone numbers or select phone numbers from that index.” Reward Zone only used a number generator to index and select telephone numbers from a database, therefore its dialing system does not qualify as an ATDS, and thus, calls made with it do not violate the prohibition against the use of ATDS in § 227(b).

The District Court also held that a violation had not occurred because text messages are not artificial or prerecorded voice messages. The plaintiff argued that text messages meet the statutory definition because “‘artificial’ means ‘humanly contrived, often on a natural model’; ‘prerecorded’ means ‘to set down in writing in advance of presentation or use’; and ‘voice’ means ‘an instrument or medium of expression.’” The District Court rejected this argument as being “beyond the bounds of common sense,” stating:

“Plaintiff’s interpretation conflicts with a primary principle of statutory interpretation — that words in a statute should generally be given their most natural understanding unless circumstances suggest otherwise. See Duguid, 141 S.Ct. at 1169. The most natural, commonplace understanding of “voice” is the sound produced by one’s vocal system. Indeed, it is not plausible that Congress intended the word “voice” in the TCPA to carry the tertiary, metaphorical meaning that plaintiff suggests over this primary, natural meaning — especially since if Congress had intended to adopt plaintiff’s broad meaning, it could have easily chosen clearer, more literal terms to do so, such as “medium of expression” or “communication.” [emphasis supplied by the District Court].”

This case shows that for purposes of the TCPA, a text message is simply that: a message consisting of written text. And such messages do not qualify as artificial or prerecorded voice messages that can give rise to liability under § 227(b).

SKOKIE,
Ill. — Recently, Judge Michael A. Shipp of the District Court for the District
of New Jersey granted Halsted Financial Services, LLC’s motion to dismiss a
Fair Debt Collection Practices Act class-action lawsuit over a settlement offer
in a collection letter. The plaintiff received a letter offering a 20% discount
to settle a debt, but the discount applied to only one of the two payment plan
options that were offered within the letter.

A
copy of the ruling in the case of Pistone v. Halsted Financial
Services can be found here. 

Pistone
filed the class-action lawsuit on behalf of herself and others similarly
situated, alleging the letter violated Section 1692e of the FDCPA because only
one of the two re-payment options included the 20% savings on the balance owed
as indicated across the top of the letter.

Judge
Shipp reasoned that the least sophisticated debtor would not be confused by
multiple payment options, especially because the second offer stated, “[i]f you
cannot take advantage of the above offer,” which indicated it was a distinct
offer from the first one. “The letter clearly offers two separate options, and
simple logic dictates that only one of those options can equal the 20% offer,”
Judge Shipp wrote.

“We
are of course very pleased with this outcome,” commented Brian Glass, General
Counsel for Halsted Financial Services. “We believe strongly in our
payment offers and solutions. Through these repayment options, we will continue
to help consumers in need of our assistance”.

Rochester, N.Y. — Continental Service Group, Inc.,
d/b/a ConServe, announces that they have once again earned a spot on Training magazine’s, 2022 Training APEX Awards, f/k/a:  Training Top 100.  The Training APEX Awards ranking is determined
by assessing a range of qualitative and quantitative factors, including
financial investment in employee development, the scope of development
programs, how closely such development efforts are linked to business goals and
objectives, and their effectiveness in terms of business impact.

“Despite a year of continued challenges, the 2022 Training
APEX Awards winners persevered and attained new heights in employee training
and development,” said Lorri Freifeld, editor/publisher of Training magazine.
“Their passion for fostering continuous learning and individual, team, and
organizational success burns brightly and raises the bar for companies around
the world.”

[article_ad]

“ConServe
is exceptionally proud to be recognized as a Training APEX Award winner for the
eighth consecutive year.  This award validates
one of our core values, we recruit, hire, develop and promote the very best.  People are our most valuable asset,” said
George Huyler, VP of Human Resources.  David Bucciarelli, ConServe’s
Director of Organizational Development adds, “At ConServe, we remain an
advocate of lifelong learning and it is an honor to be among the 2022 Training
APEX Awards winners.”

Training magazine recognized
the 2022 APEX Award winners and revealed their rankings during the Here
Comes the Sun Gala held in Orlando, FL on February 28, 2022.

About ConServe

ConServe is a top-performing
accounts receivable management service provider specializing in customized
recovery solutions for their Clients. Anchored in ethics and compliance, and
steadfast in their pursuit of excellence, they are a consumer-centric
organization that operates as an extension of their Clients’ valued
brands.  For over 36 years, they have partnered with their Clients to
provide unmatched customer service while simultaneously helping them achieve
their accounts receivable management goals.  Visit
us online at: www.conserve-arm.com

About Training magazine

Training magazine is the
leading business publication for learning and development and HR professionals.
It has been the ultimate resource for innovative learning and development—in
print, in person, and online—over the last 55-plus years. Training magazine
and Training magazine Events are produced by Lakewood Media Group. For more
information about the 2022 Training Conference & Expo, please visit: www.trainingconference.com

Although debt collectors had a full year and more than 1000 pages of CFPB guidance to assist in preparing for Regulation F, some facets of this new law remain murky. Many debt collectors are unclear if the Zortman phone message may still be used after implementation of Regulation F or does the limited content message (LCM) replace it?  Further, questions arise daily about the permissible extent of modifications to the model validation notice (MVN), especially when collecting on multiple debts for the same obligor. 

In the latest episode of the Debt Collection Drill videocast, Moss & Barnett attorneys John Rossman and Mike Poncin break down the differences between the Zortman message and the LCM, including acceptable uses. In addition, the attorneys examine the allowed scope of potential modifications to the MVN, specifically focusing on the inclusion of debits in the itemization and placement of a payment portal web address on the notice.  

ARM entities servicing medical debt should pay close attention to the recent words and actions of the Consumer Financial Protection Bureau (CFPB). On March 1, 2022, the CFPB issued a press release announcing that it released a report in which it estimated $88 Billion Dollars in medical debt is shown on credit reports. This announcement was followed a few hours later with are release of CFPB Director Rohit Chopra’s prepared remarks on medical debt collection. 

The report asserts that medical billing is “complicated and burdensome” and calls medical billing a “doom loop” which catches patients between medical providers and insurance companies. Of prime focus for the CFPB is the usage of credit reports to coerce a patient to pay a medical bill. In his prepared statement, CFPB Director Rohit Chopra, made his feelings on the issue clear stating, “I am concerned that the credit reporting system is being weaponized as a tool of coercion to get people to pay medical bills they may not even owe.”

The report details how medical bills are often unexpected, and patients typically do not have the ability to shop for services.  Per the CFPB’s findings, medical bills placed on credit reports can result in reduced access to credit, increased risk of bankruptcy, avoidance of medical care, and difficulty securing employment, even when the bill itself is inaccurate or erroneous. To correct this, the CFPB plans to hold credit reporting companies accountable and work with federal partners, including the Department of Health and Human Services to ensure patients are not coerced into paying more than the amount they owe through credit reports.

For some additional foreshadowing of the CFPB’s intentions, Director Chopra referred to medical debts as “contaminating” the credit reporting system and explicitly said,  “we will be assessing whether it is appropriate for unpaid medical billing data to be included on credit reports altogether. We already know how a medical bill reported on credit reports is less predictive of future repayment than reporting on traditional credit obligations. We will make this determination while also taking steps to reduce harmful and inaccurate credit reporting.”

The full report can be found here.

Director Chopra’s full statement can be found here.

insideARM Perspective:

The CFPB’s remarks should concern everyone in the ARM industry. The CFPB thinks there is a problem with healthcare billing, and they want to fix it. In principle, this is a good thing, but the statements issued by Director Chopra are troublesome in that they seem to take an animous approach to the collections industry and indicate that the CFPB thinks debt collectors- the last house on the block- have the ability to fix a billing system that is flawed at its roots. 

The CFPB is right, any American that has visited a doctor or hospital at any point in their adult life knows medical billing is, to use the words of the CFPB, “complicated and burdensome.” While the CFPB may be trying to fix the issue using the tools it has available (i.e. regulating the ARM industry), those tools cannot fix the root of the problem. The real problem with healthcare collections starts the moment a patient walks into a doctor’s office or hospital. 

ARM entities can do a lot. They can handle federal, state, and client requirements which seem to change almost daily now, but they cannot solve it all and they can not continue to be scapegoats for all of the country’s economic issues. Putting the entire weight of the problems in the American healthcare system on the shoulders of debt collectors will not solve the issue. ARM entities can’t fix the influence insurance companies have on the American healthcare system or the problems associated with medical coding and billing. However, they may be in a position to help the CFPB understand how healthcare bills end up in the collections process, and what would be needed further up in the revenue recycle to prevent accounts from hitting collections in the first place. 

Further, while out of the CFPB’s purview, perhaps some attention should go to the American healthcare system as a whole, and maybe why Americans pay insurance companies so much to do so little, or why America leaves the entire burden of healthcare on its citizens.  

The Federal Trade Commission recently amended the Safeguards Rule, 16 C.F.R. § 314.1, et seq., with significant changes to how an information security program should be designed, what it must include, and who needs to be in charge.  Some may note the similarity to the New York Department of Financial Services’ Cybersecurity Requirements for Financial Services Companies, N.Y. Comp. Codes R. & Regs. tit. 23, § 500.00, et seq.

The Rule is now considerably lengthier, but not all the amendments added anything new or substantive.  In this article we will explain which changes look new but are not, which are new and substantial, which do not apply to small businesses, and when certain provisions go into effect.

THE RULE

The Rule was promulgated under the Gramm-Leach-Bliley Act which, in part, requires the FTC to issue rules setting forth standards that financial institutions must implement to safeguard certain information.  The Rule applies to customer information held by non-banking financial institutions and “sets forth standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of [that information].”

The Rule provides this non-inclusive list of entities that are considered financial institutions under the Gramm-Leach-Bliley Act and subject to the rule:

• Mortgage lenders;
• Pay day lenders;
• Finance companies;
• Mortgage brokers;
• Account servicers;
• Check cashers;
• Wire transferors;
• Travel agencies operated in connection with financial services;
• Collection agencies;
• Credit counselors and other financial advisors;
• Tax preparation firms, non-federally insured credit unions;
• Investment advisors that are not required to register with the SEC; and
• Entities acting as finders.

Additionally, in its definitions, the Rule provides more detailed examples of entities considered financial institutions.

THE AMENDMENTS

The amendments to the Rule became effective Jan. 10, 2022, although some of the most important provisions are not effective until Dec. 9, 2022.  The FTC summarized the highlights as providing:

• More guidance on how to develop and implement specific aspects of an overall information security program.
• New provisions to improve the accountability of information security programs.
• Exemptions for financial institutions that collect less customer information.
• Inclusion of entities engaged in activities that are incidental to financial activities.
• New terms and examples.

WHAT’S NOT NEW

Section 314.1 – Purpose and Scope. Although amended subsection (b) appears significantly lengthier, it simply incorporates the definition of “financial institution” from the Privacy Rule, as modified and with examples, “to allow the Rule to be read on its own, without reference to the Privacy Rule.” 

Section 314.2 – Eleven Old Definitions. Previously, the Rule had only three defined terms and a general provision explaining that the terms used in the Rule had the same meaning as those defined in the Privacy Rule, 16 C.F.R. § 313.3.

Now, the Rule has 18 defined terms, but the majority have been carried over from the Privacy Rule to “improve clarity and ease of use.”  The Rule’s pre-amendment terms and those carried over from the Privacy Rule without substantive change are:

• Consumer;
• Customer;
• Customer Information;
• Customer Relationship;
• Financial Product or Service;
• Information System;
• Nonpublic Personal Information;
• Personally Identifiable Financial Information;
• Publicly Available Information;
• Service Provider; and
• You.

Section 314.3 – Standards for Safeguarding Customer Information. This section is essentially unchanged.

WHAT’S NEW

Section 314.2 – Seven New Definitions. As mentioned above, most of the defined terms are newly added to this section but not new to the Rule because they were previously cross-referenced to their definitions in the Privacy Rule.  Following are the seven new terms, and one that has been modified:

• Authorized User: This new term “means any employee, contractor, agent, customer, or other person that is authorized to access any of your information systems or data.”

• Encryption: This new term “means the transformation of data into a form that results in a low probability of assigning meaning without the use of a protective process or key, consistent with current cryptographic standards and accompanied by appropriate safeguards for cryptographic key material.”

• Financial Institution: This term has been modified to include “any institution the business of which is engaging in an activity that is financial in nature or incidental to such financial activities. . .” (emphasis added). It specifically applies to “[a] company acting as a finder in bringing together one or more buyers and sellers of any product or service for transactions that the parties themselves negotiate and consummate is a financial institution because acting as a finder is an activity that is financial in nature or incidental to a financial activity listed in 12 CFR 225.86(d)(1).”

• Information Security Program: This new term “means the administrative, technical, or physical safeguards you use to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information.”

• Multi-Factor Authentication: This new term “means authentication through verification of at least two of the following types of authentication factors: (1) Knowledge factors, such as a password; (2) Possession factors, such as a token; or (3) Inherence factors, such as biometric characteristics.”

• Penetration Testing: This new term “means a test methodology in which assessors attempt to circumvent or defeat the security features of an information system by attempting penetration of databases or controls from outside or inside your information systems.”

• Security Event: This new term “means an event resulting in unauthorized access to, or disruption or misuse of, an information system, information stored on such information system, or customer information held in physical form.”

Section 314.5 – Effective Date. This section identifies certain provisions of § 314.4 that are not effective until Dec. 9, 2022, as described below.

Section 314.6 – Exceptions. This “small business” section identifies certain provisions of § 314.4 that “do not apply to financial institutions that maintain customer information concerning fewer than five thousand consumers.”  Those provisions are identified below.

WHAT’S HOT

Section 314.4 – Elements. This section has been completely overhauled, and now explains with specificity the elements, new and old, that must be included in an information security program.  Except where indicated, these elements must be incorporated by Dec. 9, 2022.  In summary, the elements checklist includes:

• A single “qualified individual” designated to oversee, implement, and enforce the information security program. Previously, the program could be coordinated by a designated employee or employees. 

• An information security program based on a risk assessment. This is a current requirement, as well as the need to periodically perform additional risk assessments.  However, effective Dec. 9, 2022, the risk assessment must include, except for small businesses:
  • Criteria for the evaluation and categorization of identified security risks or threats;
  • Criteria for the assessment of the confidentiality, integrity, and availability of information, including the adequacy of the existing controls in the context of the identified risks or threats; and
  • Requirements describing how identified risks will be mitigated or accepted based on the risk assessment and how the information security program will address the risks.

• Safeguards designed to control identified risks through:
  • Access controls, including technical and physical controls, to authenticate and limit access;
  • Identification and management of data, personnel, devices, systems, and facilities;
  • Encryption of all customer information held or transmitted;
  • Secure development practices and security testing for applications used for transmitting, accessing, or storing customer information;
  • Multi-factor authentication for any individual accessing any information system;
  • Procedures for the secure disposal of customer information no later than two years after the last date the information is used;
  • Procedures for change management;
  • Policies, procedures, and controls to monitor and log the activity of authorized users and detect unauthorized access, use or tampering.

• Regular testing and monitoring of the safeguards’ effectiveness. This general requirement is currently in effect, but new requirements effective Dec. 9, 2022, and not applicable to small businesses, are:
  • Annual penetration testing; and
  • Vulnerable assessments.

• Policies and procedures that include:
  • Security awareness training;
  • Use of qualified information security personnel to manage risks and oversee the program;
  • Security training and updates to address risks; and
  • Verification that information security personnel maintain current knowledge of changing information security threats and countermeasures.

• Service provider oversight through:
  • Selecting service providers capable of maintaining appropriate safeguards, which is a current requirement;
  • Requiring the safeguards by contract, which is also a current requirement; and
  • Periodically assessing service providers based on the risk they present and the adequacy of their safeguards, effective Dec. 9, 2022.

• A written incident response plan, with seven specific requirements, designed to promptly respond to, and recover from, any security event materially affecting the confidentiality, integrity, or availability of customer information. This is not required for small businesses.

• A regular written report, prepared at least annually, by the qualified individual to the board of directors that includes the status of, and compliance with the information security program, and any related material matters. This is not required for small businesses.

COMPLIANCE

The elements described in § 314.4 are not new concepts and many entities are already compliant.  However, because the elements are now far more specific and detailed than before, we recommend those subject to the Rule compare its elements to those of their own programs to ensure compliance, leaving time for compliance by Dec. 9, 2022. On March 15, join me for a Receivables Management Association International webinar to learn more about the amendments and the steps you need to take now to bring your company into compliance by Dec. 9, 2022.

The U.S. Court of Appeals for the Eighth Circuit recently reversed a trial court’s judgment in favor of a consumer for claims of alleged violation of the federal Fair Debt Collection Practices Act, finding that the consumer lacked Article III standing to bring his claim in federal court as the consumer failed to allege or later show a concrete injury in fact.

A copy of the opinion in Ojogwu v. Rodenburg Law Firm is available at:  Link to Opinion.

In Minnesota, a creditor may issue a garnishment summons to any third party “at any time after entry of a money judgment in [a] civil action.” Minn. Stat. § 571.71(3). The statute further provides that a copy of the garnishment summons, copies of other papers served on the third-party garnishee, and the applicable garnishment disclosure form “must be served by mail at the last known mailing address of the debtor not later than five days after the service is made upon the garnishee.” § 571.72, subd. 4 and 5.

This appeal arose out of a judgment creditor’s attorney (“Creditor”) mailing a consumer debtor (“Debtor”) a copy of a garnishment summons which was served on garnishee, and other state-law-mandated garnishment forms, knowing that Debtor had retained counsel after the default judgment was entered and knowing that Debtor “dispute[d] the debt.”

Debtor brought suit under 15 U.S.C. § 1692c(a)(2) of the FDCPA.

The trial court held that § 571.72, subd. 4 was inconsistent with and preempted by the FDCPA provision stating “[w]ithout the prior consent of the consumer … or the express permission of a court of competent jurisdiction, a debt collector may not communicate with a consumer in connection with collection of any debt … if the debt collector knows the consumer is represented by an attorney with respect to such debt.” § 1692c(a)(2). This court expressly disagreed with the opinion of another District of Minnesota district judge.

The parties stipulated as to remedy, and the trial court entered final judgment awarding Debtor statutory damages plus attorney’s and filing fees. Creditor appealed.

On appeal, the Eighth Circuit held that it could not resolve the merits of the intra-district conflict, finding that Debtor lacked Article III standing to pursue his claim in federal court because he failed to allege and the record did not show that Debtor suffered a concrete injury in fact from Creditor’s violation of § 1692c(a)(2).

Debtor had the burden of proving Article III standing by showing “(i) that he suffered an injury in fact that [wa]s concrete, particularized, and actual or imminent; (ii) that the injury was likely caused by the defendant; and (iii) that the injury would likely be redressed by judicial relief.” TransUnion LLC v. Ramirez, 141 S. Ct.  2190, 2203 (2021).

The Court further noted that a concrete and particularized injury is required even when Congress creates a private cause of action, such as it did in the FDCPA. See § 1692k.

The Eighth Circuit found that Creditor’s mailing of the garnishment summons on Debtor caused him no tangible injury. The Court further found that serving the summons on Debtor was a benefit to him, as it gave him timely notice and an opportunity to claim an exemption to satisfy the garnishment in such a way that did not disturb his relations with the garnishee.

Debtor alleged that the mailing of the garnishment summons resulted in intangible injury as held by prior courts, “actual damages in the form of fear of answering the telephone, nervousness, restlessness, irritability, amongst other negative emotions.” But, “In determining whether an intangible harm constitutes injury in fact, both history and the judgment of Congress play important roles.”  Spokeo, 578 U.S. 330, 340 (2016).

The historical analysis is used to determine whether the alleged injury has “a close relationship to harms traditionally recognized as providing a basis for lawsuits in American courts.” TransUnion, 141 S. Ct. at 2204. The role of Congress is important, as, by statute, it may “elevat[e] to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate at law. Spokeo, 578 U.S. at 341 (quotation omitted).

However, Congress “may not simply enact an injury into existence, using its lawmaking power to transform something that is not remotely harmful into something that is.’” TransUnion, 141 S. Ct. at 2205 (quotation omitted).

Using this analysis, the Eighth Circuit found that the intangible injuries alleged by Debtor were insufficient to establish concrete injury in fact. Debtor was not caused to act to his detriment or fail to protect his interests. The Court further found that Debtor’s alleged tangible injuries “f[e]ll short of cognizable injury as a matter of general tort law. Buchholz v. Meyer Njus Tanick, PA, 946 F.3d 855, 864 (6th Cir. 2020).

The Eighth Circuit also found that Debtor failed to show that his “negative emotions” were caused by Creditor commencing a lawful garnishment action.

Finally, the Court emphasized the relevance of the fact that Debtor’s attorney notified Creditor that Debtor disputed the debt. 

Subsection 1692c(c)(3) provides that, “[i]f a consumer notifies a debt collector in writing that the consumer refuses to pay a debt … the debt collector shall not communicate further with the consumer with respect to such debt, except … to notify the consumer that the debt collector or creditor intends to invoke a specified remedy.” 

In Heintz v. Jenkins, the Court addressed this exception finding that “Courts can read these exceptions [in §§ 1692c(c)(2), (3)], plausibly, to imply that they authorize the actual invocation of the remedy that the collector ‘intends to invoke.’…  [This] interpretation is consistent with the statute’s apparent objective of preserving creditors’ judicial remedies.” § 514 U.S. 291 (1995).

The Eighth Circuit noted that the comment was not obviously applicable as Debtor did not assert a violation of § 1692c(c), the Court nevertheless found it reinforced its conclusion that Debtor failed to allege a concrete injury in fact as, under Minnesota law, garnishment is an independent proceeding ancillary to “an ordinary debt-collecting lawsuit.”

As such, the Eighth Circuit found that the Debtor lacked Article III standing because Debtor failed to plausibly allege or later show a concrete injury in fact. The judgment of the trial court was vacated and the case remanded with instructions to dismiss the complaint. However, the parties were granted leave to file supplemental briefs on the issue of Article III standing.