Relying on the plain language of the Privacy Principles and the Fair Debt Collection Practices Act, Eleventh Circuit Court holds that transmitting consumer information to third parties and sharing Consumer Data Without Consumer Consent, Violates FDCPA, and exposes debt collectors to liability. In a ruling that might shake the debt-collection industry, the verdict from 21 April 2021 posed one of the biggest questions in the matter: ‘is a communication between a debt collector and its vendor considered “in connection with the collection of any debt?’ The section they are reffering to from FDCPA is 15 U.S.C. 1692c (b). Here is where the FDCPA specifies who a debt collector may interact with in connection with debt collection without the consumer's approval. In key line, this section states: “Except as provided in section 1692b of this title, without the prior consent of the consumer given directly to the debt collector, or the express permission of a court of competent jurisdiction, or as reasonably necessary to effectuate a postjudgment judicial remedy, a debt collector may not communicate, in connection with the collection of any debt, with any person other than the consumer, his attorney, a consumer reporting agency if otherwise permitted by law, the creditor, the attorney of the creditor, or the attorney of the debt collector.” 15 U.S.C. § 1692c(b) The Case The plaintiff in Hunstein v. Preferred Collection and Management Services, Inc. owed money to a hospital for medical care, and the hospital assigned the debt to the defendant in order to collect it. Preferred Collection exchanged data (revealing that Hunstein was a debtor, the amount owed, the company to whom the payments were owed, and the name of his son) with the vendor, Compumail Inc., so that they could "produce, print, and mail" the letter. The vendor then utilized the information to create and send the debtor a dunning letter. After receiving the dunning letter, the debtor filed a complaint in the Middle District of Florida, alleging breaches of the FDCPA and the Florida Consumer Collection Practices Act. The court denied the complaint for failure to state a claim, determining that the debtor had not fully described that the collector's transmission of data to the letter vendor constituted a communication "in connection with the collection of a debt." The debtor then filed an appeal with the Eleventh Circuit. The court went to significant lengths to determine if there was an actual damage, and eventually determined that because it regarded data transmission to a third party to be a breach of Section 1692c(b), this statutory violation was sufficient. While the basic circumstances of Hunstein include a third-party dunning letter, the logic behind the court's decision is easily extrapolated to possibly apply to any number of instances. Can, for example, the owner of a mortgage loan speak with the loan servicer? More so, what restrictions apply to contacts between debt collector affiliates? Are there any legal ramifications for communicating consumer information to a process server? The Ruling Because many state debt collection bills and laws are based on the FDCPA and interpreting FDCPA provisions, debt collectors may face increased responsibility under certain state legislation as a result of the Eleventh Circuit's interpretation in Hunstein. At the end of the opinion, the Court recognized the convoluted implications: “It’s not lost on us that our interpretation of § 1692c(b) runs the risk of upsetting the status quo in the debt-collection industry. We presume that, in the ordinary course of business, debt collectors share information about consumers not only with dunning vendors like Compumail, but also with other third-party entities. Our reading of § 1692c(b) may well require debt collectors (at least in the short term) to in-source many of the services that they had previously outsourced, potentially at great cost. We recognize, as well, that those costs may not purchase much in the way of “real” consumer privacy, as we doubt that the Compumails of the world routinely read, care about, or abuse the information that debt collectors transmit to them. Even so, our obligation is to interpret the law as written, whether or not we think the resulting consequences are particularly sensible or desirable. Needless to say, if Congress thinks that we’ve misread § 1692c(b)—or even that we’ve properly read it but that it should be amended—it can say so.” The Immediate Impact and Takeaways Despite the fact that the ruling has precedential importance in the Eleventh Circuit, the struggle continues ant that’s why it's worth noting a few things about Hunstein and its impact. First and foremost, this is not the end, as the debt is requesting an en banc review, which, if granted, will offer the industry a chance to persuade the Court to reverse its opinion. Since the Hunstein judgement was issued, this has been a hot topic in the debt collecting industry. Even as additional lawsuits are filed, agencies are trying to comprehend the consequences of this judgment, which concluded that sending data from a debt collector to a letter vendor violates third-party disclosure. Enterprises, creditors, and service providers should be aware of the Hunstein ruling and argurments. If the recent data breaches and lawsuits have taught us anything, it is that neglecting to secure consumer privacy may result in significant penalties and reputational damage. The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2006 by the five main credit card firms to assure the secure processing of information and to protect users from identity theft. This implies that even in the most secure contact centers, certain sensitive cardholder information cannot be kept. PCI DSS Compliance Ready Because a great number of call centers deal with distance payments on a daily basis, violating any of the PCI DSS compliance rules can result in a host of legal fees and penalties. To instill customer confidence that data is being protected, The Payment Card Industry Data Security Standard is now an integrated part of our contact center software platform NobelBiz OMNI+. After a laborious application process, as of May 10th 2021, NobelBiz can offer its clients the possibility to process payments in a safe and compliant manner.