Compliance Blog

Categories: Operations

Emails and Bona Fide Errors Under Regulation F

We are continuing our run through the debt collection rule today and looking at email communications and compliance issues related to the possibility that those kinds of communications might be received by third parties. Both the Fair Debt Collection Practices Act (FDCPA) and Regulation F generally prohibit debt collectors from communicating or attempting to communicate with third parties in the connection with the collection of a debt. Section 1006.6(d)(1) identifies certain individuals that debt collectors can communicate with in connection with debt collection, and they include the following:

  • “The consumer;”
  • “The consumer’s attorney;”
  • “A consumer reporting agency, if otherwise permitted by law;”
  • “The creditor;”
  • “The creditor’s attorney; or”
  • “The debt collector’s attorney.”

Outside of these persons, debt collectors may communicate with other third parties if they are acquiring location information about the debtor as permitted by section 1006.10, communicating with a third party after the consumer directly provides the debt collector with prior consent or after receiving court approval or trying “to effectuate a postjudgment judicial remedy.”

Bona Fide Error Defense

Under section 813(c) of the FDCPA, debt collectors can be protected from liability for violations of the FDCPA if they demonstrate that the violation was unintentional “and resulted from a bona fide error notwithstanding the maintenance of procedures reasonably adapted to avoid any such error.” Section 1006.6(d)(3) reinforces the bona fide error defense with respect to email and text communications that might inadvertently be sent to third parties in violation of the general prohibition described in section 1006.6(d)(1). Together with section 1006.6(d)(4), the regulation describes certain procedures regarding emails that are reasonably adapted to avoid an error as long as a debt collector does not communicate using an email address that has previously resulted in a prohibited disclosure to a third party.

Email Procedures Reasonably Adapted to Avoid Prohibited Disclosures

For email addresses, the rule provides three methods of demonstrating that a debt collector “has procedures that are reasonably adapted” to prevent prohibited disclosures to third parties. The first method involves the consumer’s consent. Section 1006.6(d)(4)(i)(A) permits a debt collector to use email addresses that a consumer has used to communicate with a debt collector about a debt as long as the consumer has not subsequently opted out of emails to that address. Section 1006.6(d)(4)(i)(B) allows the use of an email address for which a consumer has directly provided prior consent to the debt collector to use, if the consumer has not revoked consent.

The second method covers situations in which the debt collector acquires an email address from a consumer, uses the email address to communicate with the consumer about an account, has not received a request from the consumer to refrain from using that email address, and sends a written or electronic notice to the consumer before using the email to communicate with the consumer about a debt. Section 1006.6(d)(4)(ii)(C) provides the content requirements for the notice, which include, among other things, clear and conspicuous disclosures about the email address at issue and the debt collector’s potential use of that address to communicate with the consumer about the debt and “[t]hat, if others have access to the email address, then it is possible they may see the emails . . . .” The notice must provide “[i]nstructions for a reasonable and simple method by which the consumer could opt out of such communications . . . .” The notice must also provide the deadline by which the consumer has to submit an opt-out request. The rule requires that this deadline be no earlier than 35 days after the notice has been issued. If the debt collector or creditor has not received an opt-out within the period identified in the notice and the email address the debt collector intends to use to communicate with a consumer about a debt is “available for use by the general public” (e.g., the email is not “reserved for use by specific registrants, such as a domain name branded for use by a particular commercial entity (e.g., or reserved for particular types of institutions (e.g.,,, or”) and is not the consumer’s work email address, a debt collector may send emails about a debt to the identified email address without losing the bona fide error protections described in section 813(c) of the FDCPA.

The final email method addresses situations that involve debts that have been pulled from one debt collector and placed with another. In those cases, section 1006.6(d)(4)(iii) allows debt collectors to send emails to email addresses if:

  • The earlier debt collector obtained the email address using one of the first two methods described here;
  • The debt collector who was collecting the debt before the current debt collector used the email address to communicate with the consumer about the debt; and
  • The consumer did not opt out of email communications to that email address.

For more questions about the debt collection rule, you can look to the CFPB’s small entity compliance guide.

About the Author

David Park, NCCO, Senior Regulatory Compliance Counsel, NAFCU

David joined NAFCU in September 2018.  As part of the Regulatory Compliance Team, he provides daily compliance assistance to member credit unions on a variety of topics. 
Read full bio