|
Electronic Discovery,
Consumer Debt, and the FDCPA
Lenders used to send out over due accounts to
various collection agencies with the hope of recovering on small
percentage of their bad debts. Today due to the unprecedented increase
in unpaid consumer debts a new industry was created around the buying
and selling of post charge-off consumer accounts.
Unfortunately with every new industry, specifically
in those that revolve around money, there are a few bad characters that
prey on anyone they can, and the debt sales industry has attracted more
than it's fair share of bad publicity because of it. In a nutshell,
accounts are bought and sold based primarily on the word of the seller.
Sellers claim that they have the rights to sell the accounts offered
for sale, either as the owner of the debt or as an agent for the owner.
Prospective buyers are presented with digitally produced spreadsheets
containing the names, account numbers, amounts owed, and relevant dates
amongst other data fields with which to make their buying decisions.
There are currently no industry wide mechanisms in place to prevent a
former "prospective buyer" from forwarding the spreadsheet of accounts
to others, pretending to be the owner or the agent. Nor has the
industry implemented even the most basic preventative countermeasures,
such as CRC or MD5 digital hash signatures, to stop unscrupulous
sellers or buyers from manipulating the original charge-off dates or
the total amounts owed displayed in the spreadsheet's fields.
A federal law known as the Fair Debt Practices
Collections Act, 15 U.S.C. §1692 et seq. (FDCPA) regulates the conduct
of debt collectors in collecting debts owed or allegedly owed by
consumers. It was designed to protect consumers from unscrupulous
collectors, even if the debt alleged is not valid. The FDCPA broadly
prohibits unfair or unconscionable collection methods including any
false, deceptive or misleading statements in connection with the
collection of a debt. Courts have interpreted this to include even
unintentionally attempting to a collect a balance owed that is
different than the actual debt - even if no valid debt even existed.
Additionally, there is a strict time limit for debt buyers to bring
legal action to sue for the amounts they claimed are owed; the date of
which begins from the date of the last payment. Courts have also firmly
stated that if the debt buyer initiates legal action after the statute
of limitations to collect the debt has run out they have committed a
violation of the FDCPA because the legal right to sue has expired. Each
violation of this federal statute allows the debtor to sue in civil
court for damages of $1,000 per violation of the statute and the award
of attorney fees is mandatory should the debtor be successful in their
lawsuit.
The defendant was served with a petition alleging
that she owed $3,409 on an old unpaid credit card account and that the
plaintiff was a debt buyer who had purchased the account. The defendant
insisted that she had never had a credit card in her life and this
lawsuit was the first time she had ever been contacted in regards to
the alleged debt. Upon filing her answers with the court she was
informed by a court clerk that the plaintiff had filed several hundred
cases, including her particular lawsuit, over the previous month.
During the discovery phase of the civil case the
defendant was made aware of the fact that the plaintiff had no original
copies of the physical documentation to provide to them.
A discovery request was crafted to include all
computer files, e-mail communications, back up tapes, cassettes, discs,
and recordings, which related to the accounts they had purchased
including the preservation of the files' metadata. The plaintiff stated
that they had all documentation in the form of Microsoft Excel and
Adobe PDF files and would turn over all emails and other related
information to the defendant.
Plaintiff's council forwarded copies of the
requested documents to the Defendant's council on a CD-R disk and a
standard e-discovery protocol was implemented to review the data.
Nothing appeared out of the ordinary with the PDF documents and the
Plaintiff insisted that spreadsheet on the disk was an exact copy of
the spreadsheet as they had received it from the debt seller several
month prior to their filing of the law suit. Analysis of the file
creation date and modification date indicated that the spreadsheet was
modified 2 days after it was created or copied to another drive for the
modification. Because the discovery request specifically included the
analysis of any metadata associated with the files, it was also
examined. At some point in the spreadsheet's life it had been set up to
track all changes made to the data. The original information was still
embedded in the file along with the revision history. In depth analysis
of the revisions showed that all of the accounts contained in the
spreadsheet were modified from their original status - some had the
last payment dates changed while others had the debt balances modified.
Further investigation found that many accounts were created using new
unrelated names attached to the account data that had belonged to
another person, including the account alleged to belong to the
defendant.
Analysis of the physical CD media indicated that it
was recorded using multi-session packet writing software containing
several sessions recorded over the course of a few days. All
discovery data provided was located in the final session of the CD,
however a byte level keyword search of the media indicated that data
existed in the previous sessions, which are normally inaccessible once
the final session is written to the disk. The previously recorded
sessions were restored and examined. Located among them was a Microsoft
Word document that appeared to be a copy of the dunning letter which
was in its PDF form on the final session of the disk. Analysis of the
metadata contained in the Word file indicated that the original date of
the dunning letter was the day before the document was copied to the
CD-R which was only several days prior to the defendant receiving the
CD-R from the plaintiff. The date was then modified to back-date it to
appear to have been written several months before the plaintiff filed
their lawsuit. The original address in the Word document also did not
belong to the defendant and the account information was also later
changed to match the information listed in the plaintiff's petition.
A full report was presented to the defendant and
her council who immediately filed a counterclaim alleging 16 separate
violations of the FDCPA and state collections laws and sought to
recover $1,000 per intentional violation plus attorney fees. A few days
after receiving notice of the counterclaim the plaintiff's attorney
contacted the defendant and offered a cash settlement plus the
dismissal of their lawsuit with prejudice.
|