In Ruth v. Triumph Partners, Ltd., — F.3d —-, 2009 WL 2487092 (7th Cir. 2009), the Court of Appeals for the Seventh Circuit held that a debt collector’s inclusion of a Gramm-Leach-Bliley privacy notice with its debt validation letter violated the FDCPA.  The Court of Appeals explained: 


Upon receiving and reading the collection letter and the notice, the only reasonable conclusion that an unsophisticated consumer or, indeed, any consumer could reach is that the defendants were claiming a legal right to disclose the nonpublic in-formation about the debtor that they had obtained as a consequence of attempting to collect the debt, and were threatening to do so unless the debtor affirmatively “opted out.” After all, the defendants had no other relationship with the plaintiffs and therefore had no foreseeable prospect of obtaining nonpublic information in any other way. The defendants do not deny that sharing the nonpublic information they had about the plaintiffs, without their express prior con-sent, would have violated the FDCPA.FN6 Thus, on its face, the only reasonable interpretation of the notice was as a threat to take illegal action.    The defendants argue that the notice does not falsely claim a right to share the plaintiffs’ nonpublic information because it states that the defendants will do so only “to the extent permitted by law.” Appellees’ Br. 20. To threaten to take some action “to the extent permitted by law,” however, is to imply that, under some set of circumstances and to some extent, the law actually permits that action to be taken. Here, the defendants have suggested no set of circumstances under which the FDCPA would have permitted disclosure of the plaintiffs’ nonpublic information with-out their consent. If anything, the notice’s implication to the contrary makes the statement more misleading, not less. See Gionis v. Javitch, Block & Rathbone, LLP, 238 Fed. App’x 24, 27-29 (6th Cir.2007) (un-published disposition) (holding that the defendant’s representation that it could collect attorney’s fees “to the extent permitted by applicable law” violated the FDCPA because the applicable state law did not permit collection of such fees).    Thus, we conclude that the only reasonable conclusion an unsophisticated consumer could reach, upon receiving the collection letter and the notice, was that the defendants intended to share without permission the nonpublic information they had received by virtue of acquiring and collecting on the debts. As a matter of law, therefore, the notice constitutes “a threat to take … action that cannot legally be taken,” 15 U.S.C. § 1692e(5), and a “false representation or deceptive means to collect or attempt to collect a [ ] debt,” id. § 1692e(10).


The Court of Appeals also held that the debt collector was not entitled to rely on the bona fide error defense because it relied on a pamphlet prepared by a trade-group:


After reading these cases, we conclude that, if the bona fide error defense is available at all for errors of law, it is available only to debt collectors who can establish that they reasonably relied on either: (1) the legal opinion of an attorney who has conducted the appropriate legal research, or (2) the opinion of another person or organization with expertise in the relevant area of law-for example, the appropriate government agency. ¶  Measured against this standard, the defendants’ procedures fall short. Although the defendants have produced evidence that their employees attended training sessions on FDCPA compliance, and that they had procedures in place to prevent violations of other provisions of the FDCPA, they point to no evidence in the record indicating that they ever sought legal or regulatory advice as to whether the collection letter and notice were in compliance with the FDCPA. The defendants claim that they reasonably relied on a 2001 pamphlet titled “Questions and Answers about New Federal Privacy Regulations As They Apply to Debt Buyers and Other ‘Financial Institutions.’ “ R.57, Ex. G at 1. The pamphlet, which was written by an attorney and published by the Debt Buyers’ Association, suggests that “a possible way to comply [with Gramm-Leach-Bliley] would be to have the third party collector send out your entity’s privacy notice on your ‘financial institution’s’ letter-head; for economy, that notice could be included with that agency’s or law firm’s FDCPA validation letter.” Id. at 12. The defendants claim that their reliance on this advice was reasonably adapted to prevent legal mistakes.    We disagree. The pamphlet falls far short of a legal opinion on which it was reasonable for the defendants to rely for the proposition that their letter and the notice were in compliance with the FDCPA. First of all, the pamphlet does not purport to give advice about the FDCPA; it is focused on compliance with federal regulations implementing the privacy provisions in the Gramm-Leach-Bliley Act. Second, the pamphlet specifically disclaims that it is providing legal advice, and directs the reader to consult an attorney before taking any action.