FCC Order Closes TCPA Lead Generator Loophole – Requires One-to-One Consent and Applies Do-Not-Call Requirements to Texts

On December 18, 2023, the Federal Communications Commission (“FCC”) released a Second Report and Order, Further Notice of Proposed Rulemaking, and Waiver Order (“Report and Order”) outlining new rules and regulations under the Telephone Consumer Protection Act (“TCPA”) to limit unwanted and unlawful texting. The FCC Order explicitly seeks to close the “lead generator loophole” by which lead generators rely on a single consent granted by the consumer to apply to multiple businesses at once.

Key rules in the Report and Order likely to apply to educational institutions include:

  • One-to-One Consent. The Order amends the “prior express written consent” requirement to state that consent must clearly and conspicuously authorize communications using an auto dialer or prerecorded message from a single seller at a time (i.e. “one-to-one consent”) and that such calls and texts must be logically and topically related to the interaction the prompted consent.
  • Codifying DNC Rule for Texts. The Order codifies prior FCC and court precedent that the application of the TCPA’s Do-Not-Call (“DNC”) Registry provisions apply to text messages, making it illegal for marketing texts to be sent to numbers on the Registry without an exception.

The FCC included a reminder to companies that burden of proof is on the texter or caller (not the lead generator) to prove that they have obtained valid consent. Businesses that use lead generators should review their contracts with these service providers to ensure compliance with these new rules and audit all lead generation sites for compliance. Any schools that use text marketing should also review their texting and Do-Not-Call policies to ensure they are compliance with these new rules.

Read the full Alert on the Duane Morris LLP website.

New California Laws Regarding Non-Compete Agreements

Non-compete agreements are unenforceable in California unless given in connection with the sale of a business, sale of equity in a business or dissolution of a partnership or LLC.  Effective January 1, 2024, Business and Professions Code 16600 has been amended (and section 16600.1 has been added) to make clear that these provisions are unenforceable and require businesses to notify current and former employees.

Business and Professions Code 16600 has been amended to make clear that it is impermissible to include non-compete provisions in any employment agreement or to attempt to enforce them. Business and Professions Code section 16600.1 has been added requiring an employer that has included these restrictions in employment agreements in the past to notify the employees or former employees in writing that these restrictive covenants will not be enforced.  This is an affirmative obligation, and the notification must be individually addressed and sent by February 14, 2024.

Persons who need to be notified are current and former employees who have or had an agreement with the company that contained impermissible noncompete or nonsolicit restrictions, and who worked for the company for any period of time after January 1, 2022.

A failure to send the notice is declared in 16600.1 to be an act of unfair competition.

Please see the Duane Morris Client Alert for additional details.

Webinar: The Regulatory Landscape ‒ A Dynamic and Disruptive 12 Month

Duane Morris will present Boot Camp for Education Legal Leadership, Session 1: The Regulatory Landscape ‒ A Dynamic and Disruptive 12 Months, on Wednesday, January 24, 2024, at 2:00 p.m. Eastern time/11:00 a.m. Pacific time.

The past 12 months have been one of the most active in recent memory for the U.S. Department of Education in publishing new regulations and issuing new policy guidance in the area of Title IV, Higher Education Act compliance. Join the Education Industry Group at Duane Morris for review and analysis of these developments and how they impact your institution, both now and in the near future.


Continue reading “Webinar: The Regulatory Landscape ‒ A Dynamic and Disruptive 12 Month”

2023 Fiscal Audits Will Include More Detailed Data Security Compliance Requirements

If you are a Title IV institution, compliance with the revised Safeguards Rule and implementation of the data security controls set forth in the revised Rule is now a required segment of your annual financial audit.

The Federal Trade Commission’s (FTC) amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) became effective on June 9, 2023. The comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher education. The U.S. Department of Education has increased enforcement authority by requiring auditors to verify an institution’s compliance with components of the Safeguard Rule.

In March, the U.S. Department updated the Guide for Financial Statement Audits of Propriety Schools and For Compliance Attestation Examination Engagements of Proprietary Schools and Third-Party Servicers Administering Title IV Programs (“Audit Guide”). The Audit Guide is effective for fiscal years beginning on or after January 1, 2023, and will be in place for all audits conducted in 2024 and beyond.

The Audit Guide reinforces that Title IV institutions must adhere to the strict cybersecurity requirements set forth in the Safeguards Rule including a requirement to “develop, implement, and maintain a written, comprehensive information security program.” The objective is to “Determine whether the school designated an individual to oversee, implement, and enforce the school’s information security program and whether the school’s written information security program addresses six additional required elements.”

In addition to verifying that the institution has designated a qualified individual, the auditor must also verify:

1.     The information security program is based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks;

2.     Design and implementation of eight safeguards set forth in the regulation to control the risks the school or servicer identifies through its risk assessment;

3.     Regular testing or otherwise monitoring the effectiveness of the safeguards implemented;

4.     Implementation of policies and procedures to ensure that personnel are able to enact the information security program;

5.     How the school or servicer will oversee its information system service providers; and

6.     The evaluation and adjustment of an institution’s information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the information security program.

An institution’s failure to implement an information security program with the required elements by June 9, 2023 (the effective date of the Safeguards Rule) may result in an audit finding. If an institution has not implemented an information security program with the required elements by December 31, 2023, the institution will receive an audit finding and must submit a Corrective Action Plan (“CAP”). Moreover, FSA’s Cybersecurity Team and the Federal Trade Commission (FTC) will be informed of the audit findings regarding the Safeguards Rule and may request additional information to assess the level of risk to student data.

In an Electronic Announcement issued in February 2023 regarding cybersecurity compliance, the Department stated that a finding of non-compliance will be resolved as part of the Department’s determination of an institution’s administrative capability. Additionally, repeated non-compliance may result in administrative action impacting Title IV participation.

EdUp Legal Podcast: The Latest on DOE Regulations

Tony Guida, Duane Morris partner and Team Lead of the Education Industry Group, is featured in the EdUp Legal podcast.

In the episode,  Tony discussed the Department of Education’s most recent suite of regulations impacting institutions’ participation in the Title IV program, specifically with respect to certification, financial responsibility and administrative capability.

Listen to the EdUp Legal podcast, hosted by Deborah Solmor.

White House’s Executive Order on Artificial Intelligence Identifies Education as a Critical Field for AI Use and Oversight

The White House’s October 30, 2023, Executive Order on Safe, Secure and Trustworthy Artificial Intelligence provides insight into the future of regulating the development and use of artificial intelligence models in the United States.

The executive order identifies education as a critical field where the federal government will take advantage of advances in AI technologies, but also needs to protect consumers and the public from adverse impacts. Job training and education will provide access to students to learn about AI. Resources will be made available to those who experience displacement in the workforce due to AI. The order makes clear that the federal government will continue to enforce existing consumer protections as AI evolves. These include those safeguarding consumers from “fraud, unintended bias, discrimination, infringements on privacy, and other harms from AI.”

The executive order also directs the Secretary of Education to develop policies concerning the use and impact of AI in education in consultation with stakeholders. This will include the creation of an “AI toolkit” for institutions to use in implementing the department’s recommendations concerning appropriate use of AI, including human review of AI decisions, the design of AI to enhance trust and safety, and alignment of AI systems with U.S. privacy laws and regulations, among other things.

Read our full cross-practice alert about the Executive Order here

Department of Education’s Final Rule on Financial Value Transparency and Gainful Employment Published

On October 10, 2023, the U.S. Department of Education published the final rule on financial value transparency and gainful employment (88 Fed. Reg. 70004). The regulation restores and expands an accountability framework for career-specific training programs. At the same time, the regulation creates, for the first time, a new disclosure framework applicable to educational programs offered by all institutions participating in the Title IV, Higher Education Act (HEA) federal student aid funding programs.

This summary provides an overview of important facts and key elements of the final rule.

Read the full Alert on the Duane Morris LLP website.

Webinar: Understanding Borrower Defense to Repayment Claims

Duane Morris is hosting the webinar Understanding Borrower Defense to Repayment Claims on Thursday, October 5, 2023, from 2:00 pm to 3:00 p.m. Eastern.


About the Program

Institutions of higher education – public, nonprofit and proprietary – have reached out to Duane Morris’ Education Group with questions and concerns regarding Borrower Defense to Repayment claims. Join us for recommendations on how to handle these inquiries, insights on best practices and what to expect in terms of next steps.

Continue reading “Webinar: Understanding Borrower Defense to Repayment Claims”

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress