A replay of Compliance and Best Practices for Catalogs, Publications and Student-Facing Materials is available for viewing.
Supreme Court Declines to Hear Challenge to Race-Conscious Secondary School Admissions Policy
On February 20, 2024, the Supreme Court denied the Petitioners’ request for a writ of certiorari in Coalition for TJ v. Fairfax County School Board. This denial followed the Court’s recent decisions striking down race-conscious admissions programs at Harvard University, in Students for Fair Admissions, Inc. v. Harvard SFFA, and a similar case from the University of North Carolina. Some expected the Court to seize this opportunity to prohibit similar admissions criteria in secondary schooling. Such a determination, however, is reserved for now. Because its model has escaped scrutiny from the Supreme Court, the policy at Thomas Jefferson High School for Science and Technology (“Thomas Jefferson HS”) may very well become a model for K-12 institutions that want to diversify their student body without protracted legal challenges or drawing the ire of the Supreme Court. Continue reading “Supreme Court Declines to Hear Challenge to Race-Conscious Secondary School Admissions Policy”
Webinar: Plan for Change: Regulations and Guidance with Significant Operational Impact
Duane Morris will present the third session of our Boot Camp for Education Legal Leadership webinar series, Plan for Change: Regulations and Guidance with Significant Operational Impact, to be held on Wednesday, March 20, 2024, from 2:00 p.m. Eastern/11:00 a.m. Pacific.
Webinar: Compliance and Best Practices for Catalogs, Publications and Student-Facing Materials
Duane Morris is hosting Compliance and Best Practices for Catalogs, Publications and Student-Facing Materials, the second session in its Boot Camp for Education Legal Leadership series. The webinar takes place Wednesday, February 28, 2024, at 2:00 p.m. Eastern | 11:00 a.m. Pacific.
About the Program
The start of the year is an excellent time for institutions to review their policies and establish a review cycle for all of their student-facing publications. In this session, Duane Morris Education attorneys will discuss strategies and best practices for institutions conducting policy, catalog and handbook reviews for the 2023-24 academic year with a focus on the value these materials have in mitigating institutional risk in the current active regulatory climate.
Webinar Replay: The Regulatory Landscape ‒ A Dynamic and Disruptive 12 Month
FCC Order Closes TCPA Lead Generator Loophole – Requires One-to-One Consent and Applies Do-Not-Call Requirements to Texts
On December 18, 2023, the Federal Communications Commission (“FCC”) released a Second Report and Order, Further Notice of Proposed Rulemaking, and Waiver Order (“Report and Order”) outlining new rules and regulations under the Telephone Consumer Protection Act (“TCPA”) to limit unwanted and unlawful texting. The FCC Order explicitly seeks to close the “lead generator loophole” by which lead generators rely on a single consent granted by the consumer to apply to multiple businesses at once.
Key rules in the Report and Order likely to apply to educational institutions include:
- One-to-One Consent. The Order amends the “prior express written consent” requirement to state that consent must clearly and conspicuously authorize communications using an auto dialer or prerecorded message from a single seller at a time (i.e. “one-to-one consent”) and that such calls and texts must be logically and topically related to the interaction the prompted consent.
- Codifying DNC Rule for Texts. The Order codifies prior FCC and court precedent that the application of the TCPA’s Do-Not-Call (“DNC”) Registry provisions apply to text messages, making it illegal for marketing texts to be sent to numbers on the Registry without an exception.
The FCC included a reminder to companies that burden of proof is on the texter or caller (not the lead generator) to prove that they have obtained valid consent. Businesses that use lead generators should review their contracts with these service providers to ensure compliance with these new rules and audit all lead generation sites for compliance. Any schools that use text marketing should also review their texting and Do-Not-Call policies to ensure they are compliance with these new rules.
Read the full Alert on the Duane Morris LLP website.
New California Laws Regarding Non-Compete Agreements
Non-compete agreements are unenforceable in California unless given in connection with the sale of a business, sale of equity in a business or dissolution of a partnership or LLC. Effective January 1, 2024, Business and Professions Code 16600 has been amended (and section 16600.1 has been added) to make clear that these provisions are unenforceable and require businesses to notify current and former employees.
Business and Professions Code 16600 has been amended to make clear that it is impermissible to include non-compete provisions in any employment agreement or to attempt to enforce them. Business and Professions Code section 16600.1 has been added requiring an employer that has included these restrictions in employment agreements in the past to notify the employees or former employees in writing that these restrictive covenants will not be enforced. This is an affirmative obligation, and the notification must be individually addressed and sent by February 14, 2024.
Persons who need to be notified are current and former employees who have or had an agreement with the company that contained impermissible noncompete or nonsolicit restrictions, and who worked for the company for any period of time after January 1, 2022.
A failure to send the notice is declared in 16600.1 to be an act of unfair competition.
Please see the Duane Morris Client Alert for additional details.
Webinar: The Regulatory Landscape ‒ A Dynamic and Disruptive 12 Month
Duane Morris will present Boot Camp for Education Legal Leadership, Session 1: The Regulatory Landscape ‒ A Dynamic and Disruptive 12 Months, on Wednesday, January 24, 2024, at 2:00 p.m. Eastern time/11:00 a.m. Pacific time.
The past 12 months have been one of the most active in recent memory for the U.S. Department of Education in publishing new regulations and issuing new policy guidance in the area of Title IV, Higher Education Act compliance. Join the Education Industry Group at Duane Morris for review and analysis of these developments and how they impact your institution, both now and in the near future.
Continue reading “Webinar: The Regulatory Landscape ‒ A Dynamic and Disruptive 12 Month”
2023 Fiscal Audits Will Include More Detailed Data Security Compliance Requirements
If you are a Title IV institution, compliance with the revised Safeguards Rule and implementation of the data security controls set forth in the revised Rule is now a required segment of your annual financial audit.
The Federal Trade Commission’s (FTC) amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) became effective on June 9, 2023. The comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher education. The U.S. Department of Education has increased enforcement authority by requiring auditors to verify an institution’s compliance with components of the Safeguard Rule.
In March, the U.S. Department updated the Guide for Financial Statement Audits of Propriety Schools and For Compliance Attestation Examination Engagements of Proprietary Schools and Third-Party Servicers Administering Title IV Programs (“Audit Guide”). The Audit Guide is effective for fiscal years beginning on or after January 1, 2023, and will be in place for all audits conducted in 2024 and beyond.
The Audit Guide reinforces that Title IV institutions must adhere to the strict cybersecurity requirements set forth in the Safeguards Rule including a requirement to “develop, implement, and maintain a written, comprehensive information security program.” The objective is to “Determine whether the school designated an individual to oversee, implement, and enforce the school’s information security program and whether the school’s written information security program addresses six additional required elements.”
In addition to verifying that the institution has designated a qualified individual, the auditor must also verify:
1. The information security program is based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks;
2. Design and implementation of eight safeguards set forth in the regulation to control the risks the school or servicer identifies through its risk assessment;
3. Regular testing or otherwise monitoring the effectiveness of the safeguards implemented;
4. Implementation of policies and procedures to ensure that personnel are able to enact the information security program;
5. How the school or servicer will oversee its information system service providers; and
6. The evaluation and adjustment of an institution’s information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the information security program.
An institution’s failure to implement an information security program with the required elements by June 9, 2023 (the effective date of the Safeguards Rule) may result in an audit finding. If an institution has not implemented an information security program with the required elements by December 31, 2023, the institution will receive an audit finding and must submit a Corrective Action Plan (“CAP”). Moreover, FSA’s Cybersecurity Team and the Federal Trade Commission (FTC) will be informed of the audit findings regarding the Safeguards Rule and may request additional information to assess the level of risk to student data.
In an Electronic Announcement issued in February 2023 regarding cybersecurity compliance, the Department stated that a finding of non-compliance will be resolved as part of the Department’s determination of an institution’s administrative capability. Additionally, repeated non-compliance may result in administrative action impacting Title IV participation.
EdUp Legal Podcast: The Latest on DOE Regulations
Tony Guida, Duane Morris partner and Team Lead of the Education Industry Group, is featured in the EdUp Legal podcast.
In the episode, Tony discussed the Department of Education’s most recent suite of regulations impacting institutions’ participation in the Title IV program, specifically with respect to certification, financial responsibility and administrative capability.