Michelle Hon Donovan

January 10, 2024 by Duane Morris

FCC Order Closes TCPA Lead Generator Loophole – Requires One-to-One Consent and Applies Do-Not-Call Requirements to Texts

On December 18, 2023, the Federal Communications Commission (“FCC”) released a Second Report and Order, Further Notice of Proposed Rulemaking, and Waiver Order (“Report and Order”) outlining new rules and regulations under the Telephone Consumer Protection Act (“TCPA”) to limit unwanted and unlawful texting. The FCC Order explicitly seeks to close the “lead generator loophole” by which lead generators rely on a single consent granted by the consumer to apply to multiple businesses at once.

Key rules in the Report and Order likely to apply to educational institutions include:

One-to-One Consent. The Order amends the “prior express written consent” requirement to state that consent must clearly and conspicuously authorize communications using an auto dialer or prerecorded message from a single seller at a time (i.e. “one-to-one consent”) and that such calls and texts must be logically and topically related to the interaction the prompted consent.
Codifying DNC Rule for Texts. The Order codifies prior FCC and court precedent that the application of the TCPA’s Do-Not-Call (“DNC”) Registry provisions apply to text messages, making it illegal for marketing texts to be sent to numbers on the Registry without an exception.

The FCC included a reminder to companies that burden of proof is on the texter or caller (not the lead generator) to prove that they have obtained valid consent. Businesses that use lead generators should review their contracts with these service providers to ensure compliance with these new rules and audit all lead generation sites for compliance. Any schools that use text marketing should also review their texting and Do-Not-Call policies to ensure they are compliance with these new rules.

Read the full Alert on the Duane Morris LLP website.

October 22, 2020December 17, 2020 by Duane Morris

2020 ASU GSV Summit Session Replays Available

Duane Morris was a sponsor of the 2020 ASU GSV summit. Several of our attorneys presented at this year’s virtual conference. Below are replays from select sessions.

Ed Tech Policy Session | September 29, 2020

Consumers of education services – students of all ages and the entities that serve them – are hungry for dramatic changes in the education landscape that will deliver increased access, equity, affordability, quality and workforce relevance. Ed Tech has begun to deliver on those needs in extraordinary ways, and the potential is untapped. However, innovation in the market has outpaced how existing regulations and policy govern education as a service. This session will: (1) review friction points our lawyers have observed between Ed Tech models and the current state, federal and accreditor regulatory regimes that apply to educational businesses and educational institutions (and how to spot, anticipate and plan for them), (2) report on recent changes in federal law and policy to promote and foster innovation (including the U.S. Department of Education’s new Distance Education and Innovation Final Rule and increased accreditor flexibilities) and (3) discuss threats and opportunities that may arise from the next Congress and Administration, and how Ed Tech stakeholders can help shape education policy.

Speakers

Katherine Brodie, Partner, Duane Morris LLP
Kristina Gill, Special Counsel, Duane Morris LLP
Nicholas Kent, Senior Education Policy Advisor, Duane Morris LLP

Schools Not Tools | September 30, 2020

EdTech providers increasingly are crossing over from a supporting role to education delivery. Join us to talk about what the regulatory and legal ramifications are to being a school.

Moderator: Tony Guida, Partner, Duane Morris LLP
Speaker: Michelle Donovan, Partner, Duane Morris LLP

Privacy, Data Protection and Intellectual Property Considerations for EdTech Startups | October 8, 2020

This interactive session will cover some of the common legal issues that emerging EdTech companies grapple with in the areas of IP ownership, privacy, and data protection.

Speaker: Michelle Donovan, Partner, Duane Morris LLP

September 3, 2020 by Duane Morris

Active Ransomware Campaign Targeting Education Institutions

By Michelle Hon Donovan

The Department of Education issued a security alert stating that multiple schools have reported that they have suffered ransomware attacks. Ransomware is a type of malware that uses encryption to block access to a computer system unless a ransom is paid. Ransomware is commonly embedded in email attachments that infect a computer when opened. However, the Department of Education states that phishing attacks have been the primary method used in these reported cases, where the attackers used phishing schemes to gain access to account credentials and then used those credentials to install the ransomware.

The Department of Education recommends that schools implement the following cybersecurity practices to protect against such attacks:

Establish a data backup process, ensure the backups are available and accessible, and store the backups offline
Implement multi-factor authentication to mitigate account compromises
Regularly patch hardware and software
Continuously monitor institutional network to detect unauthorized access and malware
Create and update your Incident Response Plan
Ensure training resources emphasize phishing, as it is frequently the compromising entry point for cyber attacks

The Department also reminds schools that ransomware attacks should be reported immediately to the FSA security team.

February 20, 2020 by Duane Morris

California Attorney General Proposes Modified CCPA Regulations – Overview of Significant Proposed Changes

On February 10, 2020, California’s Office of the Attorney General proposed a modified version of the California Consumer Privacy Act (CCPA) regulations first published on October 11, 2019. The initial proposed regulations were summarized in our previous Alert.

The deadline for providing comments on the modified proposed regulations is February 25, 2020. This Alert summarizes some of the most significant proposed changes to the regulations. A more detailed summary, including new practical CCPA examples, can be found in our blog posts regarding changes to: (1) definitions and consumer notice requirements; (2) requirements for consumer requests and verification; and (3) requirements for service providers, authorized agents, minors, nondiscrimination and calculating the value of consumer data.

View the full Alert on the Duane Morris LLP website.

August 14, 2019August 14, 2019 by Duane Morris

Webinar: How the CCPA Impacts the Higher Education Industry

The California Consumer Privacy Act of 2018 Webinar Series will be hosting its third installment, “How the CCPA Impacts the Higher Education Industry,” to be held on September 5, 2019. The webinar will be presented by Duane Morris attorneys Brandi A. Taylor and Michelle Hon Donovan.

Photo of attorney Michelle Hon Donovan — Michelle Hon Donovan

This session provides an overview of the new law and how it applies to schools and companies in the education sector. Nonprofit educational institutions are exempt from the new law. However, it will apply to any for-profit education institutions, service providers and technology companies that collect any information on California residents and meet any of the following criteria:

Have an annual gross revenue of $25 million or more;
Collect, sell or share for commercial purposes the personal information of at least 50,000 consumers, households or devices annually; or
Derive at least 50 percent of annual revenue from selling consumers’ personal information.

To register for this webinar, please visit the Duane Morris website.