Texting and Privacy Laws: What schools must know when texting students

Posted by Brian Ruhlmann on October 17, 2016
Find me on:

Considering that 90 percent of text messages are read within 3 minutes and 45 percent elicit a response from the recipient, it seems like texting should play a big part in colleges’ communications and outreach strategies, right?

In a word, yes! But it’s important to understand how texting and privacy laws and consumer protection regulations relate to schools' efforts to properly and effectively text students.

Disclaimer: I am not a lawyer. And there are key differences among various schools: whether they’re nonprofit or for-profit, how and when they’re engaging with students, the intent and nature of the messages they’re sending. But all colleges and universities should be aware of a few laws pertaining to texting prospective and current students and their families.

TCPA

Cellphone with inscription: "No robocalls!"One of the most important acts to abide by is the Telephone Consumer Protection Act. The TCPA was passed by Congress in 1991 to stop telemarketers from sending out unwanted messages to millions of people without any way to opt out of these messages. At a high level, the TCPA prohibits telemarketers from calling or texting without prior express consent when using an autodialer or mass calling/texting system. The three main parts of the TCPA are Do-Not-Call Restrictions, Limitations on Prerecorded Calls, and Limitations on Calls and Texts to Mobile Phones using an Autodialer.

The twist for many schools is that tax-exempt, nonprofit organizations are not subject to some provisions of the TCPA. Schools that send out informational and educational information are well within the bounds of allowable territory. Nonprofits in general are not held to as high of a standard as commercial organizations in terms of getting consent before calling or messaging. For nonprofits they must have oral consent or express consent. For example, this could come from the Common Application or an opt-in box on a webform or inquiry card.

And if a student provides a cellphone number, schools are free to assume consent. (We also recommend confirming consent via an initial text message, but there’s more on that below.)

In August 2016, the FCC cleared up some gray area in the TCPA, determining that people who provide their mobile number to a school have provided their express prior consent to receive communications related to the school's core functions. The caveat is that communications regarding non-school-related information is likely not exempt, but again, that shouldn’t be an issue for schools so long as they steer clear of commercial content unrelated to educational or institutional matters.

In short, the National Association for College Admission Counseling (NACAC) has said that “Non-profit colleges and universities should not be concerned about compliance with this law," but NACAC does recommend reading up on the TCPA and following it closely.  

To summarize some of the best practices for schools in terms of following the TCPA, we recommend:

  • Having students opt into messages with written express consent
  • Texting students only about information pertaining to the university and not for commercial reasons
  • Giving students an opportunity to immediately and easily opt out of text messages (such as replying “stop” or “unsubscribe”)
  • Immediately introducing the school’s identity and the reason it’s reaching out to the student

FERPA

Another key act to be aware of is the Family Educational Rights and Privacy Act. FERPA protects the privacy of student education records. This is especially important with texting because there is the potential for a lot of sensitive information to be transferred. If you are texting your students and/or their families, you must be sure that you are texting with a secure, FERPA-compliant system. AdmitHub’s proprietary software is FERPA compliant, but texting on one’s own personal phone might not be, depending on its security systems.

With regard to FERPA, colleges should also be careful about sending (or soliciting) sensitive information via SMS.  That means no social security numbers, sensitive financial information, or student grades.  As in healthcare, you may still send this information via SMS but only if the user has been presented with the risks and expressly consented.

Security measures for SMS and messaging

Texting is not the most secure means of communication and can be susceptible to "spoofing." Most SMS providers don't have anti-spoofing protection, but good ones do. At AdmitHub, we require users to reply with validation codes to prevent unauthorized access from hackers.

One last note: "Messaging" goes far beyond texting.  In fact, other platforms such as Facebook Messenger support full end-to-end encryption, making them even more secure than SMS or email.

If you are planning or evaluating text messaging options for your school, we offer a free Higher Education Communications Consultation to go over some best practices in messaging students and to help answer questions that are coming up in your research.

Photo credit: Mike Licht, NotionsCapital.com via Foter.com / CC BY

Topics: College Admissions, colleges, messaging, texting, recruitment