Marketing Considerations Through the Lens of Regulations, Policies and Compliance

The misrepresentation regulation (34 CFR §668.71 through 668.75), enforced by the U.S. Department of Education, prohibits educational institutions from providing false, misleading, or deceptive statements about their programs, financial charges, or the employability of their graduates. The 2022 version of the Borrower Defense to Repayment Rule, which is subject to ongoing litigation and not currently enforceable by court order, made the “omission of facts” actionable, as defined under §668.75, whereby a reasonable person would have considered the omitted information in making a decision to enroll or continue attendance at the institution. The misrepresentation regulation aims to protect students from being misled about key aspects of their education, such as the quality of the programs, job placement rates, and availability of financial aid. It requires that all claims in marketing and recruitment materials be substantiated and truthful, ensuring transparency and accountability in higher education. 

If a student feels that they have been misled by a false claim made by an institution, they have the right to seek loan forgiveness under the “Borrower Defense to Repayment” (BDR) regulation (34 CFR §685.206). If your institution is found to have misled students or engaged in other misconduct related to federal loans or educational services and a BDR claim is granted, the Department of Education may seek to recover the discharged loan amounts from the institution. BDR claims often arise from allegations of misrepresentation concerning costs, post-graduation employment prospects, credit transferability, or accreditation status​. As such, it's crucial for marketers to ensure that all promotional materials and communications are accurate and transparent to not only do the right thing, but also avoid potential BDR claims​.

As discussed in UPCEA’s Policy Primer, “Digital Accessibility Requirements for Online Learning,” marketing professionals in higher education need to understand the importance of complying with digital accessibility regulations to ensure that all online content, including websites and marketing materials, is accessible to individuals with disabilities. For public institutions of higher education, compliance with Title II of the Americans with Disabilities Act (ADA) requires that digital content meet the Web Content Accessibility Guidelines (WCAG) 2.1, Level AA standards. Enforcement activities involving private and nonprofit institutions will also generally incorporate these same standards in settlements and resolution agreements despite the absence of an explicit conformance requirement in existing regulations for these institutions. WCAG 2.1, AA conformance involves making sure that all multimedia content, such as images and videos, includes alternative text descriptions and captions, that websites are navigable via keyboard for individuals who cannot use a mouse, and that color contrasts are sufficient to ensure readability for people with visual impairments. Additionally, marketing professionals must regularly audit their digital content to identify and address any accessibility issues and ensure that third-party vendors also adhere to these standards. Keep in mind that state-specific regulations may impose even stricter accessibility requirements.

Marketers in higher education need to be aware of, and be in compliance with, the various state regulations that govern the activities of university and college recruiters crossing state lines, particularly for those institutions not participating in the National Council for State Authorization Reciprocity Agreements (NC-SARA). States individually regulate out-of-state institutions to ensure they meet local educational standards and consumer protections. 

Non-SARA institutions must navigate a complex landscape of varying state regulations, which can include restrictions on marketing practices, recruitment activities, and delivery of online programs. For example, Tennessee requires out-of-state institutions to apply for authorization if they want to operate in Tennessee, which includes advertising and recruiting. So if a non-SARA institution wanted to have a billboard or on-the-ground recruiter in Tennessee, they would need authorization from the Tennessee Higher Education Commission first. Tennessee is not unique with this requirement. These regulations are designed to protect students from fraudulent or substandard educational offerings and to ensure that institutions provide accurate information about program costs, accreditation, and educational outcomes​. Without NC-SARA membership, institutions face the administrative burden and cost of obtaining authorization from each state where they wish to operate, which can complicate marketing strategies and limit outreach potential​. 

For non-SARA institutions, understanding and complying with these state-specific regulations is crucial for marketers to legally and effectively promote educational programs across state lines, ensuring that all marketing practices align with both federal and state guidelines to maintain institutional credibility and protect student interests.

Beyond SARA, marketers must be aware of the language and data they use to promote programs on websites and ads, such as job employment data or salaries earned. Further, marketers must know whether their accreditor, or the state they are operating in, allows them to market programs that have not yet been fully approved by their accreditor, or what language must be used when marketing a program that is awaiting approval. 

As institutions continue to collect large quantities and different types of student information, the concern around data privacy becomes more and more important. This consideration is vital to take into account as marketing professionals design new and innovative ways to support the enrollment, registration, and retention of students in online and professional continuing education programs.  Regardless of the route taken, institutions gather large amounts of sensitive, personal data, all of which make for appealing targets for attacks. Being that students are trusting institutions with this information, it is vital that institutions take the proper steps to protect this information beginning with lead generation. 

Through the process of gathering student information, it is important that these avenues, which in recent times have been largely online, follow the various collection policies as outlined by the institution or state governing agencies. Offices of higher education have the authority to act under state and federal law to access, maintain, and secure educational, personal, and financial records. Many of these laws are based on the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Family Educational Rights and Privacy Act (FERPA), and other state-based government data privacy acts. 

General Data Protection Regulation (GDPR)

As it pertains to marketing for online and professional education units, the GDPR provides data privacy and security law for countries around the world in efforts to outline the necessary obligations that organizations anywhere must adhere to. Being that many of our community’s units reach and enroll students from around the globe, it is necessary to stay in compliance with the regulations outlined by the GDPR to avoid penalties. Besides holding institutions accountable for the collected data, one of the key tenants of the GDPR is transparency. Higher education institutions must be transparent about what and why certain information is being collected, and how the information will be used and protected. For marketers, this is crucial when launching data-gathering forms, in addition to placing tracking cookies on websites. 

California Consumer Privacy Act (CCPA)

Another commonly followed privacy act is the CCPA, outlined in 2018, that gives users more control over the information collected by organizations. As marketing efforts aim to attract and enroll students, it is important that this act be taken into consideration to ensure that a prospective student is aware of their rights to: know what is being collected; delete information once collected; opt-out of sharing information; correct information; and limit use of collected information. 

China Personal Information Protection Law (PIPL)

Though only a few years old, the Chinese government set in place a consumer privacy law for its citizens effective November 1, 2021, that is similar to the European Union’s GDPR in a number of ways. What is dissimilar, however, is the lack of a “legitimate interest” exception where under GDPR, companies and organizations may handle or process personal information if it is gathered legally and justifiably. Another area of divergence is that once data gathering reaches a certain quantity, data must be stored in China. Data transfer outside China but be approved by the Cyberspace Administration of China. The PIPL is vague on what the quantity limit is and what data would be approved for transfer outside the country. 

Federal Educational Rights and Privacy (FERPA)

The Family Educational Rights and Privacy Act (FERPA) is a federal statute that confers upon parents the right to access their children’s educational records, request amendments to those records, and control the disclosure of personally identifiable information contained therein. Upon a student reaching the age of 18 or enrolling in a postsecondary institution, these rights transfer from the parents to the student. This regulation is applicable to educational agencies or institutions that receive funding from programs administered by the Secretary of Education, provided they offer educational services or have authority over public elementary, secondary, or postsecondary educational institutions. 

The U.S. Department of Education has recently proposed a negotiated rulemaking session to update regulations on third-party servicers (TPS) that aims to expand oversight and ensure greater accountability among entities that administer any aspect of federal student aid programs on behalf of educational institutions. The upcoming regulatory changes could significantly broaden the definition of TPS to include many activities and functions performed by outside entities, such as marketing, student recruitment, enrollment management, and technology-related support that is often provided by Online Program Managers (OPMs).

Marketing professionals in higher education, particularly those working in online learning, need to be aware of these proposed regulations because they can impact how institutions engage with external vendors. While still unclear on what changes may occur, based on the actions attempted in 2023, the proposed regulations, which have been in flux and are not yet enforced or codified, could require institutions to report all TPS arrangements to the Department of Education and ensure these agreements include specific terms to comply with Title IV requirements.