Use of Text Messaging Services
Sponsor: |
Associate Vice President for Enrollment Marketing |
|---|---|
Contact: |
CRM Operations Manager |
Category: |
Information Security and Technology |
Number: |
1000.013 |
Effective Date: |
09/01/2022 |
Implementation History: |
First draft 7/1/2021, second draft 7/26/2023 |
Keywords: |
Text, Mobile Phone, SMS, Short Code, Long Code |
Background Information: |
Traditional communication means are identified as email, mail and phone. These traditional channels will remain SUNY Empire’s primary channels. However, our prospective and current students will also have an option of SMS/text messaging as another means to receive information. |
Purpose
The purpose of this policy is to establish how SUNY Empire will leverage SMS/text messages to communicate and distribute information to prospective and current students that is compliant with internal and external regulations and policies and to align with the university’s marketing strategy and brand recognition and values.
This policy respects and maintains individuals’ rights and privacy, while maximizing efficiency and effectiveness in communicating messages that align with SUNY Empire’s overall mission to prospects and students.
Definitions
Proxy number: Texting that occurs from an individual at the university, but the number that is displayed to the recipient is not the phone number of the sender. The sender may be using an application to send the message to an individual or group of individuals.
Statements
Scope
The scope of this policy is limited to application to person texting (A2P). This includes texting that occurs from an individual at the university using a proxy number.
Anyone wishing to send SMS/text messages to individuals who are prospects (inquiries), applicants, or students, for university business, will do so through one of the university’s approved Customer Relationship Management applications (CRM) or Student Information Systems (SIS).
Authority
To ensure messages are aligned with SUNY Empire branding, marketing strategy, and values, and to ensure compliance, all SMS/text messages must be approved. The Vice President for Enrollment Management and Marketing will provide oversight of texts sent to prospects and applicants, the Associate Provost for Student Success will provide oversight of texts sent to students, and the Assistant Vice President of Operations will approve text messages sent for emergency purposes and information technology updates. Each approver may assign a designee. Approvers and designees are encouraged to work together to ensure message frequency, format, and intent align with the university’s overall communication plan. Approvers and designees have the authority to review all SMS/text messages within the scope of this policy, including but not limited to the content, targeted audience, purpose, and the timing of execution of such message(s). Approvers and designees have the right to request adjustments and/or deny suggested SMS/text messages.
Opt-in
By default, all prospects, students, and employees have the status of opt-out until an individual specifically consents to opt-in to a SMS/text message program. Individuals must opt-in to every type of text separately. Enrolling a member in multiple types of text based on a single opt-in is prohibited. SUNY Empire will provide a clear process for individuals to opt-in and opt-out of SMS/text messages. No unsolicited SMS/text message will be sent without prior expressed consent from the individual, nor will the individual receive SMS/text messages after an individual has requested to opt-out, with the exception of the opt-out confirmation.
Individuals will receive a confirmation when they opt-in to each type of text message and when they opt-out. Reminders of their consent to receive messages will occur at least annually for each type of text they have “opted-in” for.
Requests for opt-in/opt-out are required to be processed daily.
Content
No text will be sent on behalf of the university that contains or promotes sex, hate, alcohol, firearms or tobacco. No texts will be sent that violate any SUNY Empire policy.
The content, message, and intent of a text must match the description of the text type that an individual has opted in for. Similar or like texts will not be sent through more than one text type in the same time frame. This is to prevent the possibility of pursuing the act of “Snowshoeing”, a technique used to spread messages across many sending phone numbers to evade compliance.
All SMS/text messages, regardless of type, will be done to advance the university’s mission in accordance with the university’s core values. SMS/text messages will be used to support and enhance existing communications and will not be used as the primary communication vehicle.
No component of SMS/text messages may be deceptive about the underlying program’s
functionality, features, or content.
Sending
In compliance with applicable regulations, text messages will:
- Display appropriate keywords, messages, descriptions, and disclosures as applicable.
- When texted, the keyword “HELP” will return a message with instructions on how to contact Empire State University for assistance.
- Be sent during regular business hours, based on the time zones of individual(s).
- Not be sent during documented state and federal holidays.
- Not be sent during a declared emergency unless the text relates specifically to the emergency and serves to benefit the individual's safety and security and/or promote student success.
All employees responsible for using SMS/text messages are required to subscribe to Contact Center Compliance at https://www.dnc.com/ to ensure compliance.
Data privacy
SUNY Empire is a good steward of information, respecting the privacy of our prospective, current, and graduated students as well as employees. Information security policies can be found on the university’s webpage for policies www.esc.edu/policies. The privacy of all students is protected by the Family Educational Rights and Privacy Act of 1974 (FERPA). The use of the university’s SMS/texting services requires the university to collect and share directory information as defined by the university’s policy “Adherence to Family Educational Rights and Privacy Act of 1974”. For additional information on FERPA, and to prevent disclosure of any directory information visit the university’s FERPA information webpage.
More information about data security, including information for prospective students and employees, can be found in the university’s policy for “Enterprise Data Classification”, and the “General Data Protection and Regulations Privacy Policy”.
To facilitate text messaging services, SUNY Empire contracts with a third-party vendor. Directory Information, as defined by the university's FERPA policy, is shared with the vendor. SMS/text messages are not student records and are not retained in accordance with the university’s Record Retention Policy.
Texting SUNY Empire may result in an unintended sharing of personal data. As such, if a student initiates a text conversation with SUNY Empire that may contain sensitive information, the student will be reminded of their information security rights and provided the option to continue the conversation in another format such as email or the telephone. SMS/text messages are sent using a proxy number.
Employees who send and/or receive text messages or A2P text messages on behalf of SUNY Empire State University are required to affirm their compliance with this policy and complete annual data security awareness training.
Applicable Legislation and Regulations
CTIA: https://www.ctia.org/
TCPA: https://www.fcc.gov/document/telephone-consumer-protection-act-1991
Related References, Policies, Procedures, Forms and Appendices
Procedures
Requests to have a SMS/text message sent on behalf of the university can be submitted to the appropriate approver or designee, as determined by the audience, via a request through the Office of Academic Affairs. Details required are the type of text, intended target audience, purpose, frequency of text messaging, and the timing and execution of messages.
Related Policies
Adherence to the Family Educational Rights Privacy Act
General Data Protections Regulations