the five most important things to know about the legal world and using technology JUNE 16, 2008

2 © 2008 Venable LLP Development efforts more technologically-driven in recent years Development professionals must be aware of legal issues impacting use of technology Overview

3 © 2008 Venable LLP 5 Major Legal Issues State and federal anti-spam laws –Sending “unsolicited” communication Donor privacy rights –Limiting methods of collecting information State charitable solicitation statutes –Notifying state of solicitation efforts Credit card use –Protections of users cards Student privacy rights –Protections of students

4 © 2008 Venable LLP Federal Anti-Spam Law Federal law: CAN-SPAM Act (Controlling the Assault of Non- Solicited Pornography and Marketing Act) Regulates sending of “unsolicited” “commercial” messages Unsolicited without “permission” of recipient “permission” assumed if based on transaction or ongoing relationship –Current students, parents, alumnus with active relationship –Commercial related to the sale of goods or services charitable solicitations not “commercial”

5 © 2008 Venable LLP Federal Anti-Spam Law Unsolicited commercial s must be: –Identified as advertisement In subject line or body of –Include opt-out instructions Internet-based method, honored in 10 days –Include sender’s physical address Address of School –Use non-deceptive subject lines and headers To: and From: lines must have real addresses Subject line cannot be misleading

6 © 2008 Venable LLP State Anti-Spam laws Majority of states have anti-spam laws: – Virginia and Maryland Most state anti-spam laws are preempted by federal law State prohibitions of deception and falsity may still apply State laws of states where messages are received may apply, even to out of state senders

7 © 2008 Venable LLP Anti-Spam Laws: Application to Independent Schools Anti-spam laws apply to non-profit institutions Meaning of “commercial” not completely clear in development context, but messages advertising the following likely would be commercial: –Conferences/workshops Prominent speaker or parent workshop –Merchandise T-shirts; framed pictures of school –Publications Books or other documents drafted by school –Large prizes for donations Auction items or raffles –Links to websites that sell goods or services Trips sponsored by school inviting students not part of school community

8 © 2008 Venable LLP Anti-Spam Laws: Application to Independent Schools Charitable solicitations are not considered “commercial” content: –No sale of merchandise, goods or services Appeals for capital campaign Endowment Solicitation

9 © 2008 Venable LLP Anti-Spam Laws: What to Do Establish anti-spam policy in compliance with CAN-SPAM laws and best practices –Note that “advertisements” are such in the subject line or body of the –Use real To: and From: addresses –Always include school’s physical address –Include and honor opt-out process –Never use misleading subject line –Identify parties in data base considered “unsolicited” parties as well as “solicited” parties

10 © 2008 Venable LLP Donor Privacy Rights – Financial Investigations State common law protects individual privacy rights –Individuals have a right to the protection of their privacy Tax returns not public information Use care in performing financial investigations of potential donors –Establish policy of best practice Collect information that is: –Reliable –Generally available to the public Political contribution disclosure sites Act consistently with school’s culture –If financial investigation is on “edge” expectation of donor will impact on action taken

11 © 2008 Venable LLP Donor Privacy Rights – Membership and Mailing Lists Avoid “unauthorized” use of contact information –“Private” membership directories found on internet Access to associations member directory –Membership lists gained through other resources Country club membership list –Lists not intended for mass communication Parent/Student roster of other educational institution –List may be intellectual property of another party –Authorized to access the information, but not authorized to use it for school development purposes

12 © 2008 Venable LLP Donor Privacy Rights – Mailing Lists The “Wealthy Widow” –The development professional accesses a private membership directory on the Internet to get wealthy widow’s contact information The “Soccer Parent” –Development officer uses addresses given for soccer tournament registration to send out mass solicitation –School had authority to access information, but not to use it for development purposes –Can include notification of future uses of address on soccer registration form or allow registrants to check box to be included on school mailing list

13 © 2008 Venable LLP Donor Privacy Rights – Mailing Lists Donors should be protected from the unauthorized sale or distribution of their contact information –Limit communication of donor information and avoid use in communication Schools should guard mailing list information, electronic and otherwise, in order to protect constituency privacy –No sale or sharing of school data base with other entities School trips endorsed by school but not operated by school –Family summer trip to Spain advertised by travel agent Activities endorsed by school but not operated by school –Golf outing for cause “supported” by school but not advertised by school

14 © 2008 Venable LLP State Charitable Solicitation Statutes The use of technology in development efforts makes independent schools subject to more state charitable solicitation laws than before Vast majority of states and D.C. have charitable solicitation statutes Designed to protect state’s citizens from fraudulent fundraising Charitable solicitation –request for contribution to charitable organization

15 © 2008 Venable LLP State Charitable Solicitation Statutes When Schools solicit in other states must notify state of solicitation efforts Independent schools are exempt from these statues in some states: –if they solicit contributions only from related entities: student body, alumni, faculty, trustees, and their families If a school solicits from general public, it will not be exempt from these state statutes Subject to these statutes: –School –fundraising counsel (ie: development consultant) –professional fundraisers/solicitors (ie: in-house development professional)

16 © 2008 Venable LLP State Charitable Solicitation Statutes State requirements vary Generally require: –registration of organization, fundraising counsel, and fundraising professional. Some states require fundraising professional to post a bond. States may have certain requirements regarding the fundraising professional’s or counsel’s contract Many states have reporting and disclosure requirements

17 © 2008 Venable LLP State Charitable Solicitation Statutes Violation of state laws can result in fines and civil and criminal penalties Some states accept uniform registration form, but many require state-specific addenda –This can make registration in several states burdensome

18 © 2008 Venable LLP State Charitable Solicitation Statutes School becomes subject to a state’s law if it –Specifically targets residents of that state for contributions –Receives contributions through its website on a repeated and ongoing basis, or on a substantial basis, from individuals in a particular state. Passive/unsolicited receipt of a donation from a resident of another state does not subject a school to that state’s charitable solicitation law

19 © 2008 Venable LLP State Charitable Solicitation Statutes Development professionals should: –Be familiar with state charitable solicitation statutes in states where they solicit contributions –Assemble a list of states where solicitations are made Invitations to events in other states Communication related to requests to “visit”

20 © 2008 Venable LLP Credit Card Use – Security Security concerns arise with the use of credit cards for payment over the Internet, over the phone, or in person. –Third parties can breach security online –Employees can breach security in processing payments Independent schools can be liable for damages resulting from breaches they did not take reasonable care to prevent

21 © 2008 Venable LLP Credit Card Use – Security Independent schools may also be subject to state laws regarding identity theft and breach notification Schools likely are contractually bound to adhere to the PCI- DSS (Payment Card Industry-Data Security Standard) as a result of their merchant agreements with credit card companies. –Violations of the PCI-DSS can result in school liability for fines. –Non-compliance risks the school’s ability to process credit card payments.

22 © 2008 Venable LLP Credit Card Use – Security PCI-DSS has 6 elements, to be achieved through 12 requirements Create Policy that includes the 12 requirements Build and Maintain a Secure Network: –Requirement 1: Install and maintain a firewall configuration to protect cardholder data. –Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

23 © 2008 Venable LLP Credit Card Use – Security Protect Cardholder Data –Requirement 3: Protect stored cardholder data. –Requirement 4: Encrypt transmission of cardholder data across open, public networks. Maintain a Vulnerability Management Program –Requirement 5: Use and regularly update anti- virus software. –Requirement 6: Develop and maintain secure systems and applications.

24 © 2008 Venable LLP Credit Card Use – Security Implement Strong Access Control Measures –Requirement 7: Restrict access to cardholder data by business need-to-know. –Requirement 8: Assign a unique ID to each person with computer access. –Requirement 9: Restrict physical access to cardholder data.

25 © 2008 Venable LLP Credit Card Use – Security Regularly Monitor and Test Networks –Requirement 10: Track and monitor all access to network resources and cardholder data. –Requirement 11: Regularly test security systems and processes. Maintain an Information Security Policy –Requirement 12: Maintain a policy that addresses information security.

26 © 2008 Venable LLP Credit Card Use – Security Options to Avoid PCI-DSS –Hire outside company to process credit card payments Company can be recommended by school’s bank –Do not accept credit card payments (use PayPal or similar product instead) This option may be less attractive due to the additional burden it may create for potential donors

27 © 2008 Venable LLP Credit Card Use – Surcharges Some states prohibit the imposition of a “convenience fee” for payment by credit card. –These laws generally apply to non-profit institutions. –May not apply to certain transactions handled by development office. –May not apply to tri-state area schools. –Development professionals, however, should be aware of these laws.

28 © 2008 Venable LLP Credit Card Use – Private Information Some states do not allow private information to be recorded in conjunction with the use of a credit card –For example, a request should not be made for an individual’s driver’s license number because he/she is paying by credit card –Independent schools should not require that additional personal information be disclosed in order to use a credit card for payment

29 © 2008 Venable LLP Student Privacy Rights Students (and parents of minors) have privacy rights in the use of their images and their works Independent schools should not use student images or student works in promotional materials or on a website without explicit written permission from parents –Consent for the use of student images can be obtained annually on the enrollment contract –Consent for use of student works should be obtained on a case-by-case basis

30 © 2008 Venable LLP Student Privacy Rights Schools may become liable for damages resulting from use of student image or works without permission Parents may have very compelling reasons not to grant permission –Domestic abuse –Culture, religion –Family status Never publish student images or works in promotional materials or on the school website without permission of the student’s parents Must control others who use pictures as well –Reporter attends a school sponsored event to which they were invited –Uses photos on line –Establish guidelines before invitation

31 © 2008 Venable LLP Conclusion CREATE A TECHNOLOGY POLICY!!! The use of technology has expanded the legal liability of independent schools. Anti-spam laws, donor privacy, state charitable solicitation statutes, credit card use, and student privacy all deserve the attention of development professionals. Prudent development professionals will remain aware of potential legal issues and seek legal counsel in determining their applicability to the professional’s school.

32 © 2008 Venable LLP contact information YOUR VENABLE INDEPENDENT SCHOOL LAW TEAM Caryn G. Pass t Grace H. Lee t Heather J. Broadwater t Elizabeth S. Snodgrass t th Street, NW Washington, DC

33 © 2008 Venable LLP the road ahead for ABC CORPORATION