Postsecondary Learning

Common (and Avoidable) Legal Pitfalls for Coding Bootcamps and Alternative Education Providers

By Greg Ferenbach, Matthew Johnson and Nancy Anderson     Apr 8, 2017

Common (and Avoidable) Legal Pitfalls for Coding Bootcamps and Alternative Education Providers

The rapid growth of accelerated learning programs providing training to aspiring high-tech professionals—the best known being the “coding academies” or “bootcamps”—have recently been the subject of both optimism and skepticism. The attraction of these alternative learning providers is straightforward: in a relatively short period (months, not years) an individual can gain marketable skills. Given the high cost of traditional higher education and the need to train a new generation of tech economy workers, the growth of alternative learning providers seems likely to continue. But, while the education market is ripe for this kind of disruption, it remains a highly regulated space with numerous potential pitfalls.

Here are the most common legal pitfalls that alternative providers must proactively avoid:

Failure to Obtain Necessary State Authorizations

Every state regulates the delivery of postsecondary education that leads to a college degree. But many states also regulate entities that offer short-term instruction, such as bootcamps. While some alternative providers may qualify for an exemption from these requirements in some states, exemptions vary widely, and are not always automatic: in some states, you need to apply for exempt status. Failure to obtain a required license or exemption can result in fines or a cease-and-desist order, which could prevent a school from enrolling students or collecting tuition. To avoid these risks, any entity offering instruction for a fee must understand the rules for operating in its target states and must develop a strategy to comply. And, for online providers, “operating” a state may simply mean enrolling a student who resides there.

Sloppy or Overly Aggressive Marketing

Highly visible and sometimes provocative ads may attract the attention of potential students, but they also attract the attention of regulators, including possibly the Federal Trade Commission (FTC), the Consumer Finance Protection Bureau and, more often, state attorneys general and consumer protection agencies. Every state has a consumer protection code, and many have specific rules about when an entity can use terms such as “academy” or “university.” (For example: the ill-fated Trump University, which was not in fact a “university.”)

Consumer complaints, and the scrutiny they bring, commonly originate when students misunderstand the credential they will receive, the cost or duration of a program or employment promises (more on this below), even if the provocative statements are qualified in the “fine print.” You don’t need to run every ad by an attorney. But you—and your marketing team—need to know the basic rules and get advice to avoid student complaints and regulatory scrutiny before they arise.

Promoting (or Appearing to Guarantee) Student Outcomes

While most alternative providers are not required to provide information on student outcomes, many do. Prospective students are demanding data on employment and salary outcomes, and the market is responding. Of course, these disclosures can also be a useful marketing tool. Unfortunately, too often there is a lack of transparency into how statistics are derived and poor communication about what they actually mean.

For example, a school may advertise robust employment outcomes, but fail to distinguish better outcomes for individuals already in tech jobs or with a computer science degree or background as compared to someone looking to switch careers. Some providers are joining together to create a common set of “industry-standard” metrics to make comparisons easier; others are setting their own measures. Meanwhile, state attorneys general, and the FTC, have become aggressive in policing such claims, and the laws provide regulators and private plaintiffs considerable leeway to argue what is a misrepresentation. Bottom line: advertised claims should be verifiable and accurate.

Neglecting Student Data Privacy and Security Safeguards

Most alternative providers aren’t subject to the restrictions of the Family Educational Rights and Privacy Act (FERPA), the well-known federal law that safeguards student data from kindergarten on up. But many states have enacted their own student data privacy laws and more are in the pipeline. Even states that haven’t enacted new laws have general consumer protections on data security and privacy that apply.

Often getting a startup off the ground means setting priorities. Data security should be one from the start. When it isn’t, privacy policies get a copy-and-paste treatment and aren’t updated to reflect changing practices. Data security policies are not formalized or are not sufficiently comprehensive to address common technical, physical, and administrative risks. Breaches go too long undetected (the average is six months at large organizations) and when breaches are identified employees often lack training on how to respond. As a result, education providers have been a common, and generally easy, target for hackers. Significant breaches can be a serious blow to otherwise healthy companies, a risk that is compounded when they are not properly handled. Organizations that build a strong culture around the importance of data security and privacy at an early stage are best positioned to mitigate the risk and use their proactive policies as a competitive advantage.

Not Making Instruction (Especially Online) Accessible to Students with Disabilities

Any entity providing instruction, regardless of whether in a classroom or online and regardless of whether it charges a fee or receives federal funds, is required by the Americans with Disabilities Act (ADA) to make both the physical space and the technology used reasonably accessible to individuals with disabilities (which is broadly defined).

Department of Justice enforcement actions and private lawsuits alleging education providers’ failure to comply with the ADA, especially regarding web content and software, have been on the rise in recent years. Unfortunately, there are no clear legal standards for creating and maintaining accessible web content under the ADA. The Web Content Accessibility Guidelines (WCAG) 2.0 is a good starting point, but each case is different. Ensuring that technology is ADA-compliant during initial design is far less expensive and disruptive than re-designing it later (one public institution recently took down its entire free course access service because the cost of redesigning for ADA compliance was prohibitive) — or, worse, fending off lawsuits or complaints.

The rapid growth of non-traditional education providers has drawn the attention of regulators and consumer watchdogs at both the state and federal levels, but a proactive approach can avoid the most common problems. 

Greg Ferenbach is Special Counsel at Cooley (@CooleyLP), where Matthew Johnson is Senior Associate and Nancy Anderson is Associate. 

Postsecondary Learning

Common (and Avoidable) Legal Pitfalls for Coding Bootcamps and Alternative Education Providers

By Greg Ferenbach, Matthew Johnson and Nancy Anderson     Apr 8, 2017

Common (and Avoidable) Legal Pitfalls for Coding Bootcamps and Alternative Education Providers

The rapid growth of accelerated learning programs providing training to aspiring high-tech professionals—the best known being the “coding academies” or “bootcamps”—have recently been the subject of both optimism and skepticism. The attraction of these alternative learning providers is straightforward: in a relatively short period (months, not years) an individual can gain marketable skills. Given the high cost of traditional higher education and the need to train a new generation of tech economy workers, the growth of alternative learning providers seems likely to continue. But, while the education market is ripe for this kind of disruption, it remains a highly regulated space with numerous potential pitfalls.

Here are the most common legal pitfalls that alternative providers must proactively avoid:

Failure to Obtain Necessary State Authorizations

Every state regulates the delivery of postsecondary education that leads to a college degree. But many states also regulate entities that offer short-term instruction, such as bootcamps. While some alternative providers may qualify for an exemption from these requirements in some states, exemptions vary widely, and are not always automatic: in some states, you need to apply for exempt status. Failure to obtain a required license or exemption can result in fines or a cease-and-desist order, which could prevent a school from enrolling students or collecting tuition. To avoid these risks, any entity offering instruction for a fee must understand the rules for operating in its target states and must develop a strategy to comply. And, for online providers, “operating” a state may simply mean enrolling a student who resides there.

Sloppy or Overly Aggressive Marketing

Highly visible and sometimes provocative ads may attract the attention of potential students, but they also attract the attention of regulators, including possibly the Federal Trade Commission (FTC), the Consumer Finance Protection Bureau and, more often, state attorneys general and consumer protection agencies. Every state has a consumer protection code, and many have specific rules about when an entity can use terms such as “academy” or “university.” (For example: the ill-fated Trump University, which was not in fact a “university.”)

Consumer complaints, and the scrutiny they bring, commonly originate when students misunderstand the credential they will receive, the cost or duration of a program or employment promises (more on this below), even if the provocative statements are qualified in the “fine print.” You don’t need to run every ad by an attorney. But you—and your marketing team—need to know the basic rules and get advice to avoid student complaints and regulatory scrutiny before they arise.

Promoting (or Appearing to Guarantee) Student Outcomes

While most alternative providers are not required to provide information on student outcomes, many do. Prospective students are demanding data on employment and salary outcomes, and the market is responding. Of course, these disclosures can also be a useful marketing tool. Unfortunately, too often there is a lack of transparency into how statistics are derived and poor communication about what they actually mean.

For example, a school may advertise robust employment outcomes, but fail to distinguish better outcomes for individuals already in tech jobs or with a computer science degree or background as compared to someone looking to switch careers. Some providers are joining together to create a common set of “industry-standard” metrics to make comparisons easier; others are setting their own measures. Meanwhile, state attorneys general, and the FTC, have become aggressive in policing such claims, and the laws provide regulators and private plaintiffs considerable leeway to argue what is a misrepresentation. Bottom line: advertised claims should be verifiable and accurate.

Neglecting Student Data Privacy and Security Safeguards

Most alternative providers aren’t subject to the restrictions of the Family Educational Rights and Privacy Act (FERPA), the well-known federal law that safeguards student data from kindergarten on up. But many states have enacted their own student data privacy laws and more are in the pipeline. Even states that haven’t enacted new laws have general consumer protections on data security and privacy that apply.

Often getting a startup off the ground means setting priorities. Data security should be one from the start. When it isn’t, privacy policies get a copy-and-paste treatment and aren’t updated to reflect changing practices. Data security policies are not formalized or are not sufficiently comprehensive to address common technical, physical, and administrative risks. Breaches go too long undetected (the average is six months at large organizations) and when breaches are identified employees often lack training on how to respond. As a result, education providers have been a common, and generally easy, target for hackers. Significant breaches can be a serious blow to otherwise healthy companies, a risk that is compounded when they are not properly handled. Organizations that build a strong culture around the importance of data security and privacy at an early stage are best positioned to mitigate the risk and use their proactive policies as a competitive advantage.

Not Making Instruction (Especially Online) Accessible to Students with Disabilities

Any entity providing instruction, regardless of whether in a classroom or online and regardless of whether it charges a fee or receives federal funds, is required by the Americans with Disabilities Act (ADA) to make both the physical space and the technology used reasonably accessible to individuals with disabilities (which is broadly defined).

Department of Justice enforcement actions and private lawsuits alleging education providers’ failure to comply with the ADA, especially regarding web content and software, have been on the rise in recent years. Unfortunately, there are no clear legal standards for creating and maintaining accessible web content under the ADA. The Web Content Accessibility Guidelines (WCAG) 2.0 is a good starting point, but each case is different. Ensuring that technology is ADA-compliant during initial design is far less expensive and disruptive than re-designing it later (one public institution recently took down its entire free course access service because the cost of redesigning for ADA compliance was prohibitive) — or, worse, fending off lawsuits or complaints.

The rapid growth of non-traditional education providers has drawn the attention of regulators and consumer watchdogs at both the state and federal levels, but a proactive approach can avoid the most common problems. 

Greg Ferenbach is Special Counsel at Cooley (@CooleyLP), where Matthew Johnson is Senior Associate and Nancy Anderson is Associate. 

GET THE LATEST HIGHER ED NEWS
Be the first to know, with our weekly newsletter.

GET THE LATEST HIGHER ED NEWS
Be the first to know, with our weekly newsletter.