| Effective Date | September 5, 2025 | Policy Owner | Information Technology Services (ITS) |
|---|---|---|---|
| Last Reviewed Date | September 12, 2025 | Approved By | President's Council |
| Review Cycle | Annual | Policy Contact | Information Security & Compliance Analyst |
Policy Purpose
New York Institute of Technology (New York Tech) values the privacy and preferences of its constituents. This policy establishes guidelines for the collection, use, and protection of personal mobile phone numbers by New York Tech to support SMS/text messaging campaigns. New York Tech adheres to federal and state laws, including the Telephone Consumer Protection Act (TCPA), and commits to safeguarding personal information while ensuring effective communication.
SMS/text messaging may be used by authorized university officials to relay important and time-sensitive information such as campus closures, academic deadlines, notices critical to student academic success, as well as additional relevant and important information.
Policy Scope
This policy applies to all New York Tech students, faculty, staff, contractors, prospective students, alumni, and donors who provide personal contact information to New York Tech for purposes of New York Tech text messaging services.
Definitions
Consent – Permission given to the university by a SMS/text message recipient to communicate via SMS/text message. Consent is required in all cases except emergencies; the type of consent required may vary depending on the purpose of the intended message.
Emergency Messages – SMS/text messages that affect the immediate health and safety of the university community. These situations include weather closures, fires, health risks and other threats to safety.
Informational Messages – SMS/text messages sent to individuals who have shared their personal phone number with the university and have asked to be contacted in the future. These messages may include appointment reminders, welcome texts and other non-emergency informational texts.
Mass SMS/Text Messages – Identical or substantially similar SMS/text messages that have been sent to multiple individuals.
One-to-one Messaging – Person-to-person communication, usually initiated by staff (i.e. an advisor texting a student), that includes just one recipient.
Opt-In – An action by which someone requests to receive communications via SMS/text message.
Opt-Out – An action by which someone who receives SMS/text message communications indicates that they no longer want to receive SMS/Text messages from that particular university service.
Personal Contact Information – Information such as personal cell phone number that is provided to New York Tech for purposes disclosed in this policy.
Policy Statement
New York Tech may collect and use personal mobile numbers to:
- Communicate time-sensitive alerts or security notifications.
- Provide information relevant to the individual's relationship with the university (e.g., admissions updates, billing inquiries, academic deadlines).
- Send emergency messages critical to health and safety.
All use of personal contact information will comply with applicable federal, state and local laws and institutional policies, including the Telephone Consumer Protection Act.
Collection and Consent
- Personal contact information is collected voluntarily during admissions, enrollment, onboarding, or service sign-up.
- Emergency messages may be sent without prior consent as required by law.
- For mass texting campaigns:
- Specific opt-in is required, along with opt-out instructions, message frequency disclosure, and privacy statement links.
- Opt-outs will be logged, and auditing of texting campaigns will be done periodically to ensure compliance.
- For one-to-one texting:
- Consent is implied if contact information was provided for school communications.
- Opt-outs will be effective immediately.
- Marketing communications are prohibited unless explicit consent has been obtained.
Use and Disclosure
- Contact information will only be used for purposes outlined in this policy.
- SMS messages may include reminders, deadlines, billing inquiries, or security alerts.
- Information will not be sold, rented, or shared with third parties except as required by law or university policy.
Data Protection and Retention
- Personal data will be stored securely in accordance with the Data Security and Access Management Policy.
- Access to this data is restricted to authorized university personnel.
- Data will be retained only as long as necessary for its intended purpose or until an individual opts out, and will then be deleted according to the Record Retention and Destruction Policy.
- The inclusion or disclosure of confidential or restricted information including PII, PHI, and FERPA covered information, in SMS messages, is strictly prohibited.
Responsibilities
- ITS is responsible for implementing and maintaining secure systems handling personal contact information.
- University departments/managers initiating SMS campaigns must ensure compliance with opt-in/opt-out requirements and provide proper disclosures.
- Users are responsible for keeping their contact information current and reporting unauthorized use.
While SMS/Text messaging is a powerful medium, several compliance components must be adhered to. The Privacy Statement, SMS/Text Messaging Terms and Conditions and the following Requirements for SMS/Text Messaging Campaigns apply to all SMS/Text Messaging campaigns initiated from the university including those created by individual schools, departments or business units. It is the responsibility of the initiating school, department or business unit to comply with the Privacy Statement, SMS/Text Messaging Terms and Conditions and the Requirements for SMS/Text Messaging Campaigns and to ensure they have been implemented for their respective campaigns.
Requirements for SMS/Text Messaging Campaigns
To conduct SMS/text messaging campaigns, New York Tech units and departments must:
- Collect consent from campaign participants prior to sending text messages. This can be achieved by offering target participants the opportunity to opt into text message communications.
- At the time of consent, provide a description of the types of content/communications. For example, "Receive account notifications via SMS from New York Tech."
- Disclose that the recipient may incur a fee as a result of receiving SMS messages. A typical message may state "Message and data rates apply."
- Inform recipients of the frequency with which they will receive messages. Verbiage such as "Four messages per month," or "Message frequency varies," are sufficient.
- Allow message recipients to opt out of receiving future text messages. Instructions should be provided such as, "Text STOP to cancel."
- Provide recipients with a means to receive assistance. This can be done through additional SMS messaging, providing a phone number, or email address. Some examples include "Text HELP for help" or "Call XXX-XXX-XXXX for assistance."
- Provide recipients with a link to the university's SMS/Text Messaging Policy.
- Provide recipients with a link to the university's Privacy Statement.
Related Internal Policies
- Acceptable Use Policy
- Data Security and Access Management Policy
- Mobile Device Policy
- Record Retention and Destruction Policy (requires login)
- Identity Verification and Contact Information Policy
- New York Institute of Technology Privacy Statement
- SMS/Text Messaging Terms and Conditions
Regulatory References
Violations
Violations of this policy may result in disciplinary action in accordance with New York Tech's Code of Conduct and applicable employment or academic policies.