Skip to content

The New Internet Privacy Protection Act and Its Effect on Schools and Students

January 17, 2013

    On December 28, 2012, Governor Snyder signed into law Public Act 478, the Internet Privacy Protection Act (the "Act"), giving the law immediate effect.  The law applies to educational institutions, including public and private elementary and secondary schools. The law also applies to employers, including units of state or local government.  Clark Hill's summary of the law's impact on employers is available here .

    Of particular relevance to schools and school districts, the law prohibits educational institutions from doing any of the following:

    • Requesting a student or prospective student to grant access to, allow observation of, or disclose information that allows access to or observation of the student's personal internet account; or
    • Expelling, disciplining, or otherwise penalizing a student for failure to grant access to, allow observation of, or disclose information that allows access to or observation of the student's personal internet account.

    "Personal internet account" means "an account created via a bounded system established by an internet-based service that requires a user to input or store access information via an electronic device to view, create, utilize, or edit the user's account information, profile, display, communications, or stored data."  This includes students' Facebook and Twitter accounts, and personal email accounts.  A student's personal cell phone or smartphone, especially where a password is used to access it, probably also constitutes a "personal internet account" under this definition, although the terminology is not completely clear.

    A violation of the Act is a misdemeanor punishable by a fine of not more than $1,000.  An aggrieved individual may bring a civil action to enjoin a violation of the Act and may recover not more than $1,000 in damages plus reasonable attorney fees and court costs.  Compliance with state and federal laws is an affirmative defense to an alleged violation of the Act.

    The law explicitly provides that schools may request or require a student to disclose access information to gain access to an electronic communications device paid for in whole or in part by the educational institution, or an account or service provided by the educational institution that is either obtained by virtue of the student's admission to the educational institution, or used by the student for educational purposes.  This provision comports with existing law that provides for no expectations of privacy for students who use school-issued devices.

    Schools remain obligated under Michigan law to follow their anti-bullying policies, which are required to include the prompt investigation of reports of bullying of students at school.  This includes reports of "cyber-bullying" that occurs off school premises that is conducted through the use of a telecommunications access device or service provider owned by or under the control of the school.  ( See MCL § 380.1310b).  Under federal civil rights laws, schools are responsible for addressing harassment incidents about which it knows or reasonably should have known, including harassment that occurs through the use of cell phones or the Internet.

    Importantly, while employers have an exception under the Act for "conducting an investigation or requiring an employee to cooperate in an investigation," educational institutions investigating student misconduct are not included in this exception.  The employers' exception covers, among other things, investigations where there is "specific information about activity on the employee's personal internet account, for the purpose of ensuring compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct."  Educational institutions do not enjoy such an exception from the prohibitions in the Act when investigating school-related student misconduct.

    In order to comply with the Act, schools should review and consider revisions to their existing technology and internet policies, as well as their acceptable use policies and agreements.  Known threats to or misconduct that implicates the safety of the school and its students and staff, including those communicated by a student from his or her personal internet account, must be reported to law enforcement.  Schools must continue to investigate reports of cyber-bullying at school, as well as reports of discriminatory harassment.  However, in conducting the investigation or addressing the report, the school must not request that a student grant access to, allow observation of, or disclose information that allows access to or observation of, the student's personal email account, Facebook or Twitter account, or other personal internet account.  Nor may the school discipline the student for failure to grant such access.

    Please consult your Clark Hill attorney for assistance with complying with this new law.

    Related Industries

    Subscribe For The Latest

    Subscribe

    Related

    Event

    Clark Hill Simply Smarter Employment Law Seminar

    Explore more
    Legal Updates

    The Learned Concierge - December 2023, Vol. 3

    Monthly legal insights on the trends impacting the retail, hospitality, and the food & beverage industries.

    Explore more
    Event

    WEBINAR-Our Working Theory: Creating a Respectful Workplace is the Antidote to Sexual Harassment in the Workplace

    Sexual Harassment remains a persistent problem in the workplace despite regulation, mandatory training, and national attention, such as the #MeToo Movement.

    Explore more

    The Clark Hill approach is equally pragmatic and growth-minded, which is why we understand our clients’ toughest business challenges. Our multidisciplinary, global team of advisors focuses on smart legal solutions, delivered simply.

    © 2023 Clark Hill PLC.