Michigan’s Internet Privacy Protection Act and Its Effect on Educational Institutions

more+
less-

On December 13, 2012, the Michigan Legislature passed House Bill HB 5523, known as the Internet Privacy Protection Act (IPPA), which, if signed by Governor Rick Snyder, will become effective immediately. Similar to recently enacted laws in Delaware, New Jersey, and California, Michigan’s IPPA prohibits educational institutions from requesting that a student or a prospective students grant access to, allow observation of, or disclose information that allows access to, or observation of “personal internet accounts,” such as Gmail, Facebook and Twitter. The Act also prohibits an educational institution from expelling, disciplining, failing to admit, or otherwise penalizing those failing to grant access to personal internet accounts.

There are, however, several noted exceptions. Under IPAA, an educational institution may:

  • Request or require a student to disclose access information to the educational institution to gain access to or operate any of the following:

(1) an electronic communications device paid for in whole or in part by the educational institution;

(2) an account or service provided by the educational institution that is either obtained by virtue of the student’s admission to the educational institution or used by the student for educational purposes.

  • View, access, or utilize information about a student or applicant that can be obtained without any required access information or that is available in the public domain.

In addition, the IPPA does not create a duty for an educational institution to search or monitor the activity of a personal internet account. And, an educational institution is not liable under the IPPA for failing to request or require that a student or applicant grant access to, allow observation of, or disclose information that allows access to, or observation of their personal internet account.

Violators of the IPAA are guilty of a misdemeanor punishable by a fine of not more than $1,000. Individuals may bring a civil action to enjoin the violation and may recover not more than $1,000 in damages plus reasonable attorney fees and court costs. Before filing a civil action, however, an individual must serve the violator with a written demand of the alleged violation for not more than $1,000 and include reasonable documentation of the violation. Finally, it is an affirmative defense to an action under the IPPA that the educational institution acted to comply with requirements of a federal law or a law of this state.

Miller Canfield's Employment + Labor lawyers are available to assist you with both the legal and practical factors that will need to be considered.

Note: Although not discussed in this Alert, the IPPA similarly prohibits employers from requiring the same information from employees or applicants and further prohibits employers from discharging, disciplining, failing to hire, or otherwise penalizing an employee or applicant who fail to grant access to personal internet accounts. Click here for more information on the portion of the IPPA pertaining to employers.

Michelle P. Crockett
+1.313.496.7655

 

Topics:  Electronic Communications, Internet Privacy Protection Acts, Students

Published In: Administrative Agency Updates, Communications & Media Updates, Criminal Law Updates, Education Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Miller Canfield | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »