Two new laws governing the ability of school authorities to obtain passwords to and information from personal social networking websites of employees and students go into effect on January 1, 2014. The definition of social networking websites in the laws includes programs such as Facebook, Twitter, Linked, Pinterest, and Instagram, but does not include email. School districts and other educational entities should ensure that technology and discipline policies and procedures adequately address the requirements of these new laws.

Employee Facebook Password Law

Public Act 098-0501 amends the so-called Facebook Password Law, which went into effect at the beginning of 2013. The Facebook Password Law as initially passed prohibited employers, including school districts, from requesting employee or prospective employee passwords to or information from social networking websites. The amended law now includes an exception allowing employers to request passwords and information from an employee’s “professional account” for certain purposes. “Professional account” is defined as an account “created, maintained, used, or accessed by a current or prospective employee for business purposes of the employer.”

The revised Facebook Password law only allows employers access to professional accounts to: (1) fulfill a “duty to screen employees or applicants prior to hiring”; or (2) to monitor or retain employee communications as required under Illinois insurance laws or federal law or by a self-regulatory organization as defined in Section 3(A)(26) of the Securities Exchange Act of 1934, 15 U.S.C. 78(A)(26).” Despite the exception, the revised law leaves open many questions identified in our previous FR alert about the Facebook Password Law. For example, it is unclear what information regarding prospective employees can be obtained. The law suggests that an employer could ask an employee to provide account passwords or information from social networking websites from an employee’s previous employer. This may lead to concerns, however, by the employee’s previous employer, since the website is for conducting business of the previous employer. Moreover, it is unclear how broadly the provision allowing monitoring or retaining employee communications as required under federal law could be interpreted. For example, would an employer conducting an investigation into alleged misconduct by an employee through a professional account fall under the exception? Because of these uncertainties, we advise that school districts and other educational employers continue to prohibit employees from using any personal social networking websites for business purposes in their Acceptable Use of Technology (AUP) policies. Franczek Radelet’s recent Technology Policy Package includes relevant policy language, information on how to implement such a policy and other up-to-date language regarding technology issues in schools. For more information about the policy package, click here.

The Right to Privacy in the School Setting Act

The second law effective January 1, 2014 is Public Act 98-0129, the Right to Privacy in the School Setting Act. The Act requires elementary and secondary school districts and nonpublic schools recognized by the State Board of Education to notify students and their parents and guardians of the circumstances under which a school may request passwords or information from a student’s social networking website. The law allows a school to request or require a student to provide a password or other related account information from a social networking website if the school has reasonable cause to believe that the student’s account on a social networking website contains evidence that the student has violated a school disciplinary rule or policy. Although it is sufficient to provide notice of the new law in disciplinary handbooks, best practice would be to include the notice in board of education or similar governing board policy to highlight the authority of the school district to request the covered information. Note that this information is not contained in the Franczek Radelet Technology Policy package because under the law the preferred location for the information is in the student discipline policies or handbooks, not technology policies.