Blogs > The Law Blogger

The Law Blogger is a law-related blog that informs and discusses current matters of legal interest to readers of The Oakland Press and to consumers of legal services in the community. We hope readers will  find it entertaining but also informative. The Law Blogger does not, however, impart legal advice, as only attorneys are licensed to provide legal counsel.
For more information email:

Saturday, January 12, 2013

Michigan's Internet Privacy Protection Act & Social Media

On the last business day of calendar 2012, Governor Snyder signed the Internet Privacy Protection Act.  With that stroke of the Governor's pen, Michigan joins just 3 other states [California, Maryland and Illinois] to enact sweeping employment legislation designed to protect employees' and students' social media accounts.

This law affects all employers, regardless of size, and also applies to public and private schools.  The IPPA prohibits employers or schools from requiring applicants to disclose their password or login information as a condition for admission, hiring or discipline.

Technically, employers and schools are prohibited from accessing a subject's "personal internet account", which is defined in the statute as:
an account created via a bounded system established by an internet-based service that requires a user to input or store access information via an electronic device to view, create, utilize, or edit the user’s account information, profile, display, communications, or stored data.
This definition covers just about every social media account you can think of; and then some.  Arguably, the IPPA applies to all employee's internet accounts of any kind; not just social media accounts.

However, there are broad exceptions to what is out-of-bounds for employers.  For example,
  • Employers can still access devices owned by the employer as well as the data stored on such devices; 
  • Accounts created by the employer and used for the employer's business purpose; 
  • Employers can discipline employees that transfer data owned by the employer onto that employee's personal internet account;
  • Employers can access personal accounts when necessary to conduct an investigation for the purpose of complying with laws; 
  • Employers can access personal accounts when conducting an investigation into work-related conduct, and 
  • Employers can still access any information about an employee or applicant that is available on the Internet without the use of a password or login information.
One interesting context within which the new Act will likely get some early play is in the workmen's compensation arena.  It is nothing new for insurance adjusters to track the activities of injured employees on social media sites.  The IPPA may supply an avenue of protection for employees who have had a post on Facebook taken out of context.

The Act also bars an employer from "shoulder surfing" the employee; the practice of monitoring an employee's social media site by directing the employee to log onto the site so the manager can observe recent posts.

Nor can an employer require an employee to disclose information from which the employer can then access the employee's personal internet account.

Violation of the IPPA subjects an employer to a misdemeanor conviction and a fine of $1000 as well as other civil penalties.  Violators are also subject to paying the employee's attorney fees.

Labels: , , , , ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home