rss icon

Sunday, 20 January 2013 22:47

NSFW? New law offers protection for online privacy

Written by 
Rate this item
(1 Vote)

MICHIGAN — In an effort to further curb discrimination and presumably provide greater peace of mind when it comes to employee privacy, the Michigan Legislature is now the sixth state governing body in the country to pass the Internet Privacy Protection Act (IPPA).

Following in the steps of the governors in states including Maryland, Illinois and California, Gov. Rick Snyder signed IPPA into law on Dec. 28.

Simply stated, the new law prohibits employers from requesting that an employee or applicant hand over access to social media accounts or that the person be compelled to allow observation of “personal Internet accounts.”

Further, under the IPPA, an employer may not discharge, discipline, fail to hire, or otherwise penalize an employee or applicant who fails to oblige such a request.

The same treatment also goes for students or applicants at educational institutions.

Legal professionals caution that before investigating an employee’s or an applicant’s personal Internet activity, companies should carefully scrutinize the precise contours of IPAA’s prohibitions to avoid exposing human resources professionals to potential misdemeanor prosecution.

“Basically, if you have any questions, call your lawyer,” said Adam Forman, an attorney with Miller Canfield. “This is an area that is laden with land mines for the unaware or uninitiated. As the saying goes, an ounce of prevention is worth a pound of cure.”

In an age when social media is practically ubiquitous and information is sent across the globe with a single keystroke, the new IPPA legislation is presented as another line of defense in the individual right to privacy battle.

However, some critics see the new law as a naïve attempt by legislators to appear arm-in-arm with those calling for increased employee privacy rights.

That’s because unlike the blanket legislation established by Illinois lawmakers that doesn’t allow employers any concessions, Michigan’s IPPA law has several exceptions that allow employers access to employees’ private Internet accounts under certain circumstances.

Regardless of the details, a violation of the new law carries a misdemeanor criminal penalty and a fine of no more than $1,000. Similarly, the law’s civil remedy provision caps damages at $1,000 and an award of attorneys’ fees and costs.

Before anything happens with future litigation, potential plaintiffs must serve a written demand on the employer at least 60 days before asserting the claim. This allows employers the opportunity to forestall a claim by offering $1,000 in response.

In the most modest of terms, Michigan’s IPPA law gives employers the ability to obtain information about employees’ online conduct in a number of circumstances where they might need it.

With the new law in place, Forman said companies should take stock of their policies when it comes to addressing the myriad of digital age issues.

“I don’t think the practice of requiring login information is very widespread,” he said. “But, I wouldn’t be surprised if there was some initial litigation as people test the contours (of the new law).”

One of a company’s biggest considerations in developing an approach to the new law should account for the type of company culture a business wants to promote, Forman said. Modern companies often employ some sort of social media strategy, and it’s typical for companies to encourage employees to build relationships and engage with clients and customers through websites such as Facebook and Twitter.

But as Forman points out in an IPPA-themed white paper he published, there are some cases where the lines of property and privacy are blurred and need to be made clear by employers.

In 2011, the Maryland Department of Public Safety and Correctional Services suspended its practice of requiring social media logins and passwords after receiving a letter from the American Civil Liberties Union (ACLU). The ACLU complained the requirement violated an employee’s privacy and was illegal under the Stored Communications Act and Maryland law. 

By requiring login and password information for employment purposes, the ACLU claimed that the department was accessing protected communications without proper authorization. The department subsequently modified its practice to just require applicants to “log into their accounts and let an interviewer watch while the potential employee clicks through wall posts, friends, photos and anything else that might be found behind the privacy wall,” Forman writes.

This kind of action by companies just emboldens privacy rights advocates, said Shelli Weisberg, legislative director for the ACLU in Detroit. Weisberg said the law Michigan adopted is fair, but its passage is the tip of the iceberg in updating privacy laws in the state.

“Privacy issues and our use of technology have advanced so much more quickly than privacy laws,” Weisberg said. “We just haven’t come close to keeping up with protections over technology and our own personal space.”

The issue isn’t just about passwords and account information, either, Weisberg added. Current laws also do little to address digital property, such as how to treat social media connections.

In the Phone Dog LLC v. Kravitz case, the South Carolina-based company sued former employee Noah Kravitz alleging that the Twitter handle Kravitz continued to use after he left the company should be treated as a customer list. The company claimed Kravitz owed $340,000 based on an assumed per month value of $2.50 for each of the 17,000 followers. According to JD Supra Law News, the case was settled on confidential terms, although the publication said it appears the outcome favored Kravitz.

In Weisberg’s view, the new Michigan legislation is just a first step into a relatively new legal domain. In her testimony on the new law, she cited the case of defensive back Yuri Wright, a four-star recruit from Don Bosco Prep in New Jersey. The University of Michigan withdrew its scholarship offer to Wright when officials discovered vulgar comments on his Twitter account.

“This has certainly been an issue at the universities,” Weisberg said. “But what is nice about this bill is that so far it hasn’t really pitted employers and employees against each other.”

Weisberg said there was little to no employer input into the legislative process.

While it’s still really up to individuals to protect themselves and understand that what they are putting out on the Internet is almost always subject to abuse, the new law does send a message to institutions and employers that just because information is out there, they shouldn’t take advantage, she said.

Read 10698 times Last modified on Thursday, 17 January 2013 23:42
Elijah Brumback

Staff Writer

ebrumback@mibiz.com

April 2014
S M T W T F S
30 31 1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 1 2 3

Follow MiBiz