Date: February 14, 2013

Michigan’s Internet Privacy Protection Act (MIPPA)

by foleyandmansfield
Date: February 14, 2013
by foleyandmansfield

Michigan’s Internet Privacy Protection Act (MIPPA)

Michigan’s Internet Privacy Protection Act (MIPPA) prohibits employers and educational institutions from requiring employees and students to provide passwords and login information related to personal Internet accounts.

The Purpose of the Act

The MIPPA protects the privacy of employees and job ap­plicants as well as current and prospective students by allowing them to keep private logins, user names, passwords, and other access information related to their personal Internet accounts.  However, the Act does not interfere with an employer’s ability to monitor its electronic devices or computer systems or investi­gate whether confidential information has been disclosed or an employee has committed work-related misconduct.

Restrictions on Employers

Under the MIPPA, it is unlawful for an employer (defined as any person engaged in business, industry, or the like, and includes any agent, representative, or designee of the employer) to ask an employee or applicant to grant access to, allow observation of, or disclose information that allows access to or observa­tion of the employee’s or applicant’s personal Internet account. Similarly, you cannot discharge, fail to hire, or otherwise penalize an employee or applicant for failing to do so.

However, the Act does not prohibit an employer from re­questing or requiring disclosure of information to gain access to or operate an (1) electronic communica­tions device paid for by the employer or (2) account or service provided by the employer or used for the employer’s business. The Act also doesn’t prohibit you from disciplining or discharging an employee for disclosing your proprietary, confidential, or financial information through the employee’s personal Internet account without your authorization.

The Act does not prohibit employers from conducting an investigation related to activity on an employee’s personal Internet account for the purpose of ensur­ing compliance with applicable laws or prohibitions against work-related employee misconduct or the un­authorized disclosure of proprietary, confidential, or financial data. In addition, it is not unlawful for an employer to investigate whether an employee violated a restriction prohibit­ing access to certain websites while using an electronic communications device paid for by the employer or an employer’s network or resources.

Further, the MIPPA does not prohibit an employer from monitoring, reviewing, or accessing electronic data stored on an electronic communications de­vice paid for by the employer or traveling through or stored on the employer’s network. Finally, the Act does not prohibit or restrict an employer from view­ing, accessing, or using information about an em­ployee or applicant that (1) can be obtained without access information or (2) is available in the public domain.

Restrictions on Educational Institutions

Under the MIPPA, an “educational institution” in­cludes public and private educational institutions. An educational institution cannot ask a current or prospective student to grant access to, allow observa­tion of, or disclose information that allows access to or observation of the individual’s personal Internet account. An educational institution also cannot expel, discipline, fail to admit, or otherwise penalize a cur­rent or prospective student for refusing to grant ac­cess to, allow observation of, or disclose information that allows access to or observation of a personal In­ternet account.

However, the Act does not prohibit an educational institution from requesting or requiring a student to disclose in­formation to gain access to or operate (1) an electronic communications device paid for in whole or in part by the educational institution or (2) an account or ser­vice provided by the educational institution or used by the student for educational purposes. The Act also does not prohibit or restrict an educational institution from viewing, accessing, or using information about a student or applicant that (1) can be obtained without any required access information or (2) is available in the public domain.

Penalties

A violation of the Act is a misdemeanor punish­able by a fine of not more than $1,000. Individuals can sue to recover up to $1,000 in damages plus rea­sonable attorneys’ fees and court costs and injunc­tive relief.

Melinda Balian

Foley Mansfield Announces Partners Joe Rejano of Chicago and Timothy Ferguson of Miami Chosen as Office Managing Partners

Foley Mansfield, a national law firm with 14 offices across the U.S., is pleased to announce that Partner Joseph Rejano has been chosen as the Office Managing Partner in Chicago and Timothy Ferguson has been tapped to serve as the Office Managing Partner in Miami. “Tim and Joe are both […]

LEARN MORE

Foley Mansfield Elects Six New Partners in 2023

Foley Mansfield is pleased to announce its new partnership class of 2023, in which six accomplished attorneys were elected to partner. “We are thrilled to have these attorneys ascend to the level of partner as each has proven their unwavering commitment to their clients, time and time again, as well […]

LEARN MORE

Clayton Dennert Named to 2022 Missouri & Kansas Super Lawyers Rising Stars List

Foley Mansfield is pleased to announce that Clayton Dennert, Of Counsel in the firm’s St. Louis office, has been named to the 2022 Missouri & Kansas Super Lawyers Rising Stars list. Super Lawyers, part of Thomson Reuters, rates outstanding lawyers from more than 70 practice areas who have attained a […]

LEARN MORE