{ Banner Image } Print PDF
Subscribe to Publications


Michigan’s Internet Privacy Protection Act and Its Effect on Employers

January 2, 2013

On December 13, 2012, the Michigan Legislature passed House Bill HB 5523 known as the Internet Privacy Protection Act. On December 28, 2012, Governor Snyder signed the IPPA, which took effect immediately.  Similar to recently enacted laws in Maryland, Illinois, and California, Michigan’s IPPA prohibits employers from requesting that an employee or applicant grant access to, allow observation of, or disclose information that allows access to or observation of “personal internet accounts,” such as Gmail, Facebook and Twitter.  Under the IPPA, an employer may not discharge, discipline, fail to hire, or otherwise penalize an employee or applicant declining such requests. 

There are, however, several noted exceptions. Under the IPPA, an employer may:

(1) an electronic communications device paid for, in whole or in part, by the employer; and

(2) an account or service provided by the employer, obtained by virtue of the employee’s employment relationship with the employer, or used for the employer’s business purposes.

(1) if there is specific information about activity on the employee’s personal internet account, for the purpose of ensuring compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct.

(2) if the employer has specific information about an unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to an employee’s personal internet account.

In addition, the IPPA does not create a duty for an employer to search or monitor the activity of a personal internet account.  And, an employer is not liable under the IPPA for failing to request or require that an employee or applicant grant access to, allow observation of, or disclose information that allows access to or observation of their personal internet account.

Violators of the IPAA are guilty of a misdemeanor punishable by a fine of not more than $1,000.  Individuals may bring a civil action to enjoin the violation and may recover not more than $1,000 in damages plus reasonable attorney fees and court costs.  Before filing a civil action, however, an individual must serve the violator with a written demand of the alleged violation for not more than $1,000 and include reasonable documentation of the violation.  Finally, it is an affirmative defense to an action under the IPPA that the employer acted to comply with requirements of a federal law or a law of this state.

Miller Canfield's Employment + Labor lawyers are available to assist you with both the legal and practical factors that will need to be considered.

Note: Although not discussed in this Alert, the IPPA similarly prohibits educational institutions from requiring the same information from a student or prospective student and prohibits an educational institution from expelling, disciplining, failing to admit, or otherwise penalizing those failing to grant access to personal internet accounts. Click here for more information on the portion of the IPPA pertaining to educational institutions.