Before addressing the privacy of employee social media activity as in Maryland and Illinois, Delaware has become the first state to prohibit public or nonpublic academic institutions from requesting or requiring current students or applicants to "disclose any password or other related account information in order to gain access to the student’s or applicant’s social networking site profile or account by way of an electronic communication device." The law, called the "Higher Education Privacy Act" was signed into law on July 20 by Gov. Jack Markell and becomes effective upon enactment.
Under the law, an "academic institution" is a public or nonpublic institution of higher education or institution of postsecondary education. An "electronic communication device” includes a "cell telephone, personal digital assistant, electronic device with mobile data access, laptop computer, pager, broadband personal communication device, 2-way messaging device, electronic game, or portable computing device." Students include persons admitted to the school, even if not in good standing.
Realizing there are a variety of paths to students’ and applicants’ private information in social media, the law also prohibits academic institutions from:
- requiring or requesting that a student or applicant log onto a social networking site, email account, or any other internet site or application by way of an electronic communication device in the presence of an agent of the institution so as to provide the institution access;
- monitoring or tracking a student’s or applicant’s personal electronic communication device by installation of software upon the device, or by remotely tracking the device by using intercept technology;
- requesting or requiring a student or applicant to add the employer or its representative to their personal social networking site profile or account; and
- accessing a student’s or applicant’s social networking site profile or account indirectly through any other person who is a social networking contact of the student or applicant.
In addition, students or applicants that fail to cooperate with requests or requirements to disclose their password or log on to a site or their account may not be disciplined, dismissed or otherwise penalized or threatened by the academic institution. The reference above to "employer" may be in error and require technical correction, and may be a carry over from a related bill (H.B. 308) being considered in the legislature that would have put similar restrictions on employers. H.B. 308 failed to pass.
The Higher Education Privacy Act does provide for a public safety exception. Public safety departments or police agencies of academic institutions that have a reasonable articulable suspicion of criminal activity are not limited by the law. The law also does not apply to investigations, inquiries or determinations conducted pursuant to an academic institution’s threat assessment policy or protocol.