Monitoring Students And Faculty Online: “Big Brother” Or “Wise Risk Management”?
Recently a substitute teacher in Florida was charged after she allegedly exchanged with a student inappropriate text messages, including a picture of the student half-dressed. While social media texting, tweeting, and postings are becoming all part of modern day routine, there has been an increase in news coverage of similar issues, involving bullying, harassment, sexting, or discussion of violence, substance abuse, or even suicide by/among students and/or employees through electronic communication systems. As more independent schools are considering taking some proactive measures to prevent the school-owned electronic communication system (the “school-owned system”) from becoming a medium through which such inappropriate conduct is exhibited and cultivated, more schools are asking about legal requirements, and the practical and technological implications associated with monitoring the use of the school-owned system by students, faculty and other employees.
Generally, there does not seem to be any federal law that imposes upon all independent schools an affirmative duty to monitor – or that restrict the schools’ ability to monitor – students’ and employees’ use of the school-owned system. However, it is important that the school be aware of any triggers that may bring the school within the reach of any legal requirements. For example, if the school participates in the E-rate program, it is subject to the federal Children’s Internet Protection Act, which requires covered schools to adopt and enforce an Internet safety policy, including monitoring the online activities of minors (e.g., restricting minors’ access to materials harmful to them) and taking technology protection measures (e.g., blocking or filtering).
Because there may be specific requirements that vary greatly among states, it is critical that each school carefully consider, with the assistance of legal counsel, the laws applicable to monitoring the use of the school-owned system by students and/or employees in its jurisdiction. For example, some states require the school to give notice to its employees prior to monitoring e-mail communications or Internet access (e.g., Connecticut and Delaware). Also, most states generally limit such monitoring to the purposes of protecting legitimate business interests (e.g., employees’ excessive personal use of the Internet, students’ derogatory comments about a teacher on the Internet, illegal activities, or any improper purposes).
Further, schools should be aware of state-specific privacy concerns that may limit the scope of monitoring the use of the school-owned system. For example, privileged information (e.g., attorney-client communications) and/or information that is highly personal in nature may be protected by state privacy laws, even if such information is contained in the school-owned system. For example, in a case recently settled in Pennsylvania, the school allegedly violated students’ privacy rights by remotely accessing its school-issued laptops to secretly snap pictures of students in their homes (200 times in a two-week period for one student), although the initial purpose of camera monitoring was to locate missing school-issued laptops. As this case illustrates, it is important that each school investigate and consider a well-designed monitoring process and adopt a number of technological measures to achieve the legitimate purposes of monitoring while avoiding violating the privacy interests of students and employees.
Schools can and should also partner with parents to ask them for assistance in monitoring student use of the school-owned system – when students are at home, on vacation, or even over the summer if the student will be returning to the school in the fall – if such activity impacts the experience of others at the school. By encouraging parents to come to the school with any concerns about technology use, the school may expand the scope of misconduct, including cyber-bullying, that it can address. But such policies should also be careful to provide the school with discretion to mete out discipline as it deems appropriate.
In an effort to minimize the school’s exposure to potential legal risks associated with monitoring the use of the school-owned system, and as best practices, we recommend that independent schools consider adopting the following measures:
- Evaluate, update, as needed, or create the school’s acceptable use policy that identifies the school’s practices with respect to the filtering and monitoring of the school-owned system;
- Explicitly inform students and employees (through the acceptable use of technology policy) that there is no expectation of privacy when using the school-owned system and that the school reserves the right to filter and monitor the use of the school-owned system by its students and employees;
- Obtain a signed and written acknowledgement from employees and students (and their parents) that they have received and read the acceptable use of technology policy; and
- Educate (train) faculty, staff, other employees, students and their parents regarding the school’s policies and procedures pertaining to related topics, such as the appropriate use of social media, cell phones and texting, and cyber-bullying.
A robust and comprehensive acceptable use policy should signal to those using technology in an appropriate manner that they have nothing to fear in terms of unwarranted intrusion into their cyber-activity on the school-owned system. By contrast, those who are tempted to misuse this resource should understand that the school has the right and ability to monitor the school-owned system and will not tolerate its misuse.