ConnectEd.info

Lately, as Connected.info is being marketed in many locations across America, we have noticed a decrease in the number of questions we are getting regarding what legal risks does a school district take on by deploying a “social networking” platform.  I am not sure as to why we are hearing the question less, but perhaps there is a growing understanding of where some of the boundaries are.

But, it did remind me that I had intended to write a post about the legal aspects of Internet access in a school environment.

The Executive Summary version:

School districts are subject to a wide variety of laws along with what can be considered common sense obligations when it comes to their responsibility to take precautions to ensure the safety of children registered to attend school.  In many cases, the volume of such obligations has led many school districts to decide to no longer allow community events on school property; limit the use of sports fields by outside organizations such as Little League; and, to block access to most Internet sites that are not considered a required part of the curriculum.  This, in turn, has led to parents and students increasingly viewing those schools as being not relevant in today’s world.  A greater understanding on the part of parents about these issues could lead to changes in existing laws and the enactment of other laws which would provide legal protection to schools.

The Law and Legal Liability:

School districts are entrusted with insuring the safety of children registered to attend school.  This creates both a legal obligation and potential risks.  The legal obligations stem from laws which, if broken, can result in fines or other consequences imposed by governmental authorities.  Some risks stem from civil lawsuits brought against a school district over presumed negligence on the part of the district.  Negligence is generally defined as conduct that falls short of what a reasonable person would do to protect another individual from foreseeable risks of harm.  In the United States, then, any injury suffered by a child enrolled in school whether physical, emotional, or economic, could generate a question of whether the school district acted in a negligent way.  School districts become involved in a lot of lawsuits for a variety of reasons and therefore need to be diligent (the opposite of negligent) when it comes to taking reasonable steps to protect children enrolled in school.

Laws passed by federal, state, and local governments must also be given attention by school districts.  However, it can be difficult to determine which laws apply to school districts because of the quasi-governmental role a school district plays.  Many laws are therefore written to be specific about how they do or do not apply to school districts in order to avoid confusion.  However, even laws which apply to school districts often carry consequences which may either not apply to a particular school district or apply in a way which has very little impact.

Examples of Federal Laws:

CIPA – Children’s Internet Protection Act

CIPA is a federal law (see: http://www.fcc.gov/cgb/consumerfacts/cipa.html) that is intended to address concerns over children being exposed to inappropriate content.  The CIPA law only applies to schools who are recipients of monies from the E-rate program (many schools are).  With respect to the CIPA law, inappropriate content is defined as pictures that are a) obscene, (b) child pornography, or (c) harmful to minors.  Schools are required to implement technology to block or filter access to such pictures. Schools are also required to create an Internet safety policy which includes the education of minors about appropriate on-line behavior: including cyber-bullying awareness and response and interacting with other individuals on social networking sites and in chat rooms. They are also required to monitor the online activities of minors, but does not require them to track internet use.

Many people believe that CIPA has led to many decisions by school districts to block access to many parts of the Internet including instant messaging, chat rooms, and social networking sites because of the perception that not doing so may create both a violation of CIPA AND the appearance of negligence on their part if a child is exposed to inappropriate content while using one of these services.  In addition, since many cell phones have Internet access capability, schools feel they must ban cell phone use while at school for fear that this will also open them up to liability.

COPPA – Children’s Online Privacy Protection Act

COPPA is a federal law that is intended to insure that website operators fully disclose their intended use of information they collect about users of their web service who are children under the age of 13.  The website operator must in addition give parents the chance to prevent the disclose of any such information to any party without the parent’s approval; AND, requries the website operator to give parents access to anything collected by the operator abut their child.

Some schools do not understand what, if any, obligations are placed on them by the COPPA law.  A useful starting point is the Federal Trade Commission’s introduction – http://www.ftc.gov/coppa/intro.htm.  A read of the law does open the question about whether a school district that provides a web site which can be accessed by children under the age of 13 is required to meet the requirements of COPPA.  An example would be a homework help site, or a parent portal.  The COPPA FAQ provided by the FTC has two questions that apply:

54. Does the Rule place requirements or restrictions on schools regarding the collection or disclosure of students’ personal information on the Internet?

COPPA allows, but does not require, schools to act as agents for parents in providing consent for the online collection of students’ personal information within the school context. See Statement of Basis and Purpose, ” 64 Fed. Reg. 59888, et seq., available at www.ftc.gov/os/1999/10/64fr59888.pdf, p. 59904. In this regard, schools also must consider their obligations under the Family Educational Rights and Privacy Act (FERPA), which is administered by the U.S. Department of Education. For general information on FERPA, see www.ed.gov/policy/gen/guid/fpco/ferpa.

Many schools have implemented Acceptable Use Policies (AUPs) or other measures to educate parents and students about in-school Internet use. For example, a school may use the AUP to inform parents of what online services are provided to students, and the school’s policies regarding students’ use of the Internet.

55. Does COPPA apply to website operators that contract with schools to provide online services involving the collection, use or disclosure of students’ personal information?

Many school districts contract with third-party website operators to offer online programs solely for the benefit of their students and for the school system, e.g., homework help lines or web-based testing services. COPPA does not apply to the website operator’s collection of personal information from participating children where a school has contracted with an operator to collect personal information from students for the use and benefit of the school, and for no other commercial purpose. Thus, the operator is not required to obtain consent directly from parents, and can presume that the school’s authorization for the collection of students’ personal information is based upon the school having obtained the parents’ consent. The operator should, however, provide the school with full notice of its collection, use, and disclosure practices, so that the school may inform parents of these practices in its Acceptable Use Policy.

Thus, schools would be considered to be acting in a diligent manner by creating an Acceptable Use Policy and obtaining the acceptance of such by their parents.

FERPA – Family Educational Rights and Privacy Act (FERPA)

FERPA is a federal law which protects the privacy of educational records and ensures access by a family to their child(ren)’s educational records.  Specifically, it says that schools must not disclose information on a child’s educational record unless they receive parental approval unless it is of a directory nature.  Directory is defined as essentially contact information and birth date.  While this does place some burden on a school district, the more interesting part of the legislation from our perspective is that school districts must provide access by a family to their child’s educational record.  This includes items which are generally not well organized for ease of access or for viewing by non-district personnel.  An example would be disciplinary records which may contain language which is unflattering to a child.  While the law does not prescribe the nature of the access, it does create an obligation which could easily swamp a district that is not prepared for it.  FERPA carries with it a hefty consequence for non-compliance.  The district may have to forfeit ALL federal aid including Title 1.

FRCP – Federal Rules of Civil Procedure

FRCP is a set of requirements set upon all parties involved in a civil procedure being heard in United States district (federal) courts.  Many lawsuits brought against a school district end up in district court, or in a court which basis its procedures on the FRCP.  The FRCP is a huge set of rules, and we mention it in this blog only because of the coverage FRCP has had in respect to the requirement to make digital information available to a party in a lawsuit.  It used to be the case that the defendant in a lawsuit had quite a bit of time to produce records request in the discovery phase of a lawsuit.  However, recent changes to the law have made it a requirement to comply with discovery requests in a much shorter period of time.  Further the law now requires the retention of digital messages for a much longer period of time.

Laws which protect web site operators (and by inference schools):

Communications Decency Act:

Section 230 of the Communications Decency Act immunizes website from any liability resulting from the publication of information provided by another. This usually arises in the context of defamation, but several courts have expanded it to cover other sorts of claims as well.

Thus, if a user posts defamatory or otherwise illegal content, Section 230 shields a social network provider from any liability arising out of the publication. Websites that, in whole or in part, create or develop contested information, on the other hand, are deemed “content providers” that do not benefit from the protections of Section 230.

Consider the case of a child who engages in so called cyber-bullying.  Under Section 230, the child who was bullied only would have legal recourse against the other child’s family and not the provider, or the school.  This has an impact on civil cases where negligence is claimed.

Digital Millenium Copyright Act

Section 512(c) removes liability for copyright infringement from websites that allow users to post content, as long as the site has a mechanism in place whereby the copyright owner can request the removal of infringing content. Examples of infringing content would be MP3 music files, digital copies of DVD movies, etc.  The site must also not receive a financial benefit directly attributable to the infringing activity.

Again, this protection would extend to a school district in the case of copyrighted content being posted (published) by a student on a social network site.

(TO BE CONTINUED IN ANOTHER POST)