Chapter 3: Web-Related Legal Issues and
| QUESTIONS ANSWERED IN THIS CHAPTER:
- What is an Acceptable Use Policy?
- How do state "Sunshine Laws" apply to web communication?
- When should an agency filter its web site?
- What are some legal issues to be addressed?
There are some aspects of web development necessary to meet
federal, state, or local laws and regulations. Many of these regulations
are adapted from rules or laws that existed before the advent
of the Internet. For example, education agencies have long been
required to comply with copyright regulations, Sunshine Laws (see
below), and student privacy rights. New technologies mean that
new procedures may need to be in place.
An Acceptable Use Policy (AUP) should be developed by an agency
that allows students, staff, or community members to use computers
or to connect to the Internet through the agency. The intent of
an AUP is not to exclude anyone from using a computer, but to
be certain that everyone understands that this usage is a privilege
that can only be retained with appropriate usage.
This chapter concludes with a discussion of Internet filtering.
For example, should an agency or school filter out web sites that
may be objectionable? This chapter does not attempt to answer
this very difficult question definitively. Rather, it describes
various filtering techniques that could be employed.
At the same time an agency is deciding on content for a prospective
web site, agency staff should think about related policy issues
and guidelines that will affect the entire organization. Even though
the World Wide Web has been around for a relatively short time,
the Internet has been in general use long enough that effective
practices already exist based on well-known pitfalls. Now is the
time, if the organization has not done so recently, to review Internet
policies and procedures.
Many of the needed policies, such as "acceptable use"
and "right to know," have legal implications and may be
required by local, state, or federal regulations. This chapter
provides general guidelines for awareness of potential legal issues,
but does not purport to give legal advice. Specific legal questions
should be discussed with the agency's attorney.
A district is responsible for a web site developed
at a school.
While many school districts and state departments
of education are attuned to the need for many of the policies and
guidelines described below, the school technology coordinator and/or
the students creating the school web site may not be aware of the
policy issues that arise when a web site is developed. The district
is ultimately responsible for its school web sites and must ensure
that each school adheres to applicable laws and regulations.
Acceptable Use Policies
Whether an organization provides direct services to students or
serves as a support or regulatory body for schools, adoption of
an AUP is essential. The purpose of this policy is to inform users
of the ground rules, thus protecting them and the education agency
from violations of law, practices that would damage the system,
or misunderstandings regarding who is responsible for what.
Internet usage for staff and students is a privilege,
not a right.
The responsibility of "acceptable use" comes
with the privilege of Internet access that is afforded to students,
staff, and, sometimes, parents. No one should be using the Internet
in a school or district environment until that person has reviewed
and signed the agency's AUP. Where students are concerned, parents
need to review the AUP and complete the signature page, indicating
An AUP should include the following:
- notice of the rights and responsibilities of computer and
- notice of legal issues, such as copyright and privacy;
- notice of acceptable content and conduct on the network;
- description of behaviors that could result in disciplinary
- description of the range of disciplinary options, including
the removal of access privileges.
The AUP applies to all users accessing the Internet from agency
terminals or computers. This includes teachers, students, parents,
and other members of the community who might use the Internet at
an agency site. For example, members of the community using school
computer labs to learn about technology also need to review the
The AUP should be available in a variety of formats for those
who do not speak English or who have a disability that makes reading
the policy impractical. Finally, the agency should avoid including
provisions in the policy that it is not willing to enforce, or
that will create difficult legal situations by their enforcement.
All users need to understand the consequences of failure to comply
with the AUP.
A student should have specific written approval
of a parent or guardian for school-based Internet access.
Each AUP should include a detachable page where
the user, or the parent or guardian of a student, can acknowledge
that he or she has received, read, and understood the policy. The
agency should retain this sign-off sheet. No student should have
school-based Internet access without specific written approval of
a parent or guardian. Parents need to work with agency personnel
to ensure that students understand the components of the AUP.
An example of an AUP along with a parent signature sheet and
other policy documents are provided in appendix
E of this document.
Open Meeting (Sunshine) Laws and the Freedom
of Information Act
Every state has some version of an open meeting law, frequently
called the Sunshine Law or Right-to-Know Law. The intent of this
type of statute is to ensure that public business is conducted openly
and that access to public records is guaranteed to the citizens
of the state.
Many of these laws have not been updated to recognize electronic
communication; however, this has not stopped courts from applying
the laws to such communication. To avoid problems that might arise,
if a public agency maintains a web site, an e-mail server, list
servers, or electronic bulletin boards, policies should be in
place to address the use of these media for communication among
the members of a governing body, such as a board of education.
Electronic files are subject to the same legal
requirements as paper documents.
Use of electronic media to inform public officials
and the public generally is not contrary to law. However, in many
states, when the communication invites, or results in, responses
from and discussion among public officials, such communication may
constitute an illegal meeting. Some states' laws specifically prohibit
electronic meetings. Others, while not prohibiting such a meeting,
may require public notice stating that the meeting will occur and
identifying a location where the public, in real time, can monitor
the electronic communications.
Under the Freedom of Information Act (FOIA), members of the
public can request, and must be granted access to, any documents
in the possession of a public agency that address public business
and are not specifically protected by other statutes establishing
classes of confidential records. Over the years, public agencies
have developed records retention policies designating how long
their paper documents will be retained in the files before disposal
or destruction will be permitted. Under FOIA, electronic files
are subject to the same legal requirements as paper documents,
so it is important for an education agency to maintain an archive
or archives of e-mail and other electronic documents as they would
Simply stated, usability guidelines ensure that visitors using
various software packages are able, optimally, to view a web site.
For example, programming requirements for Microsoft's Internet
Explorer® are somewhat different from those for Netscape.
In order to accommodate users of both applications, a web site
has to be programmed accordingly. While there are no legal requirements
to accommodate users of different software applications, agencies
should consider the issue and establish formal guidelines.
Certain aspects of maintaining a web site, such as accessibility,
privacy, and copyright, may require compliance with
laws or federal regulations. Whether working with outside sources
on the development and/or maintenance of the web site or managing
the process in-house, the agency needs to have policies in place
to ensure that usability guidelines are followed.
Web sites are effective tools to assist people
The World Wide Web Consortium (W3C), an international
group seeking to optimize the use of the web, has developed standards
to address Section 508 of the Rehabilitation Act [29 U.S.C. 749d]
requirements (see appendix F
). These standards,
known as the Web Access Initiative (WAI), provide practical guidance
for web developers in designing accessible web pages. The standards
are prioritized and include sample HTML programming code to assist
Web site accessibility measures include the following:
- Attach alternative text tags to graphics. The tags can be
spoken to visually impaired and blind users with programmable
- Avoid the use of red and green in web text. Use of style
sheets to set standard color schemes on a web page will permit
color-blind users to modify colors easily from within their
- Enable synchronized captioning of audio files and avoid the
use of streaming audio for deaf and hearing-impaired users.
A free service for checking web site accessibility according to
WAI and Section 508 standards is located at www.cast.org/Bobby/
For more detailed information about W3C and WAI guidelines, visit
Student Rights and Privacy
The Family Education Rights and Privacy Act (FERPA) regulates
the dissemination of student information. The regulations apply
to information posted on the Internet or web. The posting of student
work, photos, or other personally identifiable information on
a web site is one of the most obvious issues addressed by federal
and state privacy laws.
One might ask: If the Internet and World Wide Web are used to
access information outside an agency, how can internal privacy
issues be a concern? Often web sites are created to inform the
community about the activities of a district or school. Under
these circumstances, classroom or schoolwide test scores may be
displayed. These web pages may be based on student databases that
are maintained by the agency.
People should not be able to identify individual
students from an agency web site.
Student privacy is an agencywide issue. Even
computer programmers need to be trained on the provisions of federal,
state, and local laws and regulations that prohibit the display
of individual student information, particularly when such information
exists in agency databases.
Even if a district does not maintain a database of all
students, there is a great probability that databases of special
education or Medicaid-eligible students exist. Such databases
would be subject not only to the privacy requirements of FERPA
[20 U.S.C. 1232g] but also the privacy regulations of the Health
Insurance Portability and Accountability Act of 1996 [45 CFR Parts
160 and 164] (HIPAA) and the Individuals with Disabilities Education
Act [20 U.S.C. 1400 et seq.] (IDEA). In addition to protecting
the privacy of students, agencies maintaining databases must provide
security for employee records as well.
Discussing laws and federal regulations about student privacy
may seem esoteric, or even unnecessary. However, it is not a difficult
task for a person to make contact with students simply by using
information obtained on the Internet. While this may be a frightening
scenario, a photograph connected to a name displayed on a school
web site makes it much easier to identify a student.
Policymakers are urged to provide this guidebook to their district
information or technology director or their school site technology
coordinator for a review of the information in this chapter and
the discussion of security procedures in chapter 6. Additionally,
the federal acts named above should be reviewed.
Student reports must cite information gathered
from the Internet the same way information from other media is cited.
Many educators have common misconceptions about
Fair Use Doctrine for schools and libraries under the United States
Copyright Law [17 U.S.C. 107 et seq
.]. This misunderstanding,
coupled with a general belief that anything found on the Internet
is free for the taking, can put the agency at risk of severe legal
Establishing a link from one web site to other web sites is
entirely within legal practice; however, copyright law protects
the materials on those web sites. It is imperative that educators
have a reasonably good understanding of what constitutes "fair
use" and what is prohibited. The education agency's policy and
its accompanying procedures should provide guidance to users and
should establish, without equivocation, that violation of copyright
law is contrary to the policies and practices of the agency.
Copyright compliance applies as well to the use of the Internet
by students. For example, it is important for educators to ensure
that students understand fair use of citations and quotes obtained
online for use in their own class presentations and reports.
Filtering is required if the agency
has benefited from discounts for internal school connectivity
or Internet access via the Erate discount program. See
Filtering of Internet content is one of the most controversial
issues facing schools and districts using the Internet. Proponents
of filtering are concerned about protecting children and teens
from inadvertently, or intentionally, visiting sites with pornographic
material, hate group rhetoric, or other inappropriate material.
Opponents believe that censorship of any kind, even for children,
sets a dangerous precedent that is contrary to the free speech
provisions of the U.S. Constitution.
For schools and districts participating in the federal E-rate
discount program, the question of whether to filter is answered
by provisions of the Children's Internet Protection Act (Public
Law 106-554). This act, often referred to as CIPA, requires agencies
receiving E-rate discounts for school connectivity or Internet
access to employ a filter, regardless of their philosophical preferences.
There are many options available for agencies that choose, or
are required, to place some type of filtering system on their
web site. All methods should be considered carefully to determine
what they do, how they operate, and how much time the agency will
need to devote to maintaining the filtering system.
Whether to filter is not as straightforward a
decision as it might appear.
The earliest filtering programs still in common
use contain lists of keywords or phrases likely to be found on objectionable
web sites. These lists tend to be static and inflexible. The primary
complaint about this type of filter is that it blocks access to
a large number of appropriate sites, such as those describing research
on breast cancer and government data files listing the data element
for gender as "sex."
An alternative to the list filter is a subscription to a service
that constantly reviews and screens new sites for objectionable
material. Specific sites, rather than words and phrases, are blocked.
The main objection to this method of filtering is that access
to some objectionable sites is still possible because monitoring
every site on the Internet is impracticable. A newly emerging
challenge for filtering services is the purchase, by "disreputable"
companies, of Uniform Resource Locators (URLs), or web addresses,
previously owned by other businesses and organizations. These
URLs are used to mask the true nature of a site.
Most subscription lists accommodate manual overrides to permit
the local network administrator to define trusted and questionable
domains. Reviewing lists to determine what the filter should override
is a time-consuming process and, therefore, expensive. Generally,
it is impractical for an organization to structure its entire
filtering system on this basis.
A larger agency may choose to develop its own process for filtering
the Internet. While providing more flexibility for the agency,
this effort can be resource intensive. Personnel will need to
be assigned to determine which sites should be filtered. The agency
will need to establish procedures for monitoring the filter and
for responding to requests from staff to modify the filtering
In addition to filtering content and advertising, the agency
may consider filtering unacceptable services. For example, it
may block "free" web-based e-mail services, instant messaging
services, or chat rooms. The agency may additionally choose to
block the downloading of multimedia content, such as music files
or movies, because of its heavy use of bandwidth and copyright
In 2001, 96 percent of all public schools with
Internet access used some procedure to control student access to inappropriate
material on the Internet.
Within the local network, the agency may have
the ability to restrict Internet access on specific computers or
work groups, while granting broader access to others. Thus, a filter
may be active on the firewall for computers used by students but
configured to grant greater freedom to faculty or administrative
staff computer users.
Many districts deal with filtering and web-based advertising
proactively. They filter all sites and then determine
which sites would be appropriate for use within the agency. Students
are allowed access to approved sites only.
Agencies discussing a software or hardware solution with vendors
should ask about the criteria used to determine what is to be
filtered. If a vendor has a specific political or moral agenda,
for example, sites may be filtered that oppose that agenda.
While there is a great deal of discussion about filtering out
inappropriate sites on the Internet, there is no substitute for
the vigilance of teachers. Professional development programs should
stress that surfing the Internet is an inappropriate activity
for students at school. The web, in a classroom, should be treated
as an instructional tool, not a plaything. The agency's AUP should
contain language that defines the appropriate use of the Internet
by students (see appendix E for a sample
Logging System Usage
Even if an agency does not require filtering, the related issue
of access to and maintenance of Internet logs must be considered.
The logs are electronic records documenting the sites visited
from the agency's network. One New Hampshire parent successfully
sued a school district to gain access to its Internet logs in
order to determine whether the district, which was not filtering,
was providing enough protection to students through its AUP. The
judge granted the parent's request for access, but the district
had already deleted the logs.
In addition to the question of access, the district found itself
having to defend its position related to the deletion of the records.
The problem was not just that the records were deleted, but that
there was no policy governing a file maintenance schedule or purging
procedure. In short, because the district had no standard operating
procedure in place, it appeared to the judge that the logs were
deleted to prevent their use as evidence in a legal action. The
court found the school district to be in contempt of court and
ordered it to produce the remaining records and to pay the parent's
costs and attorney's fees. The case could set a precedent regarding
parent access to logs that will affect schools and districts nationwide.
The bottom line is that a policy must be in place regarding
the retention and destruction of files and must address the use
of all computer systems within the agency.
- A district is responsible for a web site that is developed
at a school within that district.
- An Acceptable Use Policy should be
available for all users of the Internet within the agency.
- The Freedom of Information Act and state Sunshine Laws have
an impact on the use of the Internet in an education agency.
- Usability standards can be employed to ensure that the web
site has the widest possible audience.
- Student rights and privacy guidelines that apply to the education
community include the use of the Internet and its components,
such as the World Wide Web.
- Usability guidelines must address access for individuals
with disabilities and the protection of privacy and confidentiality
rights of students.
- There are many options available for filtering web content.