California Joins Several Other States by Enacting Social Media Privacy Laws

October 11, 2012

On September 27, 2012, California Governor Jerry Brown announced on Twitter, Facebook, Google+, LinkedIn and MySpace two new laws he signed to “protect Californians from unwarranted invasions of their social media accounts.” Effective January 1, 2013, employers and colleges will be restricted from demanding access to the social media accounts of applicants and employees/students except under limited circumstances. Social media is broadly defined by both laws as an “electronic service or account, or electronic content, including, but not limited to, videos, still photographs, blogs, video blogs, podcasts, instant and text messages, email, online services or accounts, or Internet Web site profiles or locations.”

Employer Restrictions

Assembly Bill 1844 (“AB 1844”) adds section 980 to the California Labor Code, which prevents employers from requesting or requiring an applicant or current employee to:

  • Disclose a username or password for the purpose of accessing personal social media;
  • Access personal social media in the presence of the employer; or
  • Divulge any personal social media.

The above restrictions do not apply to employer-issued electronic devices or if the employer seeks such information in connection with an investigation into misconduct. The new law also prohibits employers from disciplining, discharging, threatening to discharge or discipline, or otherwise retaliating against an employee or applicant for not complying with a request or demand by the employer that violates the new labor code section.

AB 1844 is the third state law to restrict employer access to applicant and employee social media. A similar Maryland law went into effect on October 1, 2012, and an Illinois law will also go into effect on January 1, 2013.

The Securities Industry and Financial Markets Association (SIFMA) opposed AB 1844 after the bill’s sponsors rejected an exception it proposed to allow securities firms to monitor financial services employees’ personal social media accounts used to carry out business that is subject to the content, supervision and retention requirements imposed by federal securities laws and regulations. SIFMA explained that the exception for misconduct was insufficient as it does not address securities firms’ need to monitor, record and retain business-related communications on personal social media sites. With the passage of AB 1844, such firms may be placed in the untenable position of violating AB 1844 or failing to comply with FINRA obligations.

It remains to be seen how the new labor code provision will be enforced. The provision specifically states that the Labor Commissioner is not required to investigate or determine any violation of the law, but it does not expressly provide for a private cause of action or specify any penalties for its violation.

Even before passage of AB 1844, it was a best practice not to request access to personal social media from applicants or employees (except where necessary in the financial services industry). Indeed, this new law may reduce potential exposure to employers who may have been deemed to have knowledge of all information contained on personal social media sites. However, with the new law, employers must ensure that they revise any written policies regarding accessing personal social media and train supervisors and those who interview employees that personal social media is off limits.

Public and Private Postsecondary Institutions

The second bill, SB 1349, places similar restrictions on public and private postsecondary educational institutions. Under the act, colleges and universities in California cannot request or require students, applicants or student groups to disclose their social media account username or password. They are likewise barred from requesting or requiring that a student, applicant or student group access personal social media in the presence of an institution’s employee or representative or disclose any personal social media information. In addition, all private colleges must post their social media privacy policy on their web site.

Earlier this year Delaware passed the so-called Higher Education Privacy Act. Though similar to California’s SB 1349, Delaware’s education law contains express bans on a wider range of conduct. In addition to being prohibited from requiring or requesting disclosure of account info or demanding access to a student's or applicant’s account, Delaware colleges cannot request or require a student or applicant to “friend” the school or its representative, or access a social networking account indirectly through another person who is friends with the student or applicant. Delaware’s law also makes it illegal for colleges to monitor or track a student’s or applicant’s phone or laptop or other electronic communication device. Both the California and Delaware laws prohibit a school from taking adverse action against a student or applicant based on their refusal to disclose the protected information. However, neither law affects a college’s ability to protect against and investigate suspected unlawful activity.

Ten other states are currently considering social media privacy laws that cover employers or colleges or both, and other states appear likely to take up the issue. Three Federal bills addressing various aspects of computer and social networking account privacy are also working their way through Congress. These new and proposed laws exemplify the ever-changing environment related to social media and attempt to balance individual privacy with the obligations of employers and educators.


If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:


This article was originally published by Bingham McCutchen LLP.