Addressing a recent hot topic regarding the forced disclosure of social media passwords and/or content as part of the employment application process, California has promptly resolved the issue legislatively. Effective January 1, 2013, employers in California are generally prohibited from requiring applicants and employees to disclose or access social media information. This new law, AB 1844, parallels an analogous law, SB 1349, which prohibits California’s public and private postsecondary educational institutions from requiring similar mandatory social media disclosure from students, prospective students, or student groups. Consistent with its historically strong state constitutional rights to privacy, California becomes the first state to pass social media privacy protection in both the employment and education contexts.

Employers

On September 27, 2012, California Governor Jerry Brown signed AB 1844, which passed unanimously in both the California Assembly and Senate. This new law prohibits employers from requiring applicants or employees to disclose username or password information to employers, to access personal social media in the presence of the employer, or to divulge any personal social media. AB 1844 defines “social media” broadly to include videos, photographs, blogs, instant and text messages, email, online services or accounts, or other web profiles or locations.

Moreover, employers may not retaliate against an employee or applicant for failing to comply with an employer’s unlawful request for access to the employee’s social media in violation of the new law.

AB 1844 carves out limited remedial access rights to the employer. Where the employee’s social media is “reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations,” the employer may request access to social media for the limited purpose of investigating such misconduct. Additionally, for employer-issued electronic devices, employers may still require disclosure of access information, such as usernames and passwords associated with the device.

The new law marks continued expansion of privacy protections for employee social media. Through the passage of AB 1844, California joins Maryland and Illinois, which have enacted comparable laws in the employment context. Similarly, the National Labor Relations Board has increasingly focused on employer social media policies in an effort to invalidate policies that are unlawfully overbroad and chill employee speech that is protected under Section 7 of the National Labor Relations Act. The passage of AB 1844 significantly curtails an employer’s ability to access employee social media in the first place.

In anticipation of these new restrictions, employers should review hiring policies and practices to ensure compliance with the new limitations. In addition, employers should not ask current employees to divulge their social media, or information needed to access it, except in the narrow situations outlined in the statute.

Postsecondary Educational Institutions

On September 27, 2012, Governor Brown also signed SB 1349, which passed unanimously in both the California Assembly and Senate. The new law adds a new social media privacy chapter to the California Education Code and prohibits all postsecondary educational institutions from requiring or requesting current or prospective students to “disclose, access, or divulge personal social media.” Similar to AB 1844, “social media” is defined to include any electronic service, account, or content, such as videos, photographs, blogs, instant and text messages, email, online services or accounts, or other web profiles or locations.

Under SB 1349, a postsecondary educational institution may not threaten a current or prospective student or student group with disciplinary action for refusing to comply with a prohibited request. Private nonprofit or for-profit postsecondary educational institutions must additionally post their “social media privacy policy” on their websites.

The new law will not affect the rights or obligations of postsecondary schools to 1) protect against and investigate alleged student misconduct or violations of applicable laws and regulations, or 2) take adverse action against a student, prospective student, or student group for any lawful reason.

In enacting the law, California becomes the second state, joining Delaware, to establish social media privacy protections for students and student groups. Other state legislatures and the U.S. Congress have proposed similar bills in the educational and employment context, and the trend will likely continue.

SB 1349 takes effect January 1, 2013. In light of this, public and private postsecondary educational institutions should assess their social media policies accordingly to ensure that their policies are compliant under the new limitations. Postsecondary institutions should also refrain from requesting social media information from current or prospective students other than under the exceptions outlined in the new law.