California Limits Employer Access to Personal Social Media Accounts

Effective January 1, 2013, California employers will be prohibited from requesting or requiring employees or applicants to provide their personal social media account access information.  Employers also will be prohibited from asking employees or applicants to access their personal social media accounts in the employer’s presence and from otherwise requiring employees or applicants to divulge personal social media information.  The new law (AB 1844), enacting California Labor Code Section 980, also prohibits employers from retaliating against an employee or applicant who refuses to comply with a request or requirement that is made unlawful under the new law.  AB 1844 casts a wide net, defining “social media” as any electronic service or account, or electronic content, including personal videos, still photographs, blogs, video blogs, podcasts, instant and text messages, email, online services or accounts, and Internet website profiles or locations.

New Labor Code Section 980 provides an exception permitting an employer to request an employee’s personal social media information reasonably believed to be relevant to an investigation of allegations of employee misconduct or violations of law or regulations.  In addition, an employer may request or require an employee to disclose a username, password, or “other method” of log-in for the purpose of accessing employer-issued electronic devices.

Notably, the statute expressly states that the Labor Commissioner is not obligated to investigate or determine any violation of the act, thus allowing claimed violations to proceed directly to litigation.

Fittingly, Governor Brown used Facebook, Twitter, Google+, LinkedIn, and Myspace to announce the new law.

NLRB Limits Employer Regulation of Employee Online Speech

Section 7 of the National Labor Relations Act (“NLRA”) protects employees who “engage in … concerted activities for the purpose of collective bargaining or other mutual aid or protection.”  The statute protects both union-represented and unrepresented employees.  Concerted activities for “mutual aid or protection” include the discussion of terms and conditions of employment, such as wages, hours, and working conditions.  In some circumstances, Section 7 may even protect the conduct of a single person who seeks to initiate, induce, or prepare for group action or attempts to bring group complaints to the attention of management.  The National Labor Relations Board (“NLRB”) has held that Section 7 rights may be unlawfully impaired by employment policies that unduly restrict employees from discussing workplace issues or concerns or from otherwise publicizing information about their working conditions.  In two recent cases, the Board, for the first time, examined Section 7 rights in connection with policies regulating communications made via social media.

The Costco Decision

In Costco Wholesale Corp., the Board found that a provision in Costco’s electronic communications and technology policy, which prohibited employees from posting statements electronically “(such as [to] online message boards or discussion groups) that damage the Company, defame any individual or damage any person’s reputation, or violate the policies outlined in the Costco Employee Agreement, [under the threat of] discipline, up to and including termination of employment,” unlawfully interfered with Section 7 rights.  Reversing an administrative law judge’s finding in favor of Costco, and evidencing a pro-employee shift in its reading of prior NLRB precedent, the Board held as follows:

“Here, the Respondent’s rule does not explicitly reference Section 7 activity. However, by its terms, the broad prohibition against making statements that ‘damage the Company, defame any individual or damage any person’s reputation’ clearly encompasses concerted communications protesting the Respondent’s treatment of its employees.  Indeed, there is nothing in the rule that even arguably suggests that protected communications are excluded from the broad parameters of the rule.  In these circumstances, employees would reasonably conclude that the rule requires them to refrain from engaging in certain protected communications (i.e., those that are critical of the Respondent or its agents).”

The Board suggested, however, that the policy would have been lawful if it were limited only to statements that were malicious, abusive, or unlawful.

The Board also agreed with the administrative law judge that the confidential information provision of Costco’s electronic communications and technology policy violated Section 7.  This provision stated:

“Sensitive information such as membership, payroll, confidential financial, credit card numbers, social security numbers or employee personal health information may not be shared, transmitted or stored for personal or public use without prior management approval. Additionally, unauthorized removal of confidential material from Company premises is prohibited.”

In particular, the administrative law judge took issue with the policy’s prohibition on sharing payroll information, in that “a reasonable employee would read that term as encompassing their wages or other terms and conditions of employment and that the rule inhibits the exercise of Section 7 conduct.”  In addition, the administrative law judge found to be unlawful the policy’s prohibition on removing “confidential information,” as well as related provisions in Costco’s privacy policy, because these policies defined confidential and private information to include “employees’ names, addresses, phone numbers and email addresses, which [employees] otherwise have a protected right to share with each other or with outside entities, such as unions, in the course of protected activities.”  The Board further concluded that Costco’s privacy policy violated the Act because it prohibited employees from discussing “private matters,” including “sick leave, leaves of absence, FMLA call outs, ADA accommodations, workers’ compensation injuries, and personal health information.”

Offering one small bone to employers, the Board held that Costco lawfully may require employees to communicate with “appropriate business decorum” because a reasonable employee would conclude that such rule was intended to ensure a civil and decent workplace and not to curtail Section 7 rights.

The Karl Knauz Motors Decision

Shortly after the Costco decision, the Board issued its decision in Karl Knauz Motors, Inc., which examined the scope of protected activity with respect to an employee’s Facebook postings.  (For a more detailed discussion of the administrative law judge’s decision in this case, see our October 2011 MSK Alert here.)

First, the Board applied Costco and found that the employer’s “Courtesy” policy, which required employees to “be courteous, polite and friendly to our customers, vendors and suppliers, as well as to their fellow employees” and stated that “No one should be disrespectful or use profanity or any other language which injures the image or reputation of the Dealership,” was unlawful.  The Board objected to the policy because “employees would reasonably construe its broad prohibition against ‘disrespectful’ conduct and ‘language which injures the image or reputation of the Dealership’ as encompassing Section 7 activity, such as employees’ protected statements—whether to coworkers, supervisors, managers, or third parties who deal with the  Respondent— that object to their working conditions and seek the support of others in improving them.”

Further, the Board affirmed the administrative law judge’s finding that an employee’s Facebook postings criticizing the refreshments served to customers at a BMW release event were protected because the refreshment choices may have turned off customers, affecting the employees’ commission compensation.  However, the Board agreed that the employee’s posting of pictures and commentary about an accident involving a child driving a Land Rover into a lake during another dealership event were not protected by Section 7, as these posts were not connected to the employee’s terms or conditions of employment and were merely “posted as a lark.”


1. If an employer can access an applicant’s or employee’s Facebook or Twitter postings without requesting her username or password, may the employer review and use the information?

New Labor Code Section 980 will not prohibit employers from viewing or using information made publicly available by an applicant or employee through social media.  However, employers must take care on how such publicly available information is used.  For example, if an applicant publicly posts that she has filed a lawsuit against a prior employer alleging sex discrimination, it could violate various laws if the employer used this information in deciding not to hire the applicant.

2. What if the employee uses social media on behalf of the employer (i.e., maintains the Employer’s Facebook Company Profile)?

The new California law is limited to employees’ and applicants’ “personal” social media accounts and should not apply to an any social media account, website, or blog established, owned, or controlled by the employer.  Accordingly, the employer would be free to regulate what is stated in such media and to require employees to share passwords established for such media.

3. May an employer maintain a social media policy that prohibits employees from disclosing confidential company information?

Certainly, an employer may protect its trade secrets, customer information, and the like from unauthorized disclosure.  However, it must be extremely cautious where confidential information is defined to include information related to employees and the terms and conditions of their employment.  The NLRB has demonstrated that overly broad policies failing to provide sufficient examples of what is and is not prohibited will likely be found to violate the NLRA.  Accordingly, any policy regulating the disclosure of confidential information in any context, including social media, should be narrowly tailored and should provide clear examples of prohibited conduct.