No, sharing passwords in California violates state and federal laws unless explicitly authorized, with penalties under the California Penal Code and the federal Computer Fraud and Abuse Act. Employers and service providers may impose additional contractual restrictions, and the California Privacy Protection Agency (CPPA) enforces compliance under the California Consumer Privacy Act (CCPA), effective through 2026 amendments.
Key Regulations for Sharing Passwords in California
- California Penal Code § 502: Criminalizes unauthorized access to computer systems, including password sharing that exceeds authorized use, punishable by fines up to $10,000 and imprisonment for up to three years.
- Federal Computer Fraud and Abuse Act (CFAA): Prohibits password sharing that circumvents access restrictions, with civil and criminal liabilities, particularly under the 2023 Van Buren v. United States precedent limiting “exceeds authorized access.”
- California Consumer Privacy Act (CCPA/CPRA): Requires businesses to implement safeguards against unauthorized credential sharing, with CPPA audits enforcing penalties up to $7,500 per intentional violation post-2026.
Employers may permit password sharing for business continuity under written policies, but such exceptions must comply with the 2024 California Labor Code § 980, which restricts employer access to personal accounts. Service providers, including ISPs and SaaS vendors, often prohibit password sharing in terms of service, enforceable under contract law. Non-compliance risks litigation under the 2025 California Data Broker Registration Act, which mandates transparency in credential management.