Resource Center

SLCUSD Sample Policy
What's Required vs What's Assumed
Compliance Failure Matrix
SafeSport Policy
90-day Rollout Playbook
Picking a Vendor
Resource Center
/
What’s Required

SB 848 / Ed Code 32100 — What’s Required vs. What’s Assumed

When California passed SB 848 and updated Ed Code 32100, the intent was straightforward: reduce risk in staff–student electronic communication by bringing it under meaningful supervision.

Most schools agree with that goal.

Where many struggle is not with intent, but with translation — turning a legal mandate into systems and practices that hold up under real-world conditions.

This article explains what SB 848 actually requires, what it leaves unresolved, and why that gap is where most compliance failures occur.

Terminology
In this article, schools refers collectively to public school districts, charter schools, and private schools subject to SB 848 and Education Code §32100.

What the Law Clearly Requires

SB 848 amends Education Code § 32100 in two key ways that apply directly to digital communication:

  • § 32100(b)(1)(B) requires governing boards to:
    “Establish appropriate limits on contact, during or outside of the schoolday, between pupils and school employees, volunteers, and school contractors via social media internet platforms, text messaging, and other forms of communication that do not otherwise include the pupil’s parent or guardian.”
  • § 32100(b)(2) requires governing boards to:
    “Adopt written policies, plans, or specifications that address classroom and nonclassroom environments to promote safe environments for learning and engagement that are easily supervised.”

Taken together, these provisions establish several non‑negotiable expectations that schools must operationalize. 

1. Digital staff–student contact must have appropriate limits—especially one‑to‑one.
The law does not ban communication. It recognizes that staff sometimes need to contact students directly. But it requires governing boards to place limits on that contact via social media, text, and similar channels—particularly where parents are not included and where the interaction is one‑to‑one.

2. Digital communication is a nonclassroom environment that must be easily supervised.
Text messages, direct messages, team apps, and similar tools are not informal side channels. Under § 32100(b)(2), they are nonclassroom environments the school sponsors and is responsible for making “easily supervised.” Communication cannot live entirely in private, fragmented, or user‑owned spaces.

 3. Communication systems must support existing safety and investigative frameworks.
Policies on student safety, employee conduct, and investigations presume that the school can:

  • see relevant interactions
  • retain them consistently
  • retrieve them without undue delay.

If digital communication records are fragmented, privately owned, easily altered or deleted, or difficult to obtain during a concern or complaint, the environment is not aligned with those frameworks.

4. Administrative control and timely response are assumed, not optional.
The statute does not spell out every technical detail, but it assumes the governing board and administration can:

  • understand how staff–student communication happens,
  • intervene when patterns become concerning
  • respond quickly and credibly when questions arise.

That assumption about institutional control over digital environments matters more than any single sentence in the law.

What the Law Does Not Define — and Why That Matters

The most important compliance challenges stem less from what SB 848 says and more from what it leaves open‑ended. Those gaps are where leadership must make clear, defensible choices.

1. “Appropriate limits” on one‑to‑one contact
The law requires limits on contact via social media and text, especially where parents are not included. But it does not specify:

  • When is a one‑to‑one message acceptable?
  • What counts as necessary logistics versus inappropriate familiarity?
  • How should exceptions (illness, transportation issues, emergencies) be handled?

Schools must define these boundaries in policy and practice—especially in extracurricular and individualized contexts where one‑to‑one contact is often necessary for the program to function.

 

2. What it means for a digital environment to be “easily supervised”
SB 848 does not define “easily supervised.” It leaves open questions such as:

  • Is it enough that messages can be pulled later, if needed?
  • Does “easily” imply real‑time visibility, periodic review, or simply centralized retention?
  • Who must be able to see what, and how quickly?

The absence of a precise definition does not reduce responsibility. It shifts it to boards and administrators to adopt a standard they can explain and defend.


3. Monitoring vs. reconstruction
The statute does not specify whether supervision must be:

  • continuous
  • sample‑based
  • triggered only by concerns

Schools must determine whether their model is truly supervision—or merely the ability to reconstruct events after something has gone wrong. Under SB 848, an environment that can only be pieced together through manual effort is retrievable, but not necessarily easily supervised.

4. Auditability and timely access
Similarly, auditability and timeliness are not quantified:

  • How quickly should relevant records be accessible in a complaint or investigation—minutes, hours, days?
  • Who needs direct access (e.g., site administrators, HR, legal, Title IX)?
  • Can users alter or delete messages in a way the institution cannot see?

In all of these areas, SB 848 establishes the outcome—appropriate limits in digital channels, and environments that are easily supervised—without prescribing the exact mechanism. Schools must fill in the operational details.

The Assumptions That Undermine Compliance

In working with schools implementing staff–student communication policies, several assumptions recur — often with good intentions. They are understandable, but they often collapse when measured against the standard of an easily supervised environment.

These assumptions often feel reasonable in isolation. The problem is that they fail once communication scales across staff, students, and time.

Assumption #1: group chats reduce risk. 

This can be true in systems where one-on-one communication is restricted and centrally visible. However, in many commonly used tools — including SMS-based group threads and platforms that allow unrestricted direct messaging between connected users — group chats often function as an entry point rather than a boundary. Once participants are connected, side conversations can occur outside the group context and outside administrative visibility.

Assumption #2: copying parents creates compliance

While parent inclusion can increase transparency in specific exchanges, it does not establish centralized oversight, consistent retention, or institutional ownership of records. In practice, communication becomes distributed across personal devices, email accounts, and messaging threads, making supervision and retrieval more difficult rather than less.

Assumption #3: records can be retrieved if needed

This presumes that messages are retained, accessible without delay, and complete. In systems where communication is not centrally governed by the institution—including tools that allow unrestricted direct messaging, user-controlled deletion, or delayed record access—these conditions are often not reliably met, particularly under time pressure or during an active concern.

Assumption #4: policy alone governs behavior

Most staff act in good faith. That does not make policy self-executing. Under normal constraints—time pressure, habit, convenience—behavior tends to follow the path of least resistance:

  • the app everyone already uses
  • the channel that produces the fastest response
  • the tool that works best on a personal phone

Unless systems are designed to support and reinforce expectations, policy will inevitably be outpaced by practice. Under SB 848, that disconnect is no longer just an operational issue; it is a compliance and governance issue.

SB 848 Was Not Written as a Technology Law — But It Assumes Technology

SB 848 does not mandate a specific platform, vendor, or technical implementation. That has led some schools to treat it as primarily a policy exercise: update handbook language, restrict one-on-one communication, and reference an “approved” tool.

That approach misses a critical reality.

The law assumes schools will actively supervise electronic communication, not merely discourage misuse. In other words, SB 848 does not rely on schools telling staff how to behave — it relies on schools designing environments where

  • unsafe behavior is hard to sustain, and
  • concerning patterns are easier to see.

Policies describe expectations.

Systems determine whether those expectations hold up in real use.

Under § 32100(b)(2), the digital spaces where staff and students interact are nonclassroom environments the school sponsors. Those environments must be “easily supervised”—a standard that cannot be met by intent and policy alone.

Why Platform Choice Is a Governance Decision

Because SB 848 is often framed as a compliance or safety issue, platform selection is sometimes treated as a technical decision or delegated primarily to IT teams. While IT plays a critical role, this framing is incomplete.

IT teams are well-positioned to evaluate security, integrations, and uptime. SB 848 compliance, however, hinges on governance: who has visibility into communication, who controls access, who owns records, and how quickly administrators can intervene when concerns arise.

A platform can be technically secure and still fail compliance expectations if administrative visibility is limited, audit access is delayed, or enforcement controls vary by role or department. These are not merely feature deficiencies — they are governance failures.

Choosing communication tools is, in effect, choosing where staff–student communication will occur, and whether that environment can be supervised at the institutional level.

A More Practical Compliance Standard

Rather than asking whether a policy or platform technically satisfies the statute, schools should ask a more practical question:

Does this system create digital environments for staff–student communication that we can easily supervise under real‑world conditions?

A defensible approach to SB 848 compliance typically includes communication that is:

  • Centralized rather than scattered – Staff–student messages live in school‑governed systems, not across personal devices and consumer apps.
  • Visible at the institutional level – Authorized administrators can see who is communicating with which students, and how, without relying on individual cooperation.
  • Auditable without delay – Relevant records can be reviewed quickly when concerns arise.
  • Supportive of necessary one‑to‑one contact – Direct messages can occur where they are needed, but only inside environments the school can supervise.
  • Resilient to normal human behavior – Oversight continues to function as staff, tools, and habits change over time.

Anything less does not eliminate risk—it merely obscures where the risk lives.

The Question Schools Should Be Prepared to Answer

Every school should be able to answer the following without hesitation:

If an issue arose tomorrow, could we clearly demonstrate that staff–student electronic communication—group and one-to-one—occurred inside digital environments the school can easily supervise?

If the answer depends on good intentions, manual reconstruction, or policy language alone, there is work left to do.

Meaningful compliance with SB 848 begins when oversight is built into the environments where communication actually happens—not simply assumed through behavior or policy.

FanAngel
©2026 FanAngel, LLC
  898 Napa Ave Unit 1292 - Morro Bay, CA 93442
Privacy PolicyTerms & ConditionsContact Us