This post was written by Rose Plager-Unger and Frederick Lah.

On May 21, 2014, Oklahoma enacted H.B. 2372, following the trend outlined in our earlier article on the growing number of states prohibiting employers from requesting employee or applicant social media account passwords.  H.B. 2372 prohibits employers from requesting or requiring the user name and password of employees’ or applicants’ personal social media accounts or demanding employees or applicants to access the accounts in front of the employer.  The law also prohibits employers from firing, disciplining, or denying employment to employees or applicants who refuse to provide the requested information.

Currently, fifteen states have enacted laws similar to Oklahoma’s law, and legislation has been introduced in at least thirteen more states.  This issue only continues to grow as Facebook has publically supported laws restricting employer access.  Further, even if a state has not adopted a law specifically prohibiting employers’ access to employees’ or applicants’ passwords, employees and applicants can invoke common-law privacy principles to protect their privacy rights.

While questions remain as to how widespread the practice of requesting employee or applicant social media passwords was, there is no denying the fact that Oklahoma’s new law represents the latest in a growing trend.  Employers should take proactive steps to protect themselves from potential violations including updating internal policies and procedures to comply with the new legislation.  Given the patchwork of laws governing this issue, it is the best practice for an employer who maintains employees in many of these jurisdictions to comply with the most restrictive state’s law.  Further, once employers revise their policies and procedures, they should make sure that employees involved in the hiring process and in managerial positions are aware of what they can and cannot ask of applicants and employees.