Employers in Illinois and California cannot ask for usernames and passwords to the personal social media accounts of employees and job seekers under laws that took effect on Jan. 1.
Illinois Gov. Patrick Quinn in August signed legislation amending the State's 'Right to Privacy in the Workplace Act.'
California Gov. Jerry Brown signed legislation adding the prohibitions to the State's Labor Code in September.
The two states join Maryland, Michigan, New Jersey and Delaware in implementing such privacy laws.
The state laws were prompted by privacy and worker advocates concerned that some employers were asking job seekers and employees for access to their personal social media accounts as a condition of hiring and employment.
Maryland's law, for instance, was passed after a controversial incident where a sate Division of Corrections worker was asked to provide his Facebook login credentials during a recertification interview.
Similarly, Michigan's law came after an elementary school teacher's aide was fired for refusing to provide school authorities access to her Facebook profile. The request came after a parent complained about seeing what they called an inappropriate photo on the social media site.
In a report issued last year, the Council of State Governments said it had received several reports of people being asked to delete their social media accounts, 'friend' the human resources director and/or supply private login credentials to employers.
The new Illinois law explicitly bans such employer requests, even for jobs that require comprehensive background screening.
The law does, however, allow employers to review publicly available social media information and to monitor employee email and data stored on company computers.
California's law prohibits employers from asking workers for access to social media accounts containing "videos, still photographs, blogs, video blogs, podcasts, instant and text messages, email, online services or accounts, or Internet Web site profiles or locations."
The law prohibits employers from terminating employees or otherwise retaliating against them for failing to give up passwords or other information used to access personal social media accounts.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.