Becoming the first state in what looks like a trend, Maryland has enacted a law, Senate Bill 433, that prohibits employers from requesting or requiring that employees or applicants hand over their passwords to social media accounts and other personal online accounts. The California legislature is currently considering a similar law, as are a handful of others. And the federal government isn’t far behind: Senators Schumer and Blumenthal have asked the Department of Justice and the Equal Employment Opportunity Commission to investigate whether asking employees or applicants for their passwords violates current federal law.

It’s fitting that Maryland was first in line: It was the case of Robert Collins, who was asked to provide his Facebook password during a recertification interview for his job at the Maryland Department of Corrections, that first publicized this issue. (Here’s my previous post about his case.)

No matter how people feel about whether employers should consider public posts in making job decisions, most everyone agrees that information an employee takes steps to shield should remain private. As Senator Schumer put it, requiring applicants to hand over their Facebook passwords is akin to asking applicants “for their house keys or to read their diaries.”

Not to be left behind, Facebook has also weighed in on the issue by making it a violation of the site’s code of conduct to “share or solicit a Facebook password.” In a statement by Erin Egan, the site’s Chief Privacy Officer, Facebook says that it has “worked really hard to give you the tools to control who sees your information”; she also warns employers that they could expose themselves to “unanticipated legal liability” by demanding user passwords.

As more states consider and pass these bills, employees and applicants would be wise to take advantage of the protection by scrubbing their public online identity and shielding their private information behind a password. Apparently, however, that’s easier said than done. A recent study (reported on ZDNet) revealed that users find Facebook’s privacy policies incomprehensible — in fact, harder to understand than government notices, credit card agreements, and even bank rewards program documents. (The good news for Facebook: Users found Google’s privacy policies even more difficult to understand.) Perhaps that explains why 13 million Facebook users, according to a recent Consumer Reports projection, either aren’t aware of Facebook’s privacy settings or haven’t tried to use them.