From Connecticut to California, concern over a rise in employer demands for access to prospective employee’s social media logins and passwords is leading lawmakers to take action.

There is pending legislation in at least five states – including Minnesota, Illinois, California, and Massachusetts – and the Maryland legislature just passed its own version of a bill prohibiting the practice.

But as this groundswell grows, questions are rising about whether laws will actually stop employers from seeking out digital information in an increasingly digital age.

“There is a legitimate and growing concern about privacy on the Internet,” says Katharine Parker of Proskauer Employment Law Counseling & Training Group in New York, who advises employers on hiring practices and other HR issues. “Is there any privacy on the Internet, should there be, and what laws are needed to regulate it are all questions that are just now being asked.”

Indeed, many experts say that companies do not need to ask for Facebook passwords to get information on applicants or employees. The notion that privacy settings make things on Facebook private ”is not necessarily accurate,” says Ms. Parker.

“Even if you have a lot of privacy settings on Facebook, it’s not private if you have lots of friends,” she says.

There are many ways to get information from applicants’ social media without asking for their password, says Kabrina Krebel Chang, assistant professor of business law at Boston University’s School of Management.

“In many cases, the applicant is Facebook friends with someone already at the workplace,” she notes via e-mail.

There is nothing to stop that friend from showing others in the company the Facebook page. “If there are no direct Facebook friends, many applicants are ‘friends’ of other pages or have liked other pages such as alma maters, interest groups, products, etc.,” Ms. Chang adds.

Human resources departments will simply switch to sending “friend requests” to applicants and presenting this view of the individual during the interview process, says Charles Palmer, executive director of the Center for Advanced Entertainment & Learning Technologies at Harrisburg University of Science and Technology in Pennsylvania.

“It’s a little less overt and completely legal,” he says via e-mail, adding that he expects “to see more investment into ‘social forensics’ to help weed out the applicant pool.”

The main thing for potential – and current – employees to remember is that any information that can be accessed on a computer is potentially going to be used in a hiring process, says Deborah Sweeney, CEO of MyCorporation.com.

Most people with time and the right knowledge and technology “can access information that’s been posted online, even if it’s been posted to a social media profile that’s been made private,” she says via e-mail. Both employees and employers need to realize that anything they put online, could end up being public, she adds.

Get the Monitor Stories you care about delivered to your inbox. By signing up, you agree to our Privacy Policy

For these reasons, some experts think it is not only unnecessary but unwise for companies to ask for social media passwords.

“Once you ask for this kind of access, then you are on notice for anything that you might find,” says Todd Taylor, an attorney with Moore & Van Allen who specializes in communication technology. “I would advise against going after information that isn’t already public for the simple reason that if you see something and you don’t act on it, you have the potential issue of a negligent hire down the road.”