Washington State has joined the flood of password-protection legislation. The Washington bill (currently awaiting signature by Governor Inslee) broadly prohibits employers from accessing employees’ and applicants’ social networking accounts. Employers are prohibited from: (a) requiring disclosure of log-in information; (b) asking for access to the account in the employer’s presence; (c) requiring the acceptance of a “friend” request from the employer; (d) requiring a change in privacy settings to make the account accessible to the employer; and (e) using log-in credentials inadvertently obtained through the employer’s monitoring of corporate electronic resources. Employees or applicants subject to an unlawful demand can recover actual damages in a private lawsuit as well as a $500 penalty, and an award of attorney’s fees and costs. Employers can only require that employees share content from their personal social media accounts in connection with an investigation into workplace misconduct if the investigation is undertaken in response to information received about the employee’s personal social media content and the content is relevant to a factual determination made in the course of the investigation. However, even in that scenario, the employer may not ask for the employee’s login information.