(AP Photo/Damian Dovarganes, File)

Like dominoes tumbling against one another, states are falling into line on the matter of employee and applicant privacy.

Virginia is the latest state, and the 19th to date, to set sanctions for employers that attempt to control employee/applicant account settings.

The state also has adopted one of the weaker password protection laws, but it still offers workers basic protection from online snooping by employers, reports the Society for Human Resource Management.

The protections offered by Virgina include a prohibition against employers for requesting or requiring the disclosure of account usernames and passwords; and a prohibition against requiring workers  to add employer/employer representative names to one’s list of social media contacts.

But the Virginia law does not include protections most other states do. It doesn’t prohibit “shoulder surfing” by management. It also doesn’t prohibit bosses from asking underlings to change social media privacy setting to make all content public. And it definitely falls short on protection in another crucial area: accounts that are somehow work-related.

“The law expressly excludes from its scope accounts that were opened for the employer’s benefit or to impersonate the employer,” SHRM reports. “More specifically, the law excludes online accounts that satisfy any of the following criteria: (a) were opened or set up by an employee for the employer; (b) were provided to an employee by an employer, including the employer’s email account or other software program owned or operated exclusively by an employer; or (c) were set up by an employee to impersonate an employer through the use of the employer’s name, logos, or trademarks. Unlike some password protection laws, Virginia’s law does not exclude personal online accounts that an employee uses for work but were established independently of any involvement from the employer.”

SHRM predicts 2015 will see many more states jumping on the password protection bandwagon.