State lawmakers are moving to ensure that your Facebook password is none of your boss's business.
Ditto for signing on to Twitter, Pinterest and LinkedIn, as well as your personal e-mail.
Without dissent, members of the Senate Public Safety Committee voted Wednesday to make it illegal for an employer to require -- or even request -- that a worker disclose his or her user name, password or any other information about any social media site. That same prohibition also would apply when companies are interviewing job applicants.
SB 1411 would bar a company from firing, disciplining or otherwise penalizing a worker who refused to provide the information -- or even threatening to do that. And firms could not refuse to hire someone who balked.
Sen. Rick Murphy, R-Glendale, said Arizona laws need to catch up with the technology.
"If prospective employers are allowed to demand up front, or even after hiring, demand from their employees their log-in information for their social media, that's a big privacy breach for a typical citizen,'' he said. "And they're really not in a position to object because their livelihood is threatened if they don't comply.''
Murphy said his concern is not so much that employers will be surfing the World Wide Web looking for postings by their current and prospective workers.
He said once someone posts something, it's pretty much for all the world to see. And nothing in his legislation precludes a company from looking at a Twitter posting or a Facebook page, especially if the employee's privacy settings allow anyone to look.
His fear is the mischief that can be done with someone's user name and password.
"Let's say that someone in the human resources office, where that information is on file somewhere, decided that they were upset with me,'' Murphy told colleagues.
"They could impersonate me very easily and post things on my social media,'' he continued. "And I then would have the burden to try to prove that I didn't do it.''
But the plan is getting some kickback. Mike Gardner, who lobbies for both Microsoft and cell phone provider Verizon said his clients have "concerns'' they want addressed.
"We believe in privacy,'' he told lawmakers. "Consumers have a right to privacy and especially those job applicants, when they apply for a job, they have a right to privacy.''
Gardner said, though, this legislation only looks at one side of the issue.
"We also believe that employers have the right to know what's going on in their workforce,'' he said.
Murphy said his legislation does address that.
For example, the legislation would not bar a company from conducting an investigation to ensure compliance with laws governing securities and financial regulation if it had information that a worker was using a personal web-based account for business purposes.
Firms also could impose limits on the use of business equipment for accessing personal e-mail or social networking sites. And they even could monitor a worker's use of company equipment to enforce those policies -- as long as they were not trying to get personal sign-in information.
Gardner said, though, that's not enough.
He said there needs to be a clear definition in the law of exactly what is a worker's "personal account'' that would be off-limits to employer snooping. And Gardner said there are situations where an individual might use the same log-in and passwords for company use as a social media site.
But Sen. Gail Griffin, R-Sierra Vista, sniffed at that latter concern.
"If you're doing a web page or information for an employer, you can change your access code so it's not your personal (one),'' she said. "So that's easily fixed.''
Murphy said he's willing to work with Gardner and other business interests to address their concerns -- but only up to the point where he believes what they want is starting to infringe on individual privacy rights.
He acknowledged his bill still leaves other issues unresolved, such as whether an employer can demand that a worker "friend'' them on Facebook so they can read their postings. Murphy said that's a fight for another day.
"I just want to keep this to what's super obvious: log-in information,'' he said.