Ashley Madison hack shows potential for employers to get drawn into ugly situations
By Jeffrey R. Smith
For many, the Internet is the motherlode of information, entertainment, and interaction. But for some with more nefarious purposes, it can be the source of data that can come back to hurt people.
The hacking of member information for Ashley Madison, the online dating site for extramarital affairs has been in the news for several reasons — one of which is the prevalence of apparently hundreds of email addresses tied to federal, provincial, and municipal employees. And we don’t yet know how many other email addresses there are in the member list that are tied to private employers.
This hacking incident shows that there’s no guarantee of privacy on the Internet — as well as the potential for businesses to get drawn into situations they don’t necessarily want to be drawn into if their employees improperly use the Internet while at or associating with work.
Whether it’s looking at pornography, online gambling, or posting inappropriate material on social media websites, employees can get into trouble by accessing such material at work or on work-related equipment. And employers can get into trouble if this leads to harassment complaints or being associated with activities that could tarnish the company image — such as adultery in the circumstances involving the Ashley Madison website.
Many employers nowadays have computer use policies that indicate what is and isn’t appropriate, and there can be consequences if those policies are breached. And there is an increasing number of cases where employees have been disciplined and even dismissed for online activities that they ought to reasonably have known would harm the employer’s reputation in the community or its working environment. But what if the employee honestly thought certain activity would be kept private?
Many websites like Ashley Madison have security protocols in place to protect members’ identities, for obvious reasons. If the information wasn’t seen as safe, people wouldn’t become members. So while there’s no doubt employees shouldn’t be using email addresses or other information related to their employment for online activities such as dating websites, it’s also reasonable to expect they thought all the information entered on the site was protected. It took skilled hackers to obtain the information. So should an employee in such circumstances received less discipline than someone who posted something inappropriate online that is known to be open to the public?
Is there any reasonable expectation of privacy on the Internet? With some of the incidents of hacking of protected websites that have taken place in recent years, one can wonder. There may not be such a thing as a completely secure website, so entering work-related information may be almost as dangerous as entering it publicly on another site. Maybe the intent is different, though if it all comes to light the effect could be the same.
In determining grounds for discipline or dismissal, it could come down to intent or what the employee should have known. Is it reasonable to expect any privacy online?