Earlier this year, news broke that hackers had uncovered private details from the dating website Ashley Madison, and last week the information was leaked onto the dark web. The news has haunted many as the website touches on an individual moral debate.
Ashley Madison is a ‘cheating’ website who coin the phrase ‘life is short, have an affair.’ As you can imagine, the news that hackers had the information of more than thirty-seven million users was not good. Of these users, it’s been reported that almost one million are Australians.
The leaked information is hefty and reportedly includes details from passwords, credit cards and transaction details, emails and home addresses. While many could hide behind fake names and addresses, the payment details are enough to catch a user out.
Consequences of Leaked Data
The consequences of the leaked data are obvious on a personal level, with embarrassment the first thing that comes to mind, the implications could be far more severe. As ITWire pointed out in an article last week, “Many people will face embarrassment, professional problems, and even divorce when their private details were exposed.”
On a professional level, there’s been a large increase in the blurring between our workplace and personal lives thanks to advances in technology. The internet and social media has made it very easy to uncover additional information about employees. Recently, we’ve seen many cases of unfair dismissal due to public posts on social media forums by individuals whose employers don’t agree with the sentiment in the posts.
Workplace Issues Arising From Leaked Data
We highlight that the workplace issues arising from information obtained in last week’s hack fall into two categories Under the first category, if you find an employee has been outed as a member of Ashley Madison, there are a few questions you need to ask:
Does this have a sufficient connection with their employment?
Is it inconsistent with their duties?
Does it give rise to reputational harm to the business?
If the answer is yes to any of the above, there may be grounds for disciplinary action or dismissal. However, there may be complications arising from privacy issues associated with the leak, and if the employee has unfair dismissal protections, the courts will look at fairness in all the circumstances of that particular employee’s case if the employee is dismissed.
The second category is different and concerns workers’ misuse of company time or resources. We know, for instance, that many emails registered with the site and revealed in the leak were work email addresses. It’s not too much of a leap to guess that the likely reason for this – to avoid any evidence on a home computer accessible by the employee’s spouse – would also be a reason why employees would spend their time on the Ashley Madison site at work rather than at home.
This second category, in particular, is where having well-drafted policies can help your workplace to keep on top of any online scandals. A structured code of conduct, as well as a computer and internet policy, outlining what is and what is not appropriate use of workplace resources will ensure your employees know what is acceptable behaviour to follow in the workplace. It will also significantly improve the prospects of defending any legal action the employee might commence.
Perhaps more importantly, last week’s events highlight the need for all employers to have well drafted computer surveillance policies in place. Many employers in New South Wales and the ACT might be surprised to hear that they have no right to search work email accounts or online web browsing activities of their staff – unless they have a workplace policy in place explicitly setting out how they may undertake such surveillance. Employers must also train staff in relation to that policy, and issue written notifications to staff at least 14 days in advance of any surveillance (which is usually best included in a comprehensive employment contract).
If an employer does not already have these measures in place it may be severely limited in the investigations it can undertake.
Employers can’t impose morality on employees, however a policy outlining how an employee is permitted to use work resources, and what surveillance the employer may undertake of their computer habits, can greatly assist as data hacks like Ashley Madison leak in the future.