The online cheating website, Ashley Madison, has plagued headlines the past couple of weeks after hackers posted details of millions of online users. This massive privacy breach has raised some unique questions, especially for employers whose employees apparently used their work e-mail addresses as part of the registry process for the website or accessed the website during work hours.
The Ashley Madison data breach has sent public and private employers checking e-mail addresses tied to the Ashley Madison website, as well as checking to see if the website was accessed during work hours.
However, trying to decipher what punishment, if any, the employee should receive places the employer in a problematic situation. Clearly, employees who used their employer’s computer to post to the website or utilized the site during the workday are more vulnerable to discipline than those who used their own computer on their own time. Nonetheless, deciding on how to discipline an employee can be challenging for a variety of reasons.
First, most employers will face issues trying to prove that the e-mail address registered with the site does indeed belong to the employee in question. Ashley Madison does not require e-mail addresses to be verified, so an individual could use another person’s e-mail address to sign up and log on.
Secondly, most employers permit employees to engage in limited or minimal “personal reasonable use” of their work e-mail accounts and computers.
Lastly, being a member of the Ashley Madison website is not illegal and could be treated similarly to staff utilizing work e-mails to establish their Facebook account or to access their Facebook account during their work day.
What To Do If Your Employee is On “The List”
Employers should not rush to judge their employees or provide them with a lesson in morality. Employers should ensure that their policies which address e-mail usage are current and clear and inform their employees that their employer-provided work computers and internet access only may be used for business purposes, and remind them that the employer may access and monitor their internet use.
Finally, it is the best practice to circulate these policies to remind employees of the proper usage of their e-mail addresses and their work computers. If your policy does not address e-mail usage or computer uses during the work day or is ambiguous in nature, you should consult with your attorney so that the policy may be revised to clearly state the expectations of the employer.
The Eastern Pennsylvania Employment Log (EPELog) is a publication of the KingSpry Employment Law Practice Group. Jeffrey T. Tucker, Esquire, is our editor-in-chief. EPELog is meant to be informational and does not constitute legal advice.