Has anyone not heard of the Ashley Madison fiasco? And what are the implications for employers and the use of their equipment, systems and employee time?
Just in case you live on Mars and haven’t heard, Ashley Madison (according to www.ashleymadison.com) “is the world’s leading married dating service for discreet encounters” … “the most famous name in infidelity and married dating” and “…the most recognized and reputable married dating company (sic).” “Ashley Madison is the most successful website for finding an affair and cheating partners. Thousands of cheating wives and cheating husbands signup everyday looking for an affair.” You get the idea; it’s not complicated.
So if that isn’t naughty enough, hackers hit the site earlier this month, lifted personal information on 37 million registered users, and then released this to online venues for public enjoyment and exploitation. The now publicly-available information includes member names, e-mail addresses, personal profiles, credit cards, street addresses, phone numbers, likes, dislikes and sexual preferences – such as gay or straight. What a surprise this may be to spouses – but how should employers react?
First, it is obvious that many Ashley-Madison users were looking for sex partners while at work, on company time. For example, around 15,000 of the email addresses had .gov or .mil suffixes. (Yes – another shocker – government workers pursuing personal pleasures while we thought they were working, and at taxpayer expense). Some of these users were involved in sensitive and confidential projects with the White House, law enforcement agencies, and Congress. Despite the legality of these encounters, the stage was set for blackmail, as feared for decades by the government. And now the curtain has been lifted on millions of naughty workers.
But should employers seek out this hacked database to see if employees or company email addresses are involved? The short answer is “no” according to some experts, unless specific situations are brought to the attention of management. This might involve media mentions or complaints by customers, other employees – or their spouses. Then, the reaction depends upon many factors, most involving whether company policies were breached, and if errant employees had a reasonable expectation of privacy. Employers would then need to begin an investigation by considering if there was improper use of company time and assets, or disclosure of confidential information. Remember: be consistent in all ways.
But the hacked database is being seriously investigated by at least some employers, and state governments in Arizona, Illinois and Ohio (at last count) have run searches and verified that state email addresses are indeed registered at Ashley Madison. When this is discovered at your company, enforcement must be consistent and by-the-book, or your employee handbook could be challenged and considered of no force and effect.
Further, both the Ashley Madison and Hillary email imbroglios put these issues into the spotlight, and companies should update email and Internet usage policies, clearly stating that neither company time, assets, intellectual property (email addresses) or information systems (such as email and Internet access) may be used for personal purposes.
Finally, make sure that all employees understand that while at work, there is “no expectation of privacy.” Anything they do online or with email (at least on company premises during business hours) is available for viewing and evaluation by management. If employees have outside interests such as cheating, this must be done 100% on employee time – even if this increases the risk of discovery by the other spouse.