Employment and Migration Blog

The Ashley Madison hack: the employment law implications

Posted by Lisa Qiu on 26 Nov 2015

The Ashley Madison hack a couple of months ago had far wider-reaching implications than potentially revealing the infidelities of more than 30 million users. It also has employment law implications.

The hack raises questions about the improper use of company email and internet facilities by employees. Do you know what “acceptable use” of your work email or internet really means? What happens if you have a personal tablet or mobile phone or laptop that you also use for work related purposes from time to time? Does that mean that the footprints of your personal usage are also downloaded to and kept on the company’s IT system? Can you be held accountable for things that you do in your own personal time, but that are downloaded to the company’s IT system?

It’s important to have a proper understanding of your privacy rights and vulnerabilities when it comes to using the company’s email and internet system, and of your own devices for work purposes. When I first started working in a law firm, I was told by my IT manager not to do anything on the work computer, including sending personal emails from my personal email account, that I wouldn’t want people to see if I were the Prime Minister. This was in the context of the emails Julia Gillard had sent while working as a lawyer for Slater & Gordon, many years before.  No matter how insignificant an email or Google search may seem at the time, you never know when something you did via email or on the internet at work, is going to come out of the woodwork and jeopardise your career, social standing and/or reputation.

Most employers have rules in relation to use of the company’s email, internet and IT system in general. These rules are usually found in a policy, if not embedded in the employment contract itself. While most employers recognise that employees will email from work for personal purposes, there are generally restrictions on how much time can be spent on personal matters, and when that time should be spent, for example, before or after hours, or during lunch breaks.

However, it’s important to understand that allowing personal use of the company’s electronic systems does not mean that the company waives the right to monitor or view those emails or your internet browsing history. When you use your employer’s system, you are often providing your employer with the right to access, monitor and review correspondence or activity that you might otherwise consider to be private.

If your company’s stance on email, internet and IT usage is unclear, the first thing to do is to contact your supervisor or IT manager and clarify what your position is, and what exactly they can access and monitor, especially if you use your personal electronic device for work related purposes, even if it’s a sporadic check of your inbox while you’re on the train.

If your position is still unclear, or if you’re an employer seeking to clarify the company policy on email, internet or IT usage, feel free to contact our Employment Law Team.

If you want to read up on how the Ashley Madison hack impacted family law matters, have a read of our family law blog article