Why You Can Read Your Employees Emails… But Not Judge Them

Six months ago you might have gotten a dirty look from your spouse for knowing that Ashley Madison is a website with the tagline “Life is short, have an affair.” But this week, you’re off the hook: everyone knows about it. The online hookup service which specifically targets married folks seeking “discreet” affairs was all over the news due to a massive data breach which outed the site’s nearly 40 million users. According to ABC News, a group calling themselves the “Impact Team” released nearly 10GB of information, which included the names, email addresses and sexual preferences of members. Within hours, the database was widely available on the Internet by simply searching the web and people were analyzing the list of names to find their friends … or maybe enemies.


Who Was on The List?

We know your employees weren’t on the list, but plenty of other business owners may have seen a familiar name or two. Journalists report that around 15,000 of the emails used to create accounts on the site were accounts belonging to military or government employees. According to CNN, “some government officials, like the DOJ attorney, did a better job of covering their tracks: they used personal email addresses like Gmail…However, because they accessed Ashley Madison accounts while at the office – or dialed in remotely – they could be identified by I.P. addresses, which were linked to government agencies.” They were using their personal emails which is good … while they were at work. Bad.

When a person uses company email for personal pursuits–scandalous or not–it’s pretty black and white from an HR standpoint. It’s standard practice that employees should not expect privacy when it comes to using company resources. It doesn’t matter if you’re signing up for Martha Stewart recipes, shoe-shopping, or trolling for an extra-marital affair; work email and workplace resources should not be involved. For some, it goes beyond HR and productivity issues. The armed forces has a Code of Conduct which explicitly prohibits adultery, which means serious consequences for Ashley Madison members in the military.


Have You Told Them What’s Acceptable?

In light of the Ashley Madison database leak, top HR professionals recommend that you immediately review your computer and internet usage policies with your employees. Hezekiah Herrera, a diversity consultant and corporate communications specialist says, “I would caution that organizations not embark on a deliberate query of improper e-mail use, but instead issue a reminder of standing policy or institute a signed agreement regarding improper use of company resources, including e-mail.”

Remember to be firm but not draconian. Your employees work hard and if they’ve got long hours, they might need to communicate with family or make dinner plans during the day. We’re not just connected to the workplace 24/7. As Deborah Rhode, a Stanford law professor, points out, “it reflects a culture in which people’s work and personal lives spill over, especially when it comes to technological issues.”

J. Colin Petersen, our President & CEO, can help you with creating or reviewing your policy as a Virtual Chief Technology Officer. Call us at 559-485-4335 to talk to him.

If you’re wondering about your own team’s online activity you can’t pretend that it doesn’t happen. When do you think all that CyberFriday shopping takes place? Your task is to make your policies clear, whether there is absolutely no personal Internet use or there’s an understanding of the occasional need to check on something verses spending all day on Facebook.


Imposing Your Personal Preferences

But what if an employee wasn’t using any company time or resources to hook up on Ashley Madison or to do something else that you personally despise? Top labor attorneys are saying “Don’t ask. Don’t look.” Don’t get carried away and forget that there’s a difference between illegal and immoral. Trying to enforce your personal ethical code on employees’ lives outside of work can become dangerously discriminatory. Or at least unpopular. Ask the CEO of Hobby Lobby.

Yes, as an employer you do have the right to create policies based on ethics, but those expectations must be directly related to an occupational requirement. If you only want to hire people who agree with your belief system, go for it… but good luck being able to back that up in court.

Most Americans agree that signing up for an adultery website is an ‘immoral’ behavior. But what about issues we’re somewhat more divided on as a nation? What if an employer goes looking through the Ashley Madison database, and finds that an employee’s preference is for a same-sex partner, which 2 out of 5 Americans still believe to be immoral? Anne Mitchell – a licensed attorney and CEO of an e-mail reputation accreditation company – says “while many states are so-called at-will employment states, meaning that you can be fired for any reason, or even no reason at all, the issue of marital infidelity is very similar to other sexual preference issues, which are becoming more and more protected all the time.”

Unless you’re a faith-based organization, or the prosperity of your business is directly linked to the personal reputation of that employee, it’s unlikely you’ll be able to prove that having an Ashley Madison account is reasonable grounds for termination. And firing someone based on a legal activity that they engage in outside of work is discrimination, like it or not.

As for deciding to become the Morality Police and search for your employees in the Ashley Madison database, I think you’ll probably just end up wishing you hadn’t.  At the very least, finding an employee’s name could lead you to feel biased against them, even if you don’t intend to.  I agree with Jeremy Ames, president of Hive Tech HR and a member of the Society for Human Resource Management’s HR Management and Technology Special Expertise Panel.  He said “I would rather companies turn their backs and say, ‘This was accessed illegally. Why would we use that? Especially about people’s sexual preferences, et cetera.’ I don’t want to know that stuff about my employees. Trust me.”


How to Avoid the Really Bad Problems

All this being said, you still need to regulate and monitor your employees’ Internet usage; there are serious risks that transcend morality, ethics, or just plain company embarrassment. The issues that you as an employer can regulate and should respond to are:

  • Productivity.
  • HR issues.
  • Network health and security.

Web-surfing for fun, watching cat videos, and streaming movies at work is a serious productivity issue – it’s just not what your employees are getting paid to do. If employees are using company time for personal business and you have a clear policy against that, then it is your right to correct and even discipline employees. Attorney Louis L. Chodoff suggests that you be proactive and make sure policies are up to date. He says “The policy should state that the Internet should only be accessed for business reasons and employees are aware that their Internet usage can be monitored by the company, so that defeats any expectations of privacy that they may have.”

There are tools that we can implement if you want to monitor your employee web-surfing or even block certain websites. Call J. Colin Petersen, our President & CEO, to find out how we can implement this.

HR Issues
It can also create a hostile work environment if an employee or a customer becomes exposed to suggestive or offensive materials they see on another employee’s monitor while they’re trying to get work done. Even though you may not be aware it’s going on, as an employer you will be held liable for failing to prevent it from happening or from addressing the potential problem with your policies.

Network Health
From our perspective, the biggest problem is that employees surfing the darker side of the web puts your computer network at significant risk. Porn sites are, ironically, rampant with viruses and malware. Warez (illegally copied software) and BitTorrent (for large file sharing) sites are a massive cybersecurity issue. To get the files, BitTorrent users open their computers up to a protocol that can allow someone else to “spoof” their IP address and use that computer for activities like denial-of-service attacks, which uses up your bandwidth and again, opens up your network to viruses and malware.

If you’re wondering why your network slows down every day at 2 p.m., check to see if the guy on the late shift in shipping is plugging in his laptop to stream movies all day (true story – we found this was the issue for one of our new clients). If your employees are surfing these kinds of sites during the work day, it is guaranteed to be a major cause of many of your business network problems. Your network will be exposed to hackers, malware, viruses, and everything bad that’s on the Internet. It reduces the reliability and stability of your network and puts your business at risk.


Let Us Be the “Bad Guys”

You can avoid the whole problem of having to tell people what not to surf during the day by letting our tech team create filters, add extra firewall and malware filters, and monitor your network for unauthorized and unhealthy Internet usage by employees. We’ll be your detectives in pinpointing the source of problems or finding out where all the bandwidth is going.

Call us if you want to protect your business network and your employees from the risks of indiscriminate Internet surfing.