Online watchdog NetSafe says the actions of a company pinged for circulating content from her Facebook page would contravene proposed legislation designed to stamp out cyber bullying.
The Human Rights Review Tribunal has ordered Hawke's Bay's NZ Credit Union Baywide (NZCU) to pay former employee Karen Hammond $168,000 for a breach of privacy which caused "severe" humiliation, loss of dignity, injury to feelings and harm to her future career prospects.
NetSafe spokesman Sean Lyons said NZCU's actions were exactly the kind of thing the Harmful Digital Communications Bill was drafted to prevent.
Ms Hammond resigned from NZCU on March 23, 2012 and a week later baked a frosty dessert for her workmate, Jantha Gooding, whom she believed had been constructively dismissed from the company.
The fruit and chocolate chunk cake, inscribed with "NZCU F*** YOU" and "C***S" in pink icing, was taken to a dinner party of 10 friends and an image uploaded to Ms Hammond's Facebook page that only her friends could see.
On April 12, 2012 the NZCU executive team became aware of the cake, but because of the privacy settings could not view the image, but used an employee who was a friend of Ms Hammond's on Facebook to take a screenshot of the cake.
After obtaining the image, human resource manager Louise Alexandra phoned at least four recruitment agencies in Hawke's Bay to warn against employing Ms Hammond and sent them a copy of the photo.
Mr Lyons said NZCU had deliberately accessed Ms Hammond's Facebook page to discredit her reputation, which went "right to the core" of the proposed legislation.
"What [NZCU] has done is gotten hold of [the photo] and used that in a way that's malicious and in a way that's designed to cause harm to someone.
"I think what you're seeing here is a good case of harmful digital communication."
He said the general and generic advice - to not post anything on social media that you would not want your employer to read - still stood.
However, every case of someone accessing information on a private Facebook account had different circumstances, and there was no one rule.
"Yes, [Ms Hammond] made that cake, yes it had those words on it, but it's not like she posted it to harm those individuals. You can argue that's freedom of expression."
Now working as a practice manager for AMP Solutions in Napier, Ms Hammond was "relieved and elated" at yesterday's decision.
"This case has consumed my life for three years. I had to represent myself at the tribunal because NZCU Baywide left me in a position where I could not afford a lawyer," Ms Hammond said in a statement.
"I lost employment opportunities, it caused major grief for my family, the financial impact meant my partner had to leave the region to find work that could sustain us, and the humiliation and stress. The personal impact has been huge."
NZCU chairman Iain Taylor and Mr Earle said in a statement yesterday that the "severe" punishments were accepted, and the credit union were genuinely sorry for the hurt, humiliation and distress caused.
"Unfortunately nothing we can say or do can alter the mistakes made in the past, and the hurt caused to Ms Hammond."
The pair said there was considerable offence taken at what was expressed on the cake by the organisation and its staff, who were "upset and angry".
Chen Palmer partner James Dunne told Radio New Zealand the tribunal's decision outlined the difference between looking at someone's Facebook page and accessing information from it and distributing it.
"It's not how the company got hold of the information, it's what the company did with it then.
"This isn't someone posting something unwise on social media then complaining when their boss finds it. This is someone who's put something that in hindsight they might regret, but their old boss has found it and felt the need to broadcast it out to the world."
He said many breaches of privacy were unintentional, but in this case there was intent.
"It's pretty clear what happened was deliberate."
He said there had been "real damage, and real loss".
Internet law expert Gehan Gunasekara told Newstalk ZB that Ms Hammond's photo should have stayed private and he was staggered NZCU's human resources department thought it was appropriate to share the photo with recruitment agencies.
The Harmful Digital Communications Bill is awaiting a second reading and expected to face little opposition in parliament.
Employers and Manufacturers Association (EMA) chief executive Kim Campbell said the case was extreme and unique but proved any employers who considered trashing a worker's reputation should think again.
"If you do anything with [malicious] intent and don't go through a transparent process, you're liable to get yourself into trouble and ... probably rightly so."
Mr Campbell said the rude cake was only intended for "internal consumption", so to speak -- and the case showed employers should not abuse their power to circumvent social media privacy settings.
"I'd be quite disappointed if there were a lot of employers who set out to wreck people's career in a malicious way."
The EMA boss said a company finding itself in a similar position in future should approach the employer and have a "transparent" discussion.
"Typically you find companies get into difficulties if they act in an arbitrary way and they don't follow well-known and understood procedures."
Mr Campbell said we shouldn't expect to see such high payouts very often in future.
He did not believe the ruling would have a chilling effect on employers using Facebook to vet current or prospective employees. But he said it was a reminder all companies should ensure social media policies were clearly explained to employees.
Mr Campbell said many companies were still struggling to understand social media, let alone articulate a coherent social media policy.
Check out our editorial on the cake case here.