If Stack Overflow, Inc did this to an employee, they would be in violation of employment law and it would become a case of criminal wrongdoing. The company would face fines and punitive measures, as well as a thorough investigation into their employment practices.
Unfortunately, moderators are volunteers and have little to no federal or state protection.
A civil case can and should be pursued immediately and vigorously, but that is up to the two parties involved.
This is abuse, plain and simple, and the company must be held accountable for violations of privacy at minimum. It should be relatively easy to show that they've violated their own privacy policy: https://stackoverflow.com/legal/privacy-policy
Which all moderators have agreed to abide: https://stackoverflow.com/legal/moderator-agreement
Update:
Stack Overflow, Inc, representative Sara Chipps responded to a reporter for an EU publication asking about this situation.
This may constitute transfer of personal private information between the US and the EU, and should have followed Stack Overflow's internal processes for complying with the EU - US Privacy Shield Framework. Per their privacy policy,
Under certain circumstances, you may invoke binding arbitration to determine, for residual claims, whether Stack Overflow has violated its Privacy Shield obligations, and whether any such violation remains fully or partially unremedied. Stack Overflow has further committed to refer unresolved Privacy Shield complaints to the PrivacyTrust Shield Program, an alternative dispute resolution provider located in the United Kingdom. If you do not receive timely acknowledgement of your complaint from Stack Overflow, or if we have not addressed your concern to your satisfaction, please contact us: privacy (at) stackoverflow (dot) com or visit https://www.privacytrust.com/drs/stackexchange or at the contact information provided below.
Thus it's important for those who find themselves in a similar situation to immediately contact the privacy officer even if they are not interested in legal processes because the company needs to correct an internal fault to prevent it from happening again.
It is about correction and preventing future damage, not about blame and prosecution, so even those not interested in pursuing legal challenges have a duty to report possible violations they discover or are subject to.
CONTACT US
General Contact Information
Privacy Officer
Privacy Officer, 110 William Street, Floor 28, New York, NY 10038, privacy (at) stackoverflow (dot) com, phone: 212-232-8280 Privacy Shield
Privacy Trust, Communications House, 26 York Street, London, W1U 6PZ EU Representative
Privacy Officer, Bentima House, 168-172 Old Street, London EC1V 9BP, privacy (at) stackoverflow (dot) com, phone: +44 (0) 20 3349 1000
Note also that this may constitute a violation of the GDPR. While its intent is to protect citizens of the EU, it's quite possible that the protections are broad, enough that Stack Overflow may beis subject to them, and that theyit may shield moderators based elsewhere in the world. Either way it's worth investigating to make sure they are in full compliance with the GDPR.
