Electronic Monitoring: Employer Had Duty to Investigate Employee's Criminal Online Activities; 3 Protection Steps
Suppose an employer that monitors its workers' Internet use finds evidence that an employee is using company computers to access child pornography online. Does the employer have to investigate the situation and take action to stop any criminal activity? According to a landmark decision out of a New Jersey court, the answer is yes--and an employer that doesn't take corrective action may be liable for harm caused to third parties by the employee's illegal behavior.
Suspicious Computer Activity
The case involved an accountant at the headquarters of XYC Corp. in Somerset, New Jersey. Between 1999 and 2000, XYC's information technology personnel became aware from a review of computer log reports that the employee was visiting web porn sites at work. Also, a co-worker reported that when she walked by the employee's cubicle, he shielded his screen or minimized the browser. XYC admonished the employee one time to stop visiting porn sites, but no further action was taken.
Prompted by a co-worker's concerns about the employee's computer behavior, in February 2001, XYC's network and PC services director finally looked at the sites the employee was visiting and found they contained pornographic material. The following month, after another co-worker complaint about the employee's Internet habits, the supervisor went to the employee's computer, clicked on "websites visited" on the computer, and confirmed that the employee had visited various porn sites, including one that referred to children.
Worker Arrested on Pornography Charges
The supervisor met with the employee and told him to stop the inappropriate computer activity.
The employee said he would stop. But a few months later the supervisor noticed the activity had resumed, but he didn't tell anyone at XYC. A few days later, after a search, based on a search warrant turned up child pornography in the employee's workspace and on his work computer, he was arrested on child pornography charges. The employee admitted downloading many pornographic images and uploading nude photos of his 10-year-old stepdaughter to a child pornography website while at work.
Child's Mother Goes After Criminal's Employer
The child's mother sued XYC Corp. for harm caused to her daughter. She charged that the company knew or should have known that the employee was using company computer resources to engage in child pornography activities and, therefore, had a duty to investigate and stop the misconduct, including by reporting it to police.
Duty to Take Action
Now a New Jersey appellate court has ruled that an employer who is on notice that an employee is using workplace computers to access child pornography--or to engage in some other criminal activity that could harm a third party--has a duty to investigate the employee's activities and take prompt and effective action to stop the unauthorized activity, lest it result in actual harm.
XYC knew or should have known that the employee was accessing pornography at work, in light of the computer logs and the co-workers' concerns. Thus, it had a duty to report the employee's conduct to the proper authorities and take action to stop the offenses, instead of waiting two years. Rejecting XYC's argument that its respect for the employee's privacy rights justified the company's failure to act, the court explained that the employee had no expectation of privacy, especially because 1) XYC had a written policy informing employees that it could monitor e-mail and Internet usage and prohibit improper computer use and 2) the employee worked in an open cubicle so his computer screen was visible to passersby.
The appellate court returned the case to the trial court for proceedings to determine whether XYC's failure to act caused the employee's stepdaughter harm.
This New Jersey case has important implications for employers across the nation. If other courts adopt the reasoning of this case, the floodgates could open for similar lawsuits seeking to hold employers liable to crime victims when the criminal activity was committed by employees using corporate computers or other electronic resources.
Here are some measures to protect yourself and others:
This decision can be accessed here: Doe v. XYC Corp., Superior Court of New Jersey (Appellate Division) No. A-209-04T2, 2005.
© 2014 BLR®?Business & Legal Resources. All rights reserved. Reproduction without permission prohibited.