The next time you pop into a colleague's office and he scrambles to shield what's on his computer, you need to run, not walk, directly to the nearest company lawyer. That is because, for the first time, an appellate court held that knowledge of an employee's use of the Internet at work to view pornography imposes a duty upon the company not to look the other way.
The numbers are alarming. For 2003, Healthymind.com reports $2.5 billion of the $12 billion domestic sex industry was Internet porn, with 100,000 Web sites offering illegal child pornography. And, 20 percent of men and 13 percent of women admit accessing pornography at work, with 70 percent of all porn traffic occurring during the workday.
Filters preventing access to sites often end up filtering out harmless words or images incorrectly classified as lewd. For this, as well as privacy concerns, many businesses do not block Internet access, relying instead on policies discouraging inappropriate company computer use, as well as verbal and written warnings to violators. The defendant in our case study followed the latter path with unfortunate consequences.
XYC Corporation employed 250 at its New Jersey headquarters, with its "employee" at issue an accountant working in a cubicle without doors. In 1999, an IT employee found the employee had been visiting porn sites. The IT department told him to stop and notified his supervisor, but did not report the activity to superiors. Secret monitoring of Internet activity confirmed the employee was still visiting porn sites. The IT director, when notified, admonished employees not to monitor anyone's Internet activity again.
In 2000, there were reports that the employee was acting "strange" in shielding his computer screen. Suspicions that he was visiting illicit sites were confirmed in 2001 by the IT director and by senior managers who found child pornography. They discovered the employee had been posting images of his 10-year-old stepdaughter to a child pornography site. Authorities arrested him and seized the computer, finding thousands of pornographic images, including child pornography.
The minor's mother sued XYC, alleging it had breached its duty to report the employee to authorities for his child pornography computer activity. The mother claimed the company's failure enabled him to continue secretly photographing the stepdaughter and molesting her.
While a trial court dismissed the lawsuit, holding that XYC had no duty to report the employee's activities to authorities, the New Jersey appellate court reversed the decision. Here, the court held that, if the employer knows an employee is actively engaged in child pornography at his workstation but takes no steps, other than verbal warnings, to stop the activity, the employer may be held responsible for the foreseeable harm to an innocent third party. This case represents an atypical, but logical, extension of the still-developing law imposing civil liability on an employer for the criminal conduct of an employee.
The difficult cases will be those where the nature of the employee's conduct is less certain. There are sure to be instances of underreaction and overreaction. In the meantime, employers need to ensure employees are informed that work e-mail traffic and Internet access constitute property belonging to the company, and there can be no expectation of privacy. If you are suspicious of an employee--take matters into your own hands. Don't let someone's criminal, dirty little secrets go unnoticed and unpunished. It's your legal and social responsibility.
PHILIP KIRCHER is co-chairman of the commercial litigation department at the law firm of Cozen O'Connor.
March 1, 2007
Copyright 2007© LRP Publications