By DAN REYNOLDS, senior editor of Risk & Insurance®
Many view the Internet is an illuminator. Through it we can communicate instantly across continents and conduct research on any number of topics at the press of a button.
But, as risk managers, law enforcement officials and others would also attest, the Internet has also become a place where the forces of darkness roam freely. Among the sordid--and morbid--activities that occur there, young people are lured into encounters with sexual predators. Others have taken their own lives, streaming images of their demise in real time.
Occasionally, the Internet is the place where people openly declare their violent intent. In some cases, those worldwide postings take place well before the poster takes his or her last drastic actions.
Having a look online to see whether an employee or student is disposed to violence makes sense, but from a legal standpoint, monitoring the Internet for signs of trouble is a tricky pursuit. For one, there is very little case law to advise a risk manager, an employer or other administrators on what constitutes illegal electronic monitoring.
"I can tell you that there are cases out there and I can't say that they are uniform, nor do they necessarily provide a lot of guidance," said Sheri Pastor, a partner in the Newark, N.J, offices of McCarter & English, a leading insurance recovery law firm.
"Our review has disclosed very few cases that deal with that topic," said Chris Parlo, a New York-based attorney with another big insurance recovery firm, Morgan, Lewis & Bockius. "I suspect that there will be many more over the next few years as this area of the law continues to develop," he said.
The two lawyers point to a couple of cases that look like starting points in this still-developing legal infrastructure.
In 2000, the New Jersey Supreme Court ruled unanimously in a work harassment case involving Continental Airlines that employers should take action to remedy online harassment when found but do not have a duty to monitor the private postings of employees.
In another New Jersey case, in 2005, a judge ruled in the case of an accountant who was accused of posting nude pictures of his 10-year-old stepdaughter online that employers do have a legal obligation to monitor and refer to the appropriate authorities the documented at-work Internet use of employees who are behaving in a manner that is illegal or could pose a threat to others.
"One of the issues that you run into is you're almost damned if you do, damned if you don't," Pastor said.
Sometime soon, probably this month, United Educators, the Chevy Chase, Md. risk retention group that provides insurance coverage and risk management consultation for educators, will publish a white paper on the formation of threat assessment teams.
In the context of a university setting, threat assessment teams as defined by United Educators are cross-disciplinary groups of between five and 20 staff members, the goal of which is to collect information on students who might be a threat to themselves or others.
Part of the insurer's study, which was written by United Educators' Risk Counsel Alyssa Keehan, focuses on steps university threat assessment teams can take once they've identified a student who appears at-risk for self-destructive or some other potentially violent behavior.
Those steps include the suggestion that a search of social networking sites might provide more information on what the troubled student is considering.If troubling information does surface, the white paper advises, that's a good time to order a full inquiry on the student. One of the goals of threat assessment teams and Internet monitoring is avoiding a replay of the April 2007 mass shooting at Virginia Tech's Blacksburg, Va., campus that left 33 people, including the gunman, dead.
At the same time, such searches run the risk of invading a student's privacy.
In the absence of clear case law, the electronic monitoring policies universities develop and how they communicate them become all the more important.
United Educators recommends the dissemination of a threat assessment team's policies and intent to all the members of the university community responsible for gathering and reporting data on potentially troubled students. That can include live workshops or presentations, online training programs and public service announcements using all available local media.
Universities are populated not only by students, but by adults as well, who are employed by the university and have their own set of expectations about privacy. That's why forming threat assessment teams from staff members across various disciplines and from various departments is a good idea. "I think airing the issues among a larger group can only help," said Morgan Lewis's Parlo.
Make no mistake, though. The amount of data now available on the Internet is vast and the resources of universities and other employers comparatively limited.
So, what does the future hold? Will universities and other employers eventually employ supercomputers that can sift through their student, staff and faculty postings for signs of trouble, as Parlo suggests only half in jest?
Will universities have any luck in their nascent attempts to educate students about what they should and shouldn't post on the Internet? Common sense and available data suggest that the universe of risk this issue is going to create is going to grow ever wider.
More litigation is inevitably coming, and university risk managers and the threat assessment teams they end up forming would do well to be as clear and as widespread as they can be in communicating their risk management goals to their constituents.
September 15, 2009
Copyright 2009© LRP Publications