Employee breaks law on work computer: Company liable?
December 22, 2008 by Sam NarisiPosted in: Employee computer use, Security and law, Special Report, Uncategorized
It’s no secret: Employees often use their workplace computers for non-work purposes. But when an employee does something illegal, is the company liable because it owns the equipment?
It depends on the company’s knowledge of the illegal acts.
In one court case, a New Jersey man was arrested on child pornography charges after sending pictures of his step-daughter to several Web sites.
The man used his office computer to upload the photos. His wife sued his employer for negligence, claiming the company should’ve known what was going on and notified law enforcement. If it had, the crime could’ve stopped earlier.
According to the court, the company would be liable if it knew about the illegal conduct and didn’t stop it. So the key question was: What did the company know?
For roughly two years, the man’s supervisor and members of the IT department had been checking his Web browsing history and saw the porn sites listed. Yet nothing was reported, the employee wasn’t fired or even disciplined, and no further investigation was conducted.
The court decided in the woman’s favor, ruling that the company had a duty to report the conduct and was liable for negligence (Cite: Doe v. XYC Corp.).
Liable when they don’t know?
In other cases, companies have avoided liability because they weren’t aware of an employee’s illegal activity.
In a recent case, an employee was severely harassing his neighbor. When police investigated, they found he had used his work telephone and computer to make nasty phone calls and post disparaging comments online about the neighbor.
The neighbor sued the employer for not stopping the harassment. But the judge didn’t buy it.
There was no evidence his manager or anyone else at the company knew what was happening. Therefore, there was no reasonable way to expect the company to do anything about it. The case was thrown out (Cite: Sigler v. Kobinsky).
The bottom line: If managers or IT staff are aware of illegal computer activity, the company may be liable if it isn’t reported. But employers likely won’t be on the hook for conduct they couldn’t have foreseen.
View all the Latest StoriesTags: liability, monitoring, negligence
December 23rd, 2008 at 1:18 pm
It seems that this confirms that the policy of “hear no evil, see no evil” is beneficial to companies and rewarded by our justice system. So now every company CEO has an excuse to “bury the corporate head in the sand” rather than looking for problems and solving them.
December 23rd, 2008 at 2:37 pm
I disagree. Going to court to fight off these lawsuits is more costly than reporting the behavior when it’s discovered. In fact, hiring a person full time for the sole purpose of monitoring may be less costly than one settled lawsuit. Not every company has the ability to add an FTE just for monitoring, but I think my point is clear.
December 24th, 2008 at 10:15 am
Mike R, I disagree. Companies have no obligation to be police officers for their employees. Certainly knowing about something and not reporting it is one thing, but being responsible for ferreting out criminals can not be at the top of a company’s to-do list. They are in business to do whatever it is their mission is and it would be extremely difficult, especially in the current economic climate, to spend precious resources on policing employees.
December 24th, 2008 at 10:44 am
I see the court decisions as being the opposite of what Mike R. seems to state. The message sent by the Doe v. XYC Corp decision seems (to me) to be if you “bury your corporate head in the sand” you will NOT be able to defend your actions. It also seems to clearly convey to employers that they must take action when they find inapproprite/illegal activity, i.e., not bury their head.
In the case of Sigler v. Kobinsky I don’t think the company was burying its head. It seems that the employee’s behavior was likely conducted in a manner that was not known to his supervior/manager or management.
Both court decision seems appropriate to me.
December 29th, 2008 at 12:07 pm
In the first instance, the company took measures to check on its employees (web use) and lost a court case for not reporting it and taking action. Granted, had they reported the suspected illegal activity, they may have been okay. In the second case, the company had no process to check the employee’s cell phone use and was cleared in court.
This is an example that if a company is going to be vigilant, then they HAVE to be the police and report suspected problems or face a losing court case. However, if the company chooses not to be vigilant, then they have a viable excuse.
Show this article to your President/CEO and then ask to implement a program, any program, that would gather information on employee activity that could result in higher potential liability for the company.
By the way, I agree with both court decisions. I just see that this will make it harder to implement methods to monitor employee behavior on the job, without increasing the company liability.