Employer Liability for Child Pornography
Not so long ago, "forward-thinking" employers began to embrace the Internet as one of the best work-related tools since the fax machine. They viewed the Internet as an effective means for increasing productivity by providing quick access to readily available resources and information. Early on, employer concerns with Internet usage were limited to relatively innocuous issues -- employees shopping online or visiting their favorite sports or news Web sites. Times have changed, and, in recent years, employers are learning the hard way that employee use or abuse of a company's Internet system can lead to significant liability.
Not so long ago, “forward-thinking” employers began to embrace the Internet as one of the best work-related tools since the fax machine. They viewed the Internet as an effective means for increasing productivity by providing quick access to readily available resources and information. Early on, employer concerns with Internet usage were limited to relatively innocuous issues — employees shopping online or visiting their favorite sports or news Web sites. Times have changed, and, in recent years, employers are learning the hard way that employee use or abuse of a company’s Internet system can lead to significant liability.
Today, the stakes are higher, as the “mere” misuse associated with employee cyber-activities has morphed from online holiday shopping during the workday into using workstation computers to access bulletin boards, chat rooms or blogs that promote hate groups, illegal activity and pornography. Indeed, according to Internet-based statistics, pornography consistently maintains a place as one of the top three searches of all subject matter on the Web.
The statistics are alarming. Web watchers indicate:
- Approximately 70 percent of all Web traffic to Internet pornography sites occurs between the traditional work hours of 9 a.m. and 5 p.m.1
- 2.5 billion e-mails per day are pornographic in nature.2
- 25 percent of all search engine requests are pornography related.3
- More than 75 percent of people at work report having accidentally visited a pornographic Web site, while 15 percent of workers report having “accidentally” visited such sites more than 10 times.4
- Nearly one-third of 1,500 companies surveyed in the year 2000 terminated an employee for inappropriate Internet use.5
These numbers are not surprising. Employees often turn to employers’ computer systems for improper use because most employer networks run significantly faster than the average home computer. In addition, accessing these sites at work allows employees to hide such proclivities from their spouses and other loved ones. Moreover, even though employers are aware of the significant liability they face for hostile work environment claims based on inappropriate cyber-activities in the workplace, many companies still are not taking the time to monitor their systems regularly and take appropriate action. Thus, many employees believe their Internet access remains relatively unfettered by “Big Brother” and continue with their inappropriate activities because they believe their conduct is going undetected.
Equipping employees with computers leaves a lot of opportunity for conduct that could pose the threat of employer liability. The recent scandal involving U.S. Rep. Mark Foley (R.-Fla.) and his use of the Internet to send salacious e-mails and instant messages to underage former Congressional pages is but one example of how otherwise useful business tools can easily be used for improper means. Employee access of seemingly innocuous Web sites such as MySpace or YouTube could become problematic depending on the content of the materials being viewed. And what if your employee uses his computer at work to post libelous messages on blogs or online bulletin boards?
If these scenarios seem farfetched to you, then consider the real-life plight of one particular New Jersey employer — it may encourage you to change the way you police your workplace computer systems.
Trouble in the Garden State
In Doe v. XYC Corp.,6 a New Jersey appellate court ruled that an employer could be held liable to a victim of child pornography based on the actions of one of its employees. In that case, the plaintiff — the employee’s wife and mother of the employee’s 10-year-old stepdaughter — filed a negligence claim against the employer after learning that her husband had been using his workstation computer to view and circulate nude photographs of his stepdaughter. The mother maintained that the employer failed to detect and stop her husband from using his work computer to interact with child pornography Web sites, thereby allowing him to “continue clandestinely photographing and molesting” his 10-year-old stepdaughter. While assigning liability to an employer for child pornography may seem an extraordinary remedy, the court found that the facts presented a compelling case for liability.
Many employers have had concerns about invading employee privacy by implementing monitoring programs; those concerns, however, can be alleviated by having employees sign an appropriately tailored acknowledgment specifically designed to lower expectations of privacy.
Specifically, around 1998 or early 1999 — three years before the employee’s arrest on child pornography charges — the company’s IT department noted the employee had been using its Internet system to access pornographic materials. The employee was told to stop, but no one followed up to ensure he was abiding by the warning. In early 2000, the employee’s supervisor began to track his Internet usage and, again, noted the employee had been accessing pornographic sites. The sites were identified by name, but no one actually confirmed that the sites contained pornography and no one directly addressed the employee’s conduct. In December 2000, a second supervisor concluded that the employee must have been viewing pornography because of the way the employee shielded his screen whenever others passed by. Again, no one appeared to have taken any meaningful disciplinary action against the employee with regard to these observations.
Around March 2001, co-workers’ complaints about the employee’s suspicious computer behavior prompted his immediate supervisor to search Web sites visited by the employee. The supervisor found a number of pornographic Web sites with vividly descriptive titles, including at least one site referencing teenage girls. The employee was warned to stop and, according to company officials, it appeared he had ceased his activities. In mid-June 2001, however, a supervisor noticed the employee was visiting pornographic Web sites yet again, but the supervisor never reported his observations and never addressed the matter with the employee.
Shortly thereafter, the employee was arrested on child pornography charges. The police seized and searched the employee’s workstation computer and found numerous child pornography images, including nude and semi-nude photographs he had secretly taken of his stepdaughter. The evidence showed that in mid-June — around the same time a supervisor had noted his accessing pornography and failed to take action — the employee had used his workplace computer to transmit photographs of his stepdaughter to a child-pornography Web site.
The employee subsequently pleaded guilty to criminal charges relating to child pornography. His (now former) wife sued the company for failing to investigate the employee’s conduct and report his viewing of child pornography. The case initially was dismissed on summary judgment at the trial court level, but the appellate court reversed, remanding the case for trial. In reversing the earlier decision, the appellate court imposed an affirmative duty on the company to report the employee’s illicit activities to the proper authorities and “to take effective internal action to stop those activities. … [The company] was under a duty to exercise reasonable care to stop Employee’s activities, specifically his viewing of child pornography. …”
In reaching its decision, the Doe panel recognized that this was a company with a written electronic communications policy in place; the policy had been distributed to all employees; the policy advised employees that their use of e-mail and Internet systems was subject to monitoring at the company’s sole discretion; and the company had the ability to easily isolate a single user’s e-mails and the Web sites he visited. Significantly, the court noted that “based on firsthand information [from] supervisory personnel,” the company knew or should have known the employee was using his workstation computer to access and transmit child pornography and it did nothing to stop him.
The mother and the company have since reached a confidential out-of-court settlement.
Keeping the Upper Hand
So, what does a New Jersey state court decision mean for you? Although this decision has no binding effect on courts outside of New Jersey, the implications of this decision remain significant nonetheless. At a minimum, this case teaches that employees found accessing, viewing or transmitting images of child pornography via the company’s Internet system should be reported immediately to the proper authorities to avoid liability on the part of the employer. Further, while it may be neither practical nor reasonable to expect around-the-clock monitoring of every employee’s Web activities, defending your company against third-party claims will require a showing that the company has been proactive in taking measures to ensure its systems are being used only for legitimate purposes. The Doe case not only highlights the need for employers to implement effective “appropriate use” policies, but also reinforces the notion that employers must consistently follow through on those policies, taking effective, meaningful action as warranted. Employees who use your systems should be required to sign an acknowledgment of understanding regarding the company’s Internet use policy, including their acknowledgment of the company’s right to monitor materials received, viewed or transmitted via its systems at any time. Many employers have had concerns about invading employee privacy by implementing monitoring programs; those concerns, however, can be alleviated by having employees sign an appropriately tailored acknowledgment specifically designed to lower expectations of privacy. In the wake of Doe, we can expect to see prudent employers who have the capability to do so implementing random surveys of Internet sites visited by employees to ensure compliance with their policies and that their systems are not the conduit for harming third parties.
All in all, Doe reminds employers to do the things they should already know to do: be diligent and consistent, and take meaningful action against violations of the company’s Internet use policies as the circumstances warrant.
“Workplace Web Use: Give ’em an inch …,” Douglas Schweitzer, SearchSecurity.com, Sept. 27, 2004 (citing SexTracker.com, a porn industry consultancy). ↩
Fifty Percent of Workers Spend Nine Days a Year on Personal Surfing at Work, Cerberian Inc. and Sonic WALL, July 20, 2004. ↩
Bissette, supra note 3. ↩
887 A.2d 1156 (N.J. Super. Ct. App. Div. 2005). ↩