Employers Have Duty to Monitor Employees’ Electronic Communications to Prevent Harm to Non-Employees

Our newsletter primarily focuses on Texas lawsuits. We recently, however, learned of a disturbing New Jersey case that may soon be making its way to Texas courthouses and thought you should know about it.

The case involved Internet misuse by an office employee. Specifically, the employee, John Doe (“Doe”), between the late 1990’s and 2001, repeatedly accessed pornography sites on his company computer. The company’s MIS managers confronted Doe about his access and instructed him to refrain from accessing those sites. The MIS managers did not report the incident to Doe’s superiors or Human Resources. Nor did they take any other action against him.

About a year later, Doe’s supervisor suspected he was again accessing pornographic web sites and asked the MIS team to investigate. Their investigation disclosed that Doe had been accessing pornographic sites, including one called “Sextracker.” Management, however, took no action against Doe at that time and chastised the MIS team for snooping into Doe’s personal life. Shortly thereafter, management began receiving reports from coworkers regarding Doe’s suspicious shielding of his computer screen. Doe’s superiors confronted him and instructed him to refrain from further pornographic web surfing which he agreed to do.

You can probably guess what happened next. Doe, contrary to his promise, did not stop his sexual Internet surfing. Worse yet, he used his company computer to download and transmit nude pictures of his ten-year old stepdaughter to a child pornography site. Doe was shortly thereafter arrested and confessed to having downloaded some 1,000 pornographic images on his company computer during the preceding four years.

The issue before the Court was whether employers have a duty to monitor employees’ computers to determine if they are being used for illegal purposes. The Court concluded employers do have such a duty, as well as a corresponding duty to promptly investigate and correct such misconduct. The Court found that the employer violated its duty in this regard and was liable to the stepdaughter for the harm she suffered as a result of Doe’s sexual victimization.

This case is unusual in that most computer-related lawsuits involve employee invasion of privacy claims and focus on an employer’s right to monitor employees’ electronic communications. This case marks the first time a court has held that employers have an affirmative legal duty to monitor electronic communications to determine if employees are engaging in illegal activity and to take immediate corrective action to stop all inappropriate activities detected.

The Court’s ruling is analogous to those we see in state and federal discrimination and harassment lawsuits holding employers have a duty to promptly investigate known or suspected discrimination and harassment and to take prompt remedial action to correct the discriminatory or harassing behavior. This case, however, takes these holdings a significant step further by extending this duty to non-employees outside the workplace. What the Court has really done is make a computer comparable to a company car. If an employer suspects an employee is recklessly operating a company car (i.e. the employee is driving the car while intoxicated), but takes no steps to verify that suspicion, the employer will be liable to any third party injured as a result of the employee’s recklessness (i.e. intoxication).

Hopefully, this is a case of bad facts making bad law, but Texas employers should be on the lookout for copycat cases. The upshot of this decision is that employers should have solid policies in place advising employees that their computers will be monitored. Employers must also be sure to actually monitor employee communications consistent with those policies. Failure to do so could well result in liability to unknown third parties injured by an employee’s electronic misdeeds.