New Jersey Law Journal August 26, 2002
Copyright 2002 NLP IP Company - American Lawyer Media
August 26, 2002
BYLINE:By Jonathan Bick The author is of counsel to Brach Eichler and is an adjunct professor of Internet law at Rutgers and Pace law schools. He is also the author of 101 Things You Need To Know About Internet Law (Random House 2000).
The author is of counsel to Brach, Eichler, Rosenberg, Silver, Bernstein, Hammer & Gladstone of Roseland and is an adjunct professor of Internet law at Pace Law School and Rutgers Law School. He is also the author of 101 Things You Need To Know About Internet Law (Random House 2000).
Using the Internet, employees can copy and distribute confidential information from their office computer, send sexually harassing or threatening messages via e-mail, obtain unauthorized access to another's computer and engage in fraudulent activities. And the recent Princeton-Yale Web-hacking scandal shows that unlawful Internet behavior by employees can adversely affect organizations that are outside traditional commerce.
Although most employees who engage in such activities are doing so contrary to their employer's interests, employers may still be responsible due to strong public policy that supports the imposition of liability on employers for an employee's wrongful actions. As early as 1909, the Supreme Court, in New York Central v. United States, 212 U.S. 481, the Court found that a corporation could be held criminally liable for the acts, omissions or failures of an agent acting within the scope of his or her employment because the corporation acts only through its agents or employees whose knowledge and purpose may be attributed to the corporation.
The Court went on to find that since corporations are purely legal entities, they cannot actually act or intend an action. Thus, the Court focused on the employees of the corporation as a means of imputing intent and guilty acts to the corporation -- the doctrine of respondeat superior.
To be within the scope of employment generally means the employee's conduct is of the kind that the employee is employed to perform and that generally occurs during the time of employment. It is also helpful if the activity in question serves, at least in part, the objectives of the employer.
Courts have limited the situations when an employer may be liable for the wrongful acts of its employees, generally holding that acts that are purely motivated by personal interests or that are outrageous in nature are to be considered outside the scope of employment.
But courts have been willing to amplify employer liability in situations where the employee's acts only benefit the employee. Thus, courts have found that an injury may be deemed to arise out of one's employment if its origin is in some way connected with the employment so that there is a connection between the employment and the injury. Thus, an employer may be vicariously liable when one of its employees harms another due to the opportunity offered by the job.
Alternatively, in cases where an employee's tortious conduct cannot result in any violation under respondeat superior, courts have been willing to recognize the negligent-retention theory.
The negligent-retention doctrine holds employers liable under a completely different theory of negligence when the employer negligently retains or manages the employee tortfeasor.
An employer is potentially liable under this cause of action even when the employee was not acting within the scope of employment. Negligent retention is based on the fact that an employer is responsible when that employer places an unfit person in an employment situation involving an unreasonable risk of harm to others. Alternatively, negligent retention is used when an employer fails to properly oversee the conduct of an employee subject to his control.
The Internet has been used in numerous unlawful activities, including larceny, embezzlement, abuse of trade secrets, fraud, libel, harassment, securities fraud, trespass and intellectual property infringement. In many situations an employer may be held liable for employees participating in these types of activities.
Among the most prevalent (and most preventable) difficulties facing employers due to employees' misuse of the Internet is sexual harassment. E-mail provides an ideal medium by which to harass persons in the workplace as well as those outside the workplace.
Typically, employees use the employer's Internet service provider to find obscene material and the employer's e-mail to distribute it, thereby making the company vulnerable to sexual harassment charges. The most common charge resulting from such activity is that a hostile work environment was created, which the Supreme Court has ruled is a form of sexual discrimination. See Meritor Savings Bank v. Vinson, 477 U.S. 57 at 66 (1986), which found that an employer may not need to have actual notice of improper conduct of an employee to be held liable for the employee's acts.
Several well-known corporations have already been the subjects of lawsuits based on claims of Internet-related sexual harassment. Typically, the employers' failure to properly control e-mail use results in a finding adverse to the employer.
The legal doctrine of respondeat superior is also the basis for an employer's liability if one of its employees uses the company's technology to engage in securities fraud. An employer's liability may arise simply from an employee's use of the employer's Internet access or e-mail system to commit a securities crime.
For instance, an employee of a firm that provides information about stocks could engage in securities fraud by distributing an Internet press release targeted at a particular publicly traded company and profiting from the value change in that firm.
Alternatively, using the Internet, an employee may disclose confidential information that influences an investor to buy or sell his or her shares in the corporation's stock.
A Federal district court in Seolas v. Bilzerian, 951 F. Supp. 978 (1997), held that the application of respondeat superior in securities fraud cases was consistent with congressional intent.
It is clear from the legislative history associated with amendments to the Securities Exchange Act of 1934 that even though Congress did not specifically identify the Internet as a form of covered communication, it is covered nevertheless. Thus, respondeat superior under the standards established by the court will not be applied any differently to an employer merely because the method that their employees use to commit fraud is the Internet.
In addition to civil liability, an employee's Internet activities may expose an employer to criminal liability. It has become increasingly common for companies to be held criminally accountable for the misdeeds of their directors, managers, supervisors and employees, particularly when a company fails to establish and enforce corporate policy.
It should be noted that the courts do not impose strict liability on employers for the actions of rogue employees. Under the doctrine of respondeat superior and negligent retention, there are elements of foreseeability and negligence.
To reduce the risk of liability, the employers should take three actions. First, they should adopt appropriate Internet-use policies and procedures prohibiting illegal and wrongful Internet conduct. Second, using notices and training sessions employers must make employees aware of the organization's Internet-use policy. Third, employers should enforce that policy by taking prompt action in the event that they become aware of illegal or wrongful activity of their employees.
A properly prepared and fully implemented policy is among an employer's best defenses against liability under respondeat superior.
An appropriate Internet-use policy should be tailored to reflect the specific needs of the employer. However, most Internet policies will have common elements. Most should emphasize that Internet use is for business purposes only and that sexual harassment is strictly prohibited. Employees should be informed that adherence to the Internet policy is a condition of employment.
Like an organization's sexual harassment prevention policy, the Internet policy should be in writing and be easily accessible to employees, particularly on the computer they use to access the Internet. A copy of the policy should be distributed to each employee, signed by the employee, and placed in the employee's personnel file. In short, it is important that the policy include a provision that the employee understands and agrees to follow the organization's Internet policy.
To increase the likelihood that an organization's Internet policy will be able to shield the employer from liability, it must be known by the employees and enforced by the employer. It is advisable that, as part of an employer's Internet access, employees should be notified that their Internet use is governed by the employer policy.
Employers who want to avoid liability should take prompt action in the event that they become aware of illegal or wrongful activities of their employees.
The following is a sample Internet-use policy statement. As noted previously, customized Internet-use policies are most effective. However, the example below contains elements common to many such policies.
The following is a statement of Example.com's policy for Internet use by Example.com employees and others authorized by Example.com to access the Internet via the Example.com network ("Example.com users"). The purpose of such a policy is to minimize the risks associated with Internet use without inordinately limiting its use.
Authorized Purposes -- Example.com users may access the Internet through the Example.com network for the purpose of conducting Example.com business. Viewing, copying, storing or sending Internet content outside the scope of Example.com employment is proscribed. Example.com provides Internet access through the Example.com network to Example.com users as a privilege that is conditioned on an adherence to Example.com's policies and rules regarding Internet access.
Sanctioned Users -- Internet access through the Example.com network is limited to Example.com employees and others that Example.com may authorize.
Obstruction -- Example.com users shall not interfere with the work of others when accessing the Internet.
Copying -- Example.com users shall refrain from illegally copying protected works, or making available copies of such works. Example.com users are responsible for observing copyright and licensing agreements that may apply when downloading files, documents and software. Example.com users must obtain approval from Example.com supervisory personnel before downloading any materials for which a registration fee is requested.
Privacy -- Example.com reserves the right to access and disclose the contents of Internet communications, including e-mail, conducted through the Example.com network. All Example.com users waive any right to privacy in Internet communications, and consent to access and disclosure of Internet communications by authorized Example.com personnel.
Illegal and Obscenity Content -- Example.com users shall not view, copy, process or send content that is illegal or obscene.
Network Security -- Example.com users shall access the Internet in a manner that does not compromise Example.com's network security. This includes keeping your system identification and password secure, prohibiting access to intruders or viruses, as well as reporting such difficulties to Example.com network management. Example.com users desiring to download Internet content from non-Example.com sources must observe Example.com security procedures.
Third Party Rights -- Example.com users are prohibited from sending Internet content that contains objectionable, defamatory or libelous language, or that infringe on the intellectual or privacy rights of others.
Access Connections -- When using devices affixed to the Example.com network, users shall not access the Internet except through an Example.com-approved Internet firewall. Example.com users shall not access the Internet directly, unless their accessing computer is disconnected from the Example.com network or with authorization from a supervisor.
Approved Activities -- Only Example.com users who observe all applicable laws and policies when using the Internet via Example.com constitute approved Internet activities.
Publishing -- Only authorized personnel shall engage in placing information on the Internet, other than the sending or receiving of e-mail. Appropriate personnel shall observe all existing standards, policies and regulations regarding materials published on Example.com's behalf, and shall establish accountability for all information regarding Example.com business or publications posted on the Internet for public access.
Condition of Employment -- Adherence to this Internet use policy is
a condition of employment.