Internet Policy Liabilities

The Internet Newsletter July 24, 2003

SECTION: NEWS; Vol. 1; No. 7; Pg. 3

HEADLINE: Are you Breaking The Law?


Are you Breaking The Law?

Ten ways your employee Internet policy might make you liable

By Jonathan Bick

Part 2 of 2

The first article addressed:

1. Communicating Internet employee data is akin to broadcasting it.

2. Bad privacy agreements are Federal Trade Commission violations.

3. Internet sites must accommodate disabled Internet users. 4. Internet policy must be a part of the employment handbook.

5. Respondeat superior applies to online activity.

6. Where to get e-justice.

Be aware that Internet wrongs are increasingly actionable in local courts.

Constitutional notions of substantial justice and fair play govern Internet transactions. The wrongdoer's point of presence need not determine which laws apply.

Recommendation: Ensure that the company's terms of use agreement sets a favorable jurisdiction for Internet-related legal difficulties.

7. Legal duty not to spread harassing Internet content.

Since the Internet has become mainstream by every commercial standard, it is not surprising that the Internet has been implicated in sexual harassment conduct in the workplace.

Sexual harassment is among the most prevalent [and most preventable] difficulties facing employers due to employees' misuse of the Internet. E-mail provides an ideal medium by which to harass persons in the workplace, as well as those outside the workplace. Typically, employees use the employer's Internet service provider to find obscene material and the employer's e-mail to distribute it, thereby making the company vulnerable to sexual harassment charges.

The most common charge resulting from such activity is that a hostile work environment was created, which the Supreme Court has ruled is a form of sexual discrimination. In Meritor Savings Bank v. Vinson, 477 U.S. 57 [1986], the Court found that an employer may not need to have actual notice of improper conduct of an employee to be held liable for the employee's acts.

Several well-known corporations have already been the subject of lawsuits based on claims of Internet-related sexual harassment. Typically, the employer's failure to properly control e-mail use results in a finding adverse to the employer.

Recommendation: Review your company's electronic environment for evidence of harassment activity and take appropriate action upon discovering any misconduct.

8. Internet may change personnel tax liability.

Despite the Internet Tax Moratorium, Internet transactions are subject to tax. Human resource professionals need to know how and where to apply taxes for employees who work with the Internet.

Employees working on the Internet may do so in more than one jurisdiction. Having more than one work location may change tax withholding requirements and the application of work-related requirements. The remote use of the Internet should be treated like any other remote work location for tax and other work-related legislative purposes.

Recommendation: Ensure that taxes are paid and local employment laws are satisfied: in places where their firm has people who can be arrested; in jurisdictions where company goods can be seized; and in locations where the company has stores that can be padlocked shut.

9. Law favors technical rather than legal protection at times.

My then 10-year-old son Alex had a disagreement with his mother and went upstairs to his computer. My then eight-year-old daughter Emily came down the stairs a while later singing "I am your password, I am your password."

My wife, a manager for a Fortune 30 firm, whose home office exists because of the Internet, thought nothing of it until she found out that she was locked out of her computer. Alex had used the Internet to circumvent security and changed her password to Emily [hence Emily singing "I am your password, I am your password"].

The pervasive Internet use in home offices means human resource professionals need to know that if my son were seven years older, he'd be guilty of violating the Electronic Communications Privacy Act; The Computer Fraud and Abuse Act; and The Identity Theft Act. Human resource professionals also need to know that as a parent I am not liable for his actions, due to the parental liability doctrine.

Recommendation: Seek both legal and technical solutions to Internet-related matters because children can cause harm that they do not have to pay for.

10. Lack of active Internet monitoring is a source of legal liability.

Due to its enabling technology, the Internet is a very public communications system and, consequently, lawful active monitoring of the Internet and e-mails is rampant. The legal justification for such monitoring is equally extensive.

Courts throughout the United States have offered a variety of legal justifications for active monitoring of the Internet and e-mail communications. As early as 1996, in Bohach v. City of Reno, 932 F. Supp. 1232 [D. Nev. 1996], a federal court found that by sending a communication over the Internet, the party expressly consents to the recording of the messages. The court also found that such a party has "no reasonable expectation of privacy in his e-mails."

Similarly, in United States v. Charbonneau, 979 F. Supp. 1177 [S.D. Ohio 1997], the court found that an individual did not possess an expectation of privacy for an e-mail transmitted over the Internet and such transmissions may be lawfully monitored.

Privacy expectations for Internet Web sites have been held to be similarly low. In J.S. v. Bethlehem Area School District, 757A.2d 412 [2000], a Pennsylvania appeals court found that the trial court was correct in its determination that no expectation of privacy in a Web site could be expected. Thus, Web sites may be lawfully monitored.

Some states, such as Washington, have statutes that make e-mails public records for monitoring and disclosure purposes [Wash. Rev. Code § 42.17.020[36]]. It should be noted that although e-mails were public records within the scope of this public records act, they can be exempt from disclosure if the e-mail contains personal information of no public significance.

The legal theory of implied consent has been used to overcome state privacy act legal restrictions to Internet and e-mail monitoring in some criminal cases. [An appellant who was convicted of attempted second-degree rape of a child had contended that the trial court had erroneously admitted into evidence copies of incriminating e-mail. ]

More recently, courts have found special justification for monitoring Internet use of employees. In TBG Ins. Servs. Corp. v. Superior Court, 2002 Cal. LEXIS 3819, the Court of Appeal of California found the trial court had erred in denying an employer's request to monitor an employee's home computer. The court reasoned that the employer's right to monitor resulted from the employee's written agreement to allow such monitoring.

Even when employees place e-mail in electronic personal folders and use passwords to block access to e-mail, the courts have found that employees do not have a reasonable expectation of privacy. In McLaren v. Microsoft, 1999 Tex. App. LEXIS 4103 [unpublished], the court reasoned that an employer's action of reading e-mails stored in a personal folder that was protected by a password would not be considered an invasion of privacy because its need to prevent inappropriate use of its e-mail system would outweigh any privacy interest.

Recommendation: Use active monitoring.

Employers are regularly advised by their counsel that they can diminish an individual employee's expectation of privacy by publishing in the firm's employee handbook that electronic communications are to be used solely for company business.

The handbook should also note that the company reserves the right to monitor or access all employee Internet or e-mail usage. The handbook should further emphasize that the company will keep copies of Internet or e-mail passwords and that the existence of such passwords is not an assurance of the confidentiality of the communications.