In a decision that imposes broad obligations on employers, the New Jersey Appellate Division ruled last week that a company could be held liable for damages suffered by a victim of child pornography where it failed to investigate reports that an employee was viewing child pornography online while at work. The court held that an “employer who is on notice that one of its employees is using a workplace computer to access pornography, possibly child pornography, has a duty to investigate the employee’s activities and to take prompt and effective action to stop the unauthorized activity.” Finding that employees do not have privacy interests that would prohibit inspection of their workplace computers, the court held that an employer that fails to investigate information that an employee is viewing child pornography on the Internet while at work may be liable to a person subsequently victimized by the employee. Jane Doe v. XYC Corporation, ___ N.J. Super. ___ (App. Div. 2005).
The facts of the case are disturbing. An employee was convicted of secretly videotaping and photographing his 10 year-old stepdaughter in nude and semi-nude positions. He had used his work computer to share three of those pictures over the Internet. He had also downloaded at least 100 other images of child pornography onto his work computer.
The employee’s wife brought a negligence lawsuit against the employer on behalf of the child-victim, based on its failure to investigate and report to the authorities that the employee was viewing, downloading, and distributing child pornography on his work computer. The employee’s wife alleged that, had the employee’s pornography viewing habits been caught and reported to the authorities, the employee may never have victimized their daughter.
Though the trial court dismissed the case, finding that the company did not have direct knowledge of the employee’s misconduct, the Appellate Division reversed. The court concluded that the employer, through its supervisory/management personnel, was on notice that the employee was viewing pornography on his work computer. In fact, on several different occasions, fellow employees had reported that the employee was viewing pornographic websites, though no one reported child pornography. The employer actually had its IT employees conduct a limited inspection of the computer, which confirmed that the employee was visiting pornographic websites, though the inspection did not reveal child pornography (which the Appellate Court attributed to the fact that the inspection was not thorough enough, in its opinion). Supervisors verbally reprimanded the employee on at least two occasions about viewing pornography in the workplace. The employee was only discharged, however, after his arrest on the child pornography charges.
The Appellate Division held that, because the employer had knowledge that the employee was engaged in inappropriate conduct, it had a duty to conduct a more thorough investigation. This obligation was further supported by the fact that the employer had e-mail and Internet policies reserving the right to inspect computers and requiring employees to report suspected improper computer use to Human Resources. The court further held that, because of these policies, employees had no reasonable expectation of privacy in their computers and, consequently, there was no employee right of privacy to prevent the employer from conducting a thorough investigation.
Finally, the Appellate Division rejected the employer’s argument that it owed no duty to the child. The court explained that employers have a duty to prevent their employees from harming others, such as committing a crime. “Public policy favors the exposure of crime.” Therefore, when an employer has knowledge that an employee is engaging in activities that pose a threat of harm to others, it has “a duty to report [the] [e]mployee’s activities to the proper authorities and to take effective internal action to stop those activities, whether by termination or some less drastic remedy.” The Appellate Division then remanded the case to the trial court to allow a jury to determine whether the employer’s failure to act did, in fact, result in harm to the child-victim.
Employers should be aware that the New Jersey courts have imposed a heightened duty on them to investigate and stop employees’ inappropriate Internet activities at work, specifically viewing pornography. This is one of the first cases to deal with this issue and other courts may follow this ruling. As such, employers should promptly and thoroughly investigate all instances of improper Internet activities by its employees. Depending on what the investigation reveals, employers should impose the proper remedial action to stop the misconduct from reoccurring. While it is unclear what level of investigation and monitoring courts will find acceptable, it is clear that employers need to be proactive to prevent liability to third parties.
As a preventive measure, employers should implement and enforce e-mail and Internet policies which clearly state that improper use of email and the Internet will result in an investigation and possible disciplinary action. Based on this decision, such policies may be a “Catch 22,” since the court held that the employer’s duty to investigate stemmed at least in part from the fact that the company had such a policy. However, the better practice is to have such policies to deter such Internet abuse and provide a clear basis for disciplinary action.
Employees also should be advised that they have no expectation of privacy when using e-mail and the Internet. Any transmissions made or received by e-mail or on the Internet are deemed to be property of the company. To ensure that employees are aware of these policies, they should be posted in prominent locations and distributed to all employees at hiring and periodically thereafter.
Should you have any questions about this ruling or other employment law related issues, please contact the Ogletree Deakins attorney with whom you normally work or the Client Services Department via e-mail at firstname.lastname@example.org or by phone at 866-287-2576.
Note: This article was published in the January 6, 2006 issue of the New Jersey eAuthority.