New Jersey Court Holds Employer Responsible to Third Party for Harm Caused by Employee's Internet Use

Posted: January 23, 2006

A New Jersey appeals court has ruled an employer may be liable for harm to third persons as a result of an employee's activities on a company-issued computer. Although employers typically are not responsible for the activities of employees outside the scope of their employment, in Doe v. XYC Corporation, the court found the employer had a duty to report the employee's Internet activities involving child pornography to the proper authorities and to take effective internal action to stop them. [N.J. Super. Ct. App. Div., No. A-2909-04T2 (December 27, 2005).]

The case arose when in 1999 the company's IT department was reviewing computer log reports and noticed that the employee repeatedly had accessed child pornography websites from his company computer in violation of company policy. Without checking the content of the webpages or notifying the employee's supervisor, the IT department instructed the employee to stop viewing pornographic websites.

In early 2000, the employee's manager, suspicious the employee was accessing pornography at work, asked the IT Department to track the employee's Internet usage. The IT Department, without viewing the content of the webpages, confirmed the employee was still visiting pornographic websites and again admonished the employee for violating the company's policy.

In December 2000, a co-worker complained the employee was acting suspiciously around his computer. Employees shared cubical workspaces, which were open to a common hallway. Specifically, she complained the employee was shielding his computer screen and quickly minimizing the screen when she walked by. These complaints were relayed to upper management, however no action was taken. A few months later, while the employee was at lunch, his manager accessed his computer and clicked on the "websites visited" page. The manager confirmed the employee was visiting pornographic websites (based on the names of the webpages), but did not open any of the pages. The manager instructed the employee to stop visiting inappropriate websites.

In June 2001, the employee was arrested for possession of child pornography. The employee admitted to downloading over 1,000 pornographic images while at work. In addition, it was later discovered the employee had taken nude and semi-nude photographs of his 10-year old step daughter and uploaded them to a child pornography website. The child's mother filed the lawsuit against the employer, alleging it knew or should have known the employee was using the company's computer to view and download child pornography and that it should have taken appropriate action to stop such conduct, including reporting it to the authorities.

Granting the employer's motion for summary judgment, the trial court ruled that the employer did not have a duty to monitor or investigate the private communications of its employees. The trial court held that, under the circumstances, the company's verbal warnings to the employee were reasonable, and that the company was not responsible for, nor could it have prevented, the harm caused to the child as a result of the inappropriate pictures taken at home.

In reversing the trial court, the New Jersey Appellate Division court held the employer had the ability and the right to monitor its employees' Internet usage. The court found that the employee had no expectation of privacy, especially since the company had a policy advising employees that it may monitor an employee's Internet usage. Moreover, this employee worked in an open area where his computer screen was readily visible to others. The court also found that the employer either knew or should have known the employee was accessing child pornography while at work, specifically, that had the company fully investigated the complaints about the employee, it would have learned of the employee's activities.

Significantly, the court also ruled that the employer had a duty to report the employee's conduct to the proper authorities and take appropriate action to stop the harmful conduct. The court found the harm (i.e., the viewing and/or uploading of child pornography) was facilitated through the use of the company's property (i.e., the company's computer). However, the court could not conclude whether the employer's failure to act had resulted in the injuries to the child, and the case was sent back to the trial court to make that determination.

This important decision increases an employer's duty to investigate the private and non-business related activities of employees while at work or while using the employer's property, especially when the employee's activities involve the employer's computer systems, and the employer maintains a policy advising employees it will monitor computer usage. The court was particularly critical of the employer because, although it maintained a policy permitting the company to monitor an employee's Internet usage, as well as required employees to report suspected violations of this policy, it did not fully investigate the nature of the webpages being accessed by the employee in violation of the policy.

Also of significance is that, for the first time, the court has said an employer has an affirmative obligation to report the unlawful activities of its employees to the police. Although the conduct of the employee in this case was particularly egregious, the court's decision raises the question of whether an employer is likewise required to report lesser offenses to the proper authorities.

In light of this decision, employers with policies that authorize the monitoring of employee Internet, email, and other computer technology usage are well advised to investigate fully all allegations of improper usage, as well as all allegations of potentially unlawful conduct. Thereafter, employers should consult with legal counsel regarding their duty to report such conduct to the proper authorities.