More On

N.J. Company Held Liable for Employee's Porn Activity

When an unnamed employee was sitting at his desk at XYC Corp., he was supposed to be doing accounting work. Instead, he was accessing pornographic Web sites depicting bestiality, necrophilia and images of children. Although several of his co-workers and supervisors at the New Jersey company noticed something strange about the way he suddenly minimized screens when others walked by his cubical and discovered some suspect Web addresses in his list of visited sites, no one investigated to see if he was violating the law by viewing child pornography. Then, more than two years after co-workers first noticed his suspicious behavior, the employee sent nude photos of his 10-year-old stepdaughter to a child porn site using XYC's computer.

After the employee was arrested on child pornography charges, the girl's mother sued XYC for failing to uncover and report his illegal acts. Her victory in Jane Doe v. XYC Corp. puts New Jersey employers on notice that they need to take action if they have any reason to believe an employee is using company computers for child pornography activities.

While some contend the decision opens up a Pandora's Box of employer liability for other criminal acts by employees using a company's computer system, others say the decision was written narrowly and applies only to child pornography.

In any event, the case is causing a stir among in-house attorneys because it breaks new ground in assessing employer responsibility for actions by an employee that harm a third party. It also raises questions about the extent of an employer's duty to monitor employees' Internet usage for possible criminal activity.

Broadening Responsibility

In Jane Doe v. XYC Corp., the Appellate Division of the New Jersey Superior Court reversed summary judgment for XYC, holding that a company that knows its employee is accessing pornography at work has a duty to investigate that activity and stop any potential harm to third parties.

"We hold that an employer who is on notice that one of its employees is using a workplace computer to access pornography, possibly child pornography, has a duty to investigate the employee's activities and take prompt and effective action to stop the unauthorized activity, lest it result in harm to innocent third parties," Judge Harvey Weissbard wrote. "No privacy interest of the employee stands in the way of this duty on the part of the employer."

The Appeals Court rejected most of XYC's arguments and sent the case back to the Law Division to determine damages. The parties then settled the case for undisclosed terms, according to the mother's attorney, Kevin Kovacs of Purcell, Ries, Shannon, Mulcahy & O'Neill. Richard Catenacci of Connell Foley, attorney for XYC, did not return phone calls seeking comment.

The appellate decision details a two-year period during which XYC Corp. knew, based on reviews of computer logs and complaints from co-workers, that the employee was using his company computer to access pornography sites. While most of the Web site titles appeared to reflect adult porn content, the name of one of the viewed sites, called "Teenflirts.org: The Original Non-nude Teen Index," suggested the possibility of child pornography. The employee was reprimanded twice, but no one investigated the content of the sites to see if he was violating state and federal child pornography laws.

"What really struck me about the case is that the employer did have notice that the employee was looking at adult porn, but did not really have notice he was looking at child porn," says Philip Gordon, shareholder in Littler Mendelson's Denver office, pointing out the "Teenflirts" site referred to non-nude photos. "An aggressive plaintiff could use this case to say that if an employer does not act on lawful conduct, he could be held liable if it turns out the conduct is actually unlawful."

He adds that if courts in other jurisdictions follow this case, plaintiffs will be able to pursue a whole new genre of employment litigation holding employers responsible for the damages to victims of crimes committed by employees using corporate computers.

For example, an employer could learn that an employee was looking at a Web site with instructions on how to make a bomb.

"You might think it was weird that an employee was looking at that site, but not necessarily think he will act on that," Gordon says. "XYC could be used as authority to say you were negligent for not acting" if the employee actually made a bomb that killed or injured people.

While previous case law has established employer liability for injuries one worker causes a co-worker via computer, such as e-mail messages sent as racial or sexual harassment, this case goes a step further by extending liability to acts that harm a third party--a victim who is not an employee, says Gary Glaser, a partner in Seyfarth Shaw's New York City office.

He cites as another hypothetical example an employee using a company computer to set up illegal drug deals outside the workplace. Using XYC, the parents of a child who dies from an overdose could have a case against the corporation for failing

to investigate and report the illegal activity, he says.

Reasonable Precautions

But Glaser points out that the court was careful to cite the many occasions on which XYC had reason to question whether the employee's conduct crossed the line into illegal activity by accessing child porn, rather than just adult porn sites.

"I don't see this as a strict liability case," he says. "The employer had a duty because it was on notice. The level of notice here was significant--a lot of people knew."

Glaser says his message to clients is "be vigilant." But, he adds, "It doesn't mean that you have to implement unduly burdensome practices that would constantly monitor employee activity on the Internet. The duty to investigate is triggered when you have reason to believe the employee may be engaged in an illegal activity."

Kovacs believes the case is relevant only to cases of child pornography.

"The case imposes a limited duty but an important duty," he says. "If a company has reason to believe that employees are visiting sites with pornography, they have a duty to investigate whether those sites include child pornography. We advocated a narrow position and I read the case as limited to child porn."

But Gregory Alvarez, partner in the New Jersey office of Jackson Lewis, disagrees that the potential liability stops with child porn.

"If you become aware of any improper use of a company computer, you should investigate," Alvarez says. "This is not where employers want to be. We're the police now for everything our employees do. The bottom line, from our point of view, is that you really should not look the other way when it comes to employee misconduct if it involves you in any way."

Senior Editor

Mary Swanton

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.