Thursday, December 14, 2006

Employer Not Liable to Third Party for Employee's Internet Postings

Not news: employees use the Internet at work for personal reasons. News: an employer is not liable when an employee uses the company internet connection to make threats to a third party.
Agilent employed Cameron Moore in Silicon Valley. Moore became upset with a couple of former Varian employees. He signed into an internet bulletin board regarding Varian, where he made some threatening posts against the former Varian employees. He used the handle... "crack_smoking_jesus." (I know. I just had to).

The threats came to the attention of the FBI, who traced them to Agilent. After an investigation, Agilent and the FBI confronted Moore.

The ex-Varian employees sued Moore and Agilent for, among other things, intentional infliction of emotional distress, negligence, and other torts associated with the threatening posts. The plaintiffs claimed Agilent was aware of the postings and did not stop them.

In court, Agilent claimed it was immune from liability under a provision of the Communications Decency Act of 1996. Section 230(c)(1) of that law provides: "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The statute goes on to preempt inconsistent state laws: "Nothing in this section shall be construed to prevent any State from enforcing any State law that is consistent with this section. No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section." The purpose of this section is to protect those who facilitate internet communication from liability when users abuse their communication privileges.

The trial court held Agilent was immune from suit and the Varian ex-employees appealed. The Court of Appeal in Delfino v. Agilent affirmed. This is the first known opinion applying the CDA's immunity to employers. In essence, the court agreed with Agilent that it was a mere passive provider of access to the internet, that the plaintiffs attempted to hold Agilent responsible as if it had published the offending statements itself, and another person actually published them (Moore).

The plaintiffs tried to bring in Agilent under state-law principles of respondeat superior and ratification, but the appellate court was unmoved. While the plaintiffs could seek damages against Moore himself, Agilent could not be held vicariously liable because the acts were performed outside the course and scope of employment. Ratification would not fly given Agilent fired Moore after learning what he did.

To ensure your internet connection does not expose your business to liability it is important to have an internet usage policy that prohibits engaging in misconduct on the internet, and provides for monitoring. The CDA apparently will provide strong protections as well. However, it bears noting that this case involves a lawsuit by third-parties, not current employees of the same company. It is too early to tell what effect the CDA will have on employment claims such as hostile environment harassment alleged to be caused by internet activity.

DGV