E-Update - Communications Decency Act of 1996 Provides Employers with Immunity for Employee Cyber-threats

Communications Decency Act of 1996 Provides Employers with Immunity for Employee Cyber-threats
December 15, 2006

Summary

Yesterday, in Delfino v. Agilent Technologies, Inc. a California court ruled that employers are not liable for threatening e-mails sent by their employees through the employer-provided computer system.

Details

An employee of Agilent Technologies, Inc. (“Agilent”) used his company-provided internet service to send a series of threatening e-mails to third parties. Once Agilent was informed of the employee’s misuse of the company internet service, it counseled and then terminated him. The threatened parties sued both Agilent and its employee for emotional distress.

The court applied a three part test to determine whether the Communication Decency Act of 1996 (“CDA”) protected Agilent from the third parties’ claims: (1) whether Agilent was a provider or user of an interactive computer service; (2) whether the plaintiffs’ complaint treated Agilent as a publisher or speaker of information; and (3) whether the information at issue was provided by another information content provider. In this case, it was undisputed that Agilent, who linked its office computer network to the internet and provided computer access to its employees, was a “provider” of an interactive computer service under the CDA. In addition, the plaintiffs’ claim that Agilent was liable for its employee’s cyber-threats, clearly sought to treat Agilent as the “publisher” or “speaker” of those messages. Finally, plaintiffs consistently alleged throughout their complaint that the employee alone was the author of the offensive messages. There was no evidence that Agilent played any role whatsoever in the creation or development of the messages. Based on these facts, the court held the CDA immunized Agilent from liability.

The court also held that even if the plaintiffs’ claims had not been barred under the CDA, they had failed to establish a case for intentional infliction of emotional distress against Agilent. Specifically, there was no evidence that Agilent knew of its employee’s conduct or, after the facts came to light, treated the employee’s conduct as its own. In addition, the employee’s use of Agilent’s computer to access his personal internet account to send anonymous cyber-threats, unrelated to his employment, was not a risk that Agilent assumed as part of its enterprise, but rather, the conduct was borne out of the employee’s personal malice. Finally, the court found no evidence of negligent supervision or retention to support plaintiffs’ damages.

What This Means

This opinion demonstrates that there is a measure of protection available to employers who provide or enable computer access by their employees, including internet access, for an employee’s non-work related cyber-threats or other malicious postings. It is important, however, to have a good electronic use policy that spells out exactly what an employee may or may not do at work and, it is equally important to enforce it. A “no use of the internet to threaten, abuse, or degrade others” policy is useless if it is ignored. In addition, once the employer becomes aware of an employee’s misuse of the employer-provided internet access, it should take immediate steps to put an end to the conduct and prevent against similar acts in the future.

This E-Update was authored by Jennifer E. Baumann. For more information, please contact Ms. Baumann or any Paul, Plevin attorney at 619-237-5200.

Paul, Plevin, Sullivan & Connaughton is pleased to announce that the firm has named Denise N. Brucker as its newest partner.

Ms. Brucker specializes in providing employers with advice and counsel on a broad range of employment matters including hiring and terminations, wage and hour laws, leaves of absence, disability accommodation, employment contracts, trade secrets, personnel policies, and discrimination and harassment issues. She also conducts audits in the areas of exemption classifications and HR compliance.

Ms. Brucker is a 1997 graduate of Northeastern University School of Law, and a 1992 graduate of the University of California, San Diego. She joined Paul, Plevin in 2001.

CLICK HERE to UNSUBSCRIBE to this E-Update

CLICK HERE if this was forwarded to you and you would like to be added to the list

CLICK HERE to find out about our employer training programs

CLICK HERE to access back issues of our E-Updates