Dec. 14, 2006 Communications Decency Act of 1996 Provides Employers with Immunity for Employee Cyber-threats
Yesterday, in Delfino v. Agilent Technologies, Inc. a California court ruled that employers are not liable for threatening e-mails sent by their employees through the employer-provided computer system.
An employee of Agilent Technologies, Inc. (Agilent) used his company-provided internet service to send a series of threatening e-mails to third parties. Once Agilent was informed of the employees misuse of the company internet service, it counseled and then terminated him. The threatened parties sued both Agilent and its employee for emotional distress.
The court applied a three part test to determine whether the Communication Decency Act of 1996 (CDA) protected Agilent from the third parties claims: (1) whether Agilent was a provider or user of an interactive computer service; (2) whether the plaintiffs complaint treated Agilent as a publisher or speaker of information; and (3) whether the information at issue was provided by another information content provider. In this case, it was undisputed that Agilent, who linked its office computer network to the internet and provided computer access to its employees, was a provider of an interactive computer service under the CDA. In addition, the plaintiffs claim that Agilent was liable for its employees cyber-threats, clearly sought to treat Agilent as the publisher or speaker of those messages. Finally, plaintiffs consistently alleged throughout their complaint that the employee alone was the author of the offensive messages. There was no evidence that Agilent played any role whatsoever in the creation or development of the messages. Based on these facts, the court held the CDA immunized Agilent from liability.
The court also held that even if the plaintiffs claims had not been barred under the CDA, they had failed to establish a case for intentional infliction of emotional distress against Agilent. Specifically, there was no evidence that Agilent knew of its employees conduct or, after the facts came to light, treated the employees conduct as its own. In addition, the employees use of Agilents computer to access his personal internet account to send anonymous cyber-threats, unrelated to his employment, was not a risk that Agilent assumed as part of its enterprise, but rather, the conduct was borne out of the employees personal malice. Finally, the court found no evidence of negligent supervision or retention to support plaintiffs damages.
What This Means
This opinion demonstrates that there is a measure of protection available to employers who provide or enable computer access by their employees, including internet access, for an employees non-work related cyber-threats or other malicious postings. It is important, however, to have a good electronic use policy that spells out exactly what an employee may or may not do at work and, it is equally important to enforce it. A no use of the internet to threaten, abuse, or degrade others policy is useless if it is ignored. In addition, once the employer becomes aware of an employees misuse of the employer-provided internet access, it should take immediate steps to put an end to the conduct and prevent against similar acts in the future.
Paul, Plevin, Sullivan & Connaughton is pleased to announce that the firm has named Denise N. Brucker as its newest partner.
Ms. Brucker specializes in providing employers with advice and counsel on a broad range of employment matters including hiring and terminations, wage and hour laws, leaves of absence, disability accommodation, employment contracts, trade secrets, personnel policies, and discrimination and harassment issues. She also conducts audits in the areas of exemption classifications and HR compliance.
Ms. Brucker is a 1997 graduate of Northeastern University School of Law, and a 1992 graduate of the University of California, San Diego. She joined Paul, Plevin in 2001.