Liability for Employee Internet Usage: Can an Employer be Liable for an Employee’s Online Activity?

There are numerous benefits to be gained from allowing employees access to the Internet. Information can be found quickly, contacts can be easily developed, new suppliers easily located, products purchased, research conducted and many more benefits can be realized.

Unfortunately, the provision of Internet access to employees does occasionally lead to abuse. An employee could use the Internet to access personal gambling accounts and play online poker at work, or social media websites could be used excessively. Individuals can and do view pornography at work. Threats and disparaging comments may be posted online. You can also add the illegal file sharing, hacking of other corporations, and illegally accessing databases to that list.

There are plenty of other ways of abusing Internet access and, if it is possible to be done, an employee somewhere will have already done it.

The majority of these acts are committed only by a minority of employees. They rarely cause an employer, co-worker or other individual to come to any harm. However, this is not always necessarily the case. Should harm occur, or an employee breaks the law, the employer could be found to be liable for the employee’s actions.

There have been a number of cases when employers have been found to be liable for the actions of employees, such as when actions have adversely affected work colleagues. Some of the most common reasons for lawsuits have been sexual harassment of co-workers, threats of violence, racial harassment, and discrimination.

Respondeat superior – Employer Liability for the actions of an employee

The legal term for vicarious liability of an employer for actions committed by an employee is Respondeat superior. This is nothing new. It has been written into the law for over 100 years. Today, Respondeat superior does not only apply to verbal actions, it also applies to actions committed using email and abuse of the Internet. It is not limited to actions against co-workers either. Liability for employee Internet usage may result from comments posted on forums.

Typically, an employer would only be liable for an act committed by an employee while furthering the purpose of an employer. For instance, if an employee of the marketing department was posting links to a company website via Internet forums, an employer could be found liable for harm caused to a third party if those links defamed the character of a third party or were deemed to be slanderous.

In recent years, Internet abuse by employees does not necessarily have to have been conducted to further the purposes of an individual employee. Simply providing an employee with the opportunity to cause harm may come back on the employer. It doesn’t even matter if the employer is aware of the activity in many cases, it will not protect them from liability for employee Internet usage.

How can employers protect against liability under Respondeat superior?

There are four easy ways that employers can protect themselves from liability stemming from employees misusing the internet at work. The first is one of the simplest measures and the cheapest to implement. The other three controls involve software solutions.

Implement clear policies covering acceptable uses of the Internet and email at work

This measure is the simplest to implement, yet even this basic control has not been put in place by many SMEs. If an employer has not written clear and precise policies on allowable uses of the Internet and email in the workplace, employees cannot be expected to know whether they are committing acts that the company finds unacceptable.

If an employee is not informed that an activity is unacceptable they cannot be expected to guess. Accessing pornography at work and being fired for doing so could see that decision overturned in an employment tribunal if the employee was not informed that accessing porn would result in the immediate termination of his or her work contract. It is also essential that a signed copy of Internet usage policies is obtained from each employee.

Implement a system that monitors Internet and email usage in the workplace

Policies are only the first step. There must be a method of monitoring access to the Internet, otherwise there will be no way of telling if employees are adhering to company policies. It may not be necessary to constantly monitor Internet access, but regular audits should be conducted. Any individual found to have abused access rights must be subject to disciplinary procedures. There is no point implementing policies that are not enforced.

Liability for employee Internet usage is more likely if a web filter is not employed to control Internet access

Many employers choose not to take chances and restrict the websites that can be viewed in the workplace. There are many methods of achieving this, such as setting rules in browsers or on proxy servers used to access the Internet. Many of these methods can be implemented cheaply, and some without any cost other than the time it takes to set them up.

In some cases, the man-hours required to set up these rules makes it impractical. It is often far quicker, easier, and more cost effective to employ a powerful web filter. This will allow a system administrator to centrally control Internet access for individuals, groups, or the entire organization. A web filtering solution with a high degree of granularity will allow a wide range of controls to be applied for different roles within an organization and can be used to restrict access to pornography for the whole organization, limit the time that can be spent on social media websites, and set specific privileges for each individual if required.

Use an Anti-Spam solution to prevent email abuse at work

Internet abuse must be tackled, but it is important not to forget email. Email is used by virtually every company employee and is just as easy to abuse. It is difficult to control the content of messages to protect employees from sexual harassment, but it is possible to prevent individuals from emailing certain file types outside the company.

Anti-Spam products include a filter to protect users from incoming spam, but products such as SpanTitan also offer control over outgoing emails. The spam filter can be configured to prevent individuals from using company email accounts to conduct personal spamming campaigns.

If you put the controls in place to prevent Internet and email abuse, monitor activity, and make sure Internet and email usage polices are in place, it is possible to protect the business from liability. Liability for employee Internet usage will be avoided. It will be the employee, not the employer, that is likely to be found liable.