Gambling with your liability

Dear Mary, I had an IT guy working on my business computers for years, and now I have discovered that there are porn sites, gambling sites, illicit emails and other suspicious things that I did not place on my computers. Can I be liable for this stuff?

A good place to start is to review your policies. Do you have a company policy that company computers and systems are to be used only for business purposes? Does your policy make clear to employees that they have no right of privacy in their company computer?

If you have clear policies, then log on to the computers, clean them up, and deal with it as a routine HR issue: Either discipline or fire the wayward employee.

Whether or not you can be held liable for your employee is a little more complicated. Under traditional rules of agency law, an employer is liable for the employees that it directs and for actions that the employer authorizes or ratifies.

The best example of this kind of liability is when an injury flows directly from an employee carrying out the employer’s decision or policy. An absurd example of this would be if an employer requires all employees to juggle knives while on the phone, and an employee gets hurt while juggling. The key is that the employee was just doing what the employer directed them to do.

Liability here doesn’t require explicit direction to juggle knives; merely ratifying or condoning the act is sufficient. For example, the employer could be found liable if the employer saw the juggling knives at work and didn’t intervene, or if the employer was somehow making increased profits from the practice.

Here, if you knew your IT guy was playing online poker instead of maintaining systems, one might say you failed to fully investigate the circumstances and repudiate his misconduct. The key is whether you knew or should have known about the misconduct. Ratification really depends on the unique circumstances of the particular case.

Another legal doctrine, “respondeat superior,” says that an employer may be held vicariously liable for an employee’s wrongful acts within the course and scope of employment. The idea behind this theory is that it wouldn’t be fair for an employer to avoid responsibility for injuries occurring in the ordinary course of its business activities.

For respondeat superior to apply, your IT guy’s conduct would have to have occurred within the scope of his employment. There are two questions we can use to determine this: 1) Was the act required or incident to the employee’s duties?; or

2) Was it reasonably foreseeable to the employer that the employee would do this?

In our discussion of agency law, we were looking at whether or not the employer authorized or benefited from the employee’s action. Here, we’re looking at whether or not this kind of action is typical or incidental to the employee’s job.

In your case, looking at adult websites or gambling online is not required or even incidental to performing IT functions. There is no good argument that such activities would be reasonably foreseeable with this kind of employment, and this employee substantially deviated from his duties for his own personal purposes.

Moving forward, if you don’t have a company technology policy, now is the time to create one. Make sure your employees understand that they do not have any right of computer/

information privacy, including work email or when they use a company network with personal devices.

In your company policy, explain that all computer systems are company property and you retain the right to inspect them at any time. Company computers are not to be used in any way that may be disruptive, offensive to others, or harmful to morale. For example, employees may not display or transmit sexually explicit images, ethnic slurs, racial epithets, or anything else that may be construed as harassment or disparagement of others.

You may also want to state that company management will monitor email and Internet usage periodically to be sure that company equipment is being used for business purposes. The point here is to eliminate any expectation your employees may have that communications are confidential.

Mary Luros is a business law attorney with Hudson & Luros, LLP, in Napa, and can be reached at mary@hudsonluros.com or 418-5118. The information provided here is not intended as legal advice, nor does it form an attorney-client relationship with the author. The author makes no representations as to the reliability or accuracy of the above information. In a perfect world we wouldn’t need disclaimers — or attorneys.