Employer Liability for Employee’s Online Activity

Many employers have made great strides in adapting to the risks posed by online activity. Some maintain employee handbooks with social media and computer use policies. Others provide training and many monitor employee use of employer-provided devices. But risks still remain. Take, for example, the recent Indiana appellate decision regarding potential employer liability for an employee’s online conduct.

In Miller v. Federal Express, an underlying construction project came to a halt when financial backers withdrew funding. The Indianapolis Business Journal reported on the funding issue and allowed readers to post comments on its website. One of the online commentators suggested that the plaintiff had misused funds for the project for his own personal gain, and another commentator posted that the plaintiff allowed the contractors to continue working, knowing that they would not be paid. A third commented that the plaintiff was a “crook” and had been “robbing” from the community.

The plaintiff filed suit against the commentators alleging that the comments constituted defamatory speech. During discovery, the plaintiff learned that one of the commenters was vice president of a company and used a company computer to post the comment; the other comments were linked to an IP address assigned to a major shipping and distribution company. Given this information, the plaintiff amended his complaint to add the corporate entities as defendants based on the online activity of their employees.

The corporate defendants filed a motion for summary judgment asserting that they were immune from liability based under the federal Communications Decency Act (CDA), which limits liability to service providers for publishing information originating from a third-party user of the service. In analyzing this issue, the court of appeals determined that the employers could qualify as providers of an internet service and that they were not liable in this particular case because the plaintiff’s complaint treated them as publishers of the information.

While the court of appeals ruled that employers may have limited immunity as publishers of employee defamatory speech, it noted that the CDA does not provide blanket protection for employee online conduct. For instance, an employer may face liability where it knew of the employee’s online defamatory statements made on its computers, but did not take action to stop it. Thus, employers must ensure that their social media and computer usage policies provide guidance to employees regarding what online conduct is appropriate, and what activity is proscribed. Moreover, employers that monitor employee online activity must appropriately and timely react to conduct that is questionable. This may be a difficult task for many employers but failure to do so could result in employer liability.