Internet Workplace Legal Problems
THE INTERNET’S LEGAL QUAGMIRE
By:
AUGUST BEQUAI, ESQ.
Introduction
While Wall Street continues to plummet, America’s romance with the Internet continues unabated. A growing number of businesses, large and small alike, continue to turn to the Internet as a viable vehicle for their daily operations. While IT consultants have come to play a crucial role in this revolution, they also need to take note of the quagmire that the Internet poses for them and their businesses.
IT Professionals Face Legal Exposure
A Fortune 100 Company paid some of its female employees several million dollars, when it was found that its male employees had used the Internet to sexually harass and intimidate their female counter-parts. In another case, a manager who had been monitoring a romantic Internet liaison between tow of his employees, and leaked his findings to their co-workers, prompted attorneys for the two cyber-lovers to file a lawsuit. Their employer was quick to settle. Management had failed to enact policies and procedures aimed at regulating use of the Internet by its workforce, in conformity with privacy laws.
In the current Internet environment, fraught with the potential for costly litigation, management needs to strike a balance between concerns over the privacy rights of its workforce, and the need to ensure that its workers do not misuse the Internet and expose the company to legal difficulties. Here are some guidelines that address these concerns.
Written In-House Guidelines: Since the modern workplace is the habitat of diverse classes of employees - i.e., at-will employees, contractors, temporaries, licensees, part-time workers, and so on - clearly-defined (and written) guidelines and policies are a necessity to ensure their proper use of the Internet.
The guidelines and policies should be accompanied by instructions requiring the employee to read and familiarize himself/herself with them, as well as sign an acknowledgement that he/she has received a copy. The policies should make it amply clear that abuses of cyber-space will constitute grounds for disciplinary action; including termination.
Ensuring Compliance With Policies: The millions of employees and managers employed in corporations have little or no grasp of the growing legal edifice that has increasingly come to govern cyber-space. The courts have made it clear that ignorance of cyber-laws is no defense. Yet, a company’s workforce can expose then, through their conduct and actions, to civil and criminal prosecution. Employee-related Internet abuses whether by design or ignorance can run afoul of motley of laws.
Cyber-Crime Laws: both the U.S. government and all 50 states have enacted an array of laws, which make it a crime to misuse or tamper with computer systems and the Internet. It makes little difference whether the employee had authorization to access these systems or the Internet. Both Federal and local cyber-crime laws provide for imprisonment and fines against any person that alters, destroys, or otherwise misuses a computer or communication system.
These laws come into play when an employee: gains unauthorized access to financial, medical, or personnel records stored in a company’s computer system; makes use of the Internet to carryout a criminal act (authorized access would not constitute a valid defense against prosecution in such cases); uses the Internet to transmit programs, data, codes, or commands, for the purpose of damaging or impeding the operations of a computer system; transmits data, codes, or programs over the Internet for the purpose of altering, modifying or deleting financial or medical data; knowingly, and with the intent to defraud, employs the Internet to traffic in unauthorized computer passwords and credit card numbers; and/or makes use of the Internet to gather, collect, or distribute pornographic materials.
Under current U.S. cyber-crime laws a person or business that falls victim to an Internet-related crime, can sue both the employee (culprit) and the employer. Ignorance of the law by either the employee or employer does not constitute a valid defense to a criminal or civil prosecution. To defend against such prosecutions or lawsuits, an employer would have to demonstrate that it took adequate steps to deter these abuses - i.e., written policies on proper employee use of the Internet and related security measures.
Copyright Laws: the unauthorized copying or transmission of copyrighted programs by an employee’s workforce could run it afoul of the U.S. copyright laws. When software is transmitted or published over the Internet, the user merely enjoys a license having no ownership rights in the software. Among those safeguards are the following:
Subject matter: ownership under the copyright laws subsists in all original works of authorship that are fixed in a tangible medium of expression. With the dramatic growth of the Internet, the copyright laws are increasingly being used to hold employers accountable for the unauthorized acts of their workers.
Exclusivity: the copyright laws cover the expression of ideas according to their owner the exclusive right to reproduce the work, prepare derivative works based on the copyrighted work, distribute copies of the copyrighted work, and/or display the copyrighted work publicly. Software licensing agreements govern the manner in which a licensee and its employees can use the software, without running afoul of the copyright laws.
Infringement: any person or business that is found in violation of any of the provisions of a licensing agreement can be deemed to be an infringer. Arguing that the employee infringer was acting on his/her own will not suffice as a defense for the employer.
Remedies: the copyright laws provide for injunctive actions; as well as the impounding and disposition of any infringed articles. Monetary damages, court costs and attorneys fees can also be awarded by the courts under the copyright laws.
Trademark Infractions: the trademark laws are increasingly being used to provide safeguards for proprietary data being transmitted over the Internet. A corporation can find itself afoul of the trademark laws as a result of Internet-related abuses by its employees or agents’. For example:
Safeguards: trademark laws are designed to safeguard the name, design, and other indicators of origin, under which a business distinguishes its goods and services from those of competitors. They cover any word, name, symbol, or any combination thereof, used by a business in commerce. They are limited in scope to those marks that invoke a connection in the public’s mind with a provider of goods and services.
Infractions: these occur when someone other than the lawful owner of the trademark, employs it or a similar mark on the same or closely related goods and services. An employee found to be misusing another company’s trademark could expose his/her employer to a lawsuit.
Remedies: the trademark laws provide for several civil remedies; among these, injunctive actions (temporary and permanent) against any future infringement(s); seizure of the infringer’s profits; monetary damages for any past infringement(s); and any legal costs associated with the lawsuit. The trademark laws also provide for criminal sanctions.
Privacy of Electronic Communications: the Electronic Communications Privacy Act (”EPCA”) makes it a Federal crime for any individual or business entity that lacks authorization, to intentionally access any facility through which an electronic communication service is provided; or to intentionally exceed an authorization to access a facility and thereby obtain, alter, or prevent authorized access. The ECPA provides for fines of up to $250,000 and/or imprisonment of up to two years.
The ECPA also requires employers to advise their employees that electronic communication systems at the workplace must be used solely for business purposes; that the data that is stored and transmitted by those systems is to be treated in a private and confidential manner. An employer can find itself legally liable for any privacy related abuses or loses, if any of its employees were to use its systems in violation of the ECPA. Ignorance of the ECPA is not a defense.
Financial Privacy: the Fair Credit Reporting Act (”FCRA”) regulates the privacy of consumer data. Financial data disseminated over the Internet by an employee in violation of the FCRA could expose his/her employer to civil damages. To avoid or limit its legal exposure, an employer would have to demonstrate that it took active steps to deter its employees from using the Internet in violation of the FCRA’s provisions.
Cyber-Adult Entertainment: the Internet is fast replacing the local X-rated corner store as a reservoir of pornographic materials. The modern workforce has been fast to discover the world of cyber-porn. According to law enforcement sources, over 50% of the time workers spend on the Internet - public and private alike - may be connected to pornography. Playboy, and not Aristotle, reigns supreme in cyber-space. An employer, unfortunately, can find itself liable for violations of the Communications Decency Act of 1996 (”CDA”) by its staff. The U.S. Equal Employment Opportunity Commission has been active in filing charges with the courts against employers who have failed to adequately police cyber-porn.
The CDA also makes it illegal to transmit, exchange, collect, store, or otherwise communicate pornographic materials to anyone who is 18 years or younger over cyber-space. An employer can face both civil and criminal prosecution if it is proven that it knew of the questionable activity, but failed to take action to deter or prevent it. Neither consent nor ignorance of the law is a defense.
The Limiting the Legal Exposure
While the Internet and related cyber-space technologies are still in their infancy, employers need to take steps to limit their potential legal exposure. While eliminating the exposure completely is not possible, containing the problem is a viable option. Here are some steps that can help.
Enforcement: for many employers, the Internet has become an addictive past time, one that can prove costly to their employers. While written policies for employee use of cyber-space can limit an employer’s legal exposure, they will not by themselves, suffice. To satisfy the courts, an enforcement program should encompass the following:
Warnings: these should be issued in writing to any employee who violates any company policies governing use of the Internet. Repeat offenders should be dealt with sternly.
Termination: the more serious abuses of the Internet call for termination. Anything short of that could expose the employer to legal problems. Once an employer becomes aware of the abuses, it is required by law to act.
Restitution: an employee who causes his/her employer financial losses, should be required to make full restitution. Such action will serve to demonstrate to the authorities, that the company is serious in its efforts to curb abuses of the Internet.
Security: employers should implement and/or upgrade their security in order to curtail Internet abuses by their employees; as well as limit any legal liability emanating from the abuses of their employees. These can take one of several forms:
Data: an employer should establish safeguards to secure the data stored in its automated systems or being transmitted over the Internet from abuse by its employees. The U.S. courts will hold a principal liable for the acts of its agents.
Software: steps should be taken to deter the modification, alteration, destruction, and/or unauthorized copying of proprietary software. Enforcement of those measures should be prompt, lest it open the company to charges that its security resources were merely cosmetic.
Communication: efforts should also be made by the employer to institute security measures that ensure proper use of the Internet by its staff.
Personnel - even the best of technical measures can falter if the human element is left out of the equation. That component requires the following: background checks, and screening of all personnel in sensitive positions; limiting access to specific systems and web sites only to authorized staff; maintaining detailed daily logs of whom has access, frequency of access, and the web sites that were accessed on company time and equipment; and ensuring that employee Internet activity conforms to the law.
In Closing
Even the best of cyber-security policies and measures will not suffice to eliminate all the potential legal exposures that employer’s face from employee-related abuses of the Internet. Thus, it is crucial that employers acknowledge the problem; as well as make reasonable efforts to address it. Failing to do so will expose them to costly and time-consuming legal acrobatics. Costly litigation is the hallmark of cyber-space.
Tags: A guide to understanding Interent abuses, and their legal implications for employers and employee, misconduct and investigations