The recent, shocking news floating around Penn State University has understandably caused some employers to reflect on their obligation to report and take meaningful action in response to suspected criminal sexual activity. Most states have statutes that establish when reporting of the abuse of a minor is required, but employers who do not serve or supervise minors may have little knowledge of mandatory reporting laws. Common law, which also varies from state to state, may create a duty of care for employers that requires reasonable attention to the safety and security of employees and others particularly minors on the employers premises. Regardless of the particulars of the law, there will always be public outrage if an employer could or should have known that criminal sexual activity (or other dangerous conduct) was occurring and failed to report it or failed to try to stop it. With all that in mind, its worth considering whether an employer could be found legally responsible for harm that could have been prevented if the employer had used its access to employees electronic communications to identify dangerous conduct. Is it reasonable to expect an employer to monitor electronic communication for such a purpose?
Generally speaking, employers can search employees emails and internet use on employer-owned hardware and software. Many employers have published explicit policies warning employees that they should have no expectation of privacy in their electronic communication. Its not common, however, for employers to use time and resources on constant monitoring or random searches. Should it be?
A particularly thorny issue concerning employer-provided technology is the support of employee smart phones. Employee email is commonly run through and synced with the employers email exchange server. In addition, it is possible to set up smart phone support so that text messaging including attached photographs also runs through the employers system. Like email, texting is easy, quick, and informal, and, like email, it can be a format for inappropriate, legally actionable, or even criminal activity. Just because an employer might properly have access to an employees email and text messages, is there an obligation on the part of the employer to actively monitor them?
It is quite unlikely, under the law as it currently exists, that an employer would be found legally responsible to outside victims for the failure to report improper activity by an employee unless the activity was actually detected by the employer. A situation where an employer does become aware of such messages or activity but does nothing would be far more concerning and more likely to create liability for the employer. It does not take a particularly creative mind to imagine an enterprising attorney suing an employer in a situation involving a victim who has been tragically harmed through the criminal activity of an employee. Although the current state of the law does not recognize a clear legal duty here and is really unformed at this time this question is certainly one with the potential to cause sleepless nights for both employers and their lawyers. And it is another very good reason why employers need to be very careful and thoughtful when making decisions about their access to and use of information about the electronic communications of their employees.