No. In a case with similar facts, a California appellate court ruled that an employer was entitled to immunity under the Communications Decency Act of 1996 (CDA) for damages arising out of threatening e-mails that an employee sent from a workplace computer.

Immunity under the CDA. To claim immunity under the CDA, the employer had to establish that:

1. it was the provider or user of an interactive computer service;
2. the cause of action treated the employer as a publisher or speaker of information; and
3. the information at issue was provided by another information content provider.

The court noted that the employer’s proxy servers were the primary means by which its employees accessed the Internet. Because other courts have interpreted the term “interactive computer service” broadly, the court held that the employer was a provider of interactive computer services.

The court next found that because the individuals alleged that the employer knew that the employee was using its computer system to send threatening messages, they treated the employer as a publisher or speaker of the employee’s messages. As a result, their claims were among those to which immunity under the CDA potentially applies. Moreover, the employee clearly authored the offensive e-mails. There was no evidence that the employer played any role in the creation or development of those messages. Thus, according to the court, the information at issue was provided by another information content provider—the employee. As a result, the employer was entitled to immunity under the CDA, the court concluded.

Respondeat superior. Addressing the individuals’ claim that the employer was responsible for the acts committed by its employee while he was at work, the court noted that using the employer’s computer system to log on to a private Internet account to send messages was not part of the employee’s job duties. The fact that the employee was at work performing regular employment duties before or after sending the threatening messages did not turn his personal conduct into actions for which the employer could be held vicariously liable. According to the court, an employee’s use of his employer’s computer to access a personal Internet account to send anonymous cyberthreats unrelated to employment is not a risk that the employer bears as part of its enterprise.

Negligent supervision/retention. The court also determined that, for purposes of the individuals’ claim for negligent supervision/retention, they failed to establish that the employer owed them a legal duty. The individuals had no business relationship with the employer and there was no evidence that the employee’s threats arose out of or were in any way connected with his employment.

Moreover, there was no significant policy of preventing future harm that would result from a finding of duty. “Indeed,” the court stated, “a finding of duty here might have a significant chilling effect upon Internet free speech and might encourage extreme employer oversight of employee activities. It would be a dubious proposition indeed to suggest that a party, simply by virtue of engaging in business, owes a duty to the world for all acts taken by its employees, irrespective of whether those actions were connected with the enterprise in which the business was engaged.”

Cite: Delfino v. Agilent Technologies (2006 CalCtApp) 153 LC ¶60,321.