A recent interpretation of Section 230 of the Communication Decency Act by a California Court of Appeals held that an employer is immune from liability based on an employee’s use of its communication networks and systems to send threatening messages. The case is Delfino v. Agilent Technologies, Inc., 06 C.D.O.S. 11380 (Cal. App. December 14, 2006)

The facts are as follows. Plaintiff Delfino was subject to a number of threatening messages sent anonymously over email and posted on Yahoo bulletin boards. The plaintiff contacted the FBI which was able to find out that the source was an employee of defendant Agilent. Eventually the employee admitted that he sent the threatening messages and that he used his work computer to do so. Agilent terminated the employee shortly after.

Plaintiff then sued Agilent under tort law for intentional and negligent infliction of emotional distress. They claimed that Agilent was liable under the respondeat superior doctrine and argued that Agilent was aware that the empoyee was using its computer systems to send the threats and took no action to prevent him from doing so.

Agilent claimed immunity under Section 230 of the CDA. The relevant portion states in part that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider,” and “No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.” 47 U.S.C. § 230, subds. (c)(1) & (e)(3). Trial court agreed with Agilent and dismissed the case.

On appeal the Court of Appeals affirmed the lower court holding that Agilent was an interactive computer service provider immune under CDA from liability. The court’s reasoning was that one of Section 230’s rationales was to encourage Internet service providers to self-regulate and prevent chilling of speech that would result from imposing liability on companies for speech which merely “flows” through the company network regardless of whether it is authorized or not. Subsequently, the court held that Agilent provided Internet access through its computer servers and is therefore provides “interactive computer services.” The court also noted that Agilent was not on notice of its employee’s cyberthreats and that applying Section 230 immunity in the case would not be inconsistent with CDA.

As a result, employees may be successfully able to claim immunity under Section 230 in circumstances where employees are vigilant in developing and disseminating acceptable use of electronic resources policies and are proactive in detecting and acting on reports of misuse of its electronic assets.

No Responses to “Employers Immune From Liability For Employee’s Cyberthreats”

No comments yet

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>