There seems to be a news story every day detailing employee misuse of social media. In fact, in a recent survey released by Proskauer Rose LLP, more than 70 percent of the 110 businesses surveyed reported they had to take disciplinary action against employees for misusing the technology.
Living in the U.S.A., we have grown accustomed to seeing corporate mis-tweets, where an employee accidently posts a personal tweet from a corporate account, and rogue employee cases, where an employee purposefully posts something inappropriate to a corporate social media account.
But now, introducing a new type of corporate social media mishap, where an employee posts defamatory remarks to an online forum anonymously … from the employee’s company computer … and the employer gets sued for defamation. I’ll pause while that sinks in.
Our cautionary tale comes from Miller v. Federal Express Corp., a case out of Indianapolis where the plaintiffs sued FedEx and 500 Festival for defamation and intentional infliction of emotional distress based solely on the fact that someone using their computers posted allegedly defamatory comments about the plaintiffs. While I can tell you that this cautionary tale has a [spoiler alert] happy ending for FedEx and 500 Festival, this case serves as a reminder to employers to tighten those social media policies and take action against employees who are discovered to be making such statements using the company’s computers.
Jeffrey Miller was a member of the Indiana business community and an employee of a non-profit organization. In the spring of 2008, he worked on a project between two non-profits (one he had worked for in the past and one he was then working for) to build a school. Construction on that project, however, was stopped two years later when the primary financial backer stopped payments allegedly due to defamatory statements by two co-defendants to the suit.
Later, a business magazine published an online article regarding the allegations and the controversy surrounding the school construction. The article itself was harmless enough. But then came the online comments, and some of them were bad … really bad.
One comment posted under the username “JA Fan” read in relevant part:
The new CEO has inherited a mess not of her doing. The former CEO [Miller] and finally –fired VP’s misuse (for their own personal gain) of funds that were dedicated to educating Indiana children are at the very least an embarrassment to the dedicated staff who have continued to push on, and most likely a criminal act. If you were a donor or sponsor in the last decade to these guys, an audit is definitely in order.
Another posted under the handle “Really?” read in relevant part:
Does this include paying the contractors? As the fundraiser and key money guy, probably has an eye on revenue and expenses. … “what is so depressing and unfair is that the subcontractors were never told the funds were suspended and [the non-profits] let them keep working.” … If they told JA, who did not own the building or sign the construction contracts, I’m pretty sure as a tenant with an interest in what’s happening to the building, they would notify the Landlord, President Miller (who did the deal to bring Ivy Tech to the building, who also took money to fund the construction, who was also the “project manager” responsible for day-to-day operations) that his project is going to be halted and his building left in a mess. Now a storied and critical organization is a mess in his wake. Was it the great philosopher, Steve Miller, who said, “Go on, take the money and run!”? Perhaps a relative?
Another posted under “Concernd” read: “these guys are crooks (Jeff Miller, Victor George and other parties) and have been robbing from our community using kids as there [sic] hook. I hope they go to jail!!!!?
This made the Millers (husband and wife sued) wonder, Who’s Been Talkin’? Discovery revealed that the first two comments were made by the vice president of corporate sponsorship at 500 Festival using a company computer located at 500 Festival’s offices. The third comment was made by an unknown person from an IP address assigned to FedEx and was not traceable to any specific user. Rather, it belonged to one of FedEx’s proxy servers that filtered internet traffic from thousands of FedEx users.
And Abracadabra, the Millers sued Federal Express, 500 Festival, and some individual defendants claiming defamation and intentional infliction of emotional distress. Federal Express and 500 Festival moved for summary judgment claiming immunity under the Communications Decency Act (CDA), which [here’s the happy ending] the trial court granted and the appeals court affirmed.
The Application of 230
The relevant, what-you-need-to-know, background about Section 230, which is the immunity provision of the CDA is that it protects companies that serve as intermediaries for online speech from liability for harmful content posted by third parties. Section 230 immunity protects online services, such as Google, Yahoo, and Microsoft, that host or republish third party content from liability based on what the third party says or does on the service. Holding otherwise would cripple internet speech.
Section 230 immunity requires a three-part showing:
- The entity seeking immunity is a provider or user of an interactive computer service (ICS).
- The plaintiff’s claim treats the entity seeking immunity as the publisher or speaker of the harmful information.
- The information at issue was provided by another content provider.
Satisfying those three elements immunizes the defendant from suit, although the author of the offensive content could still be held liable.
In Miller, the court determined 500 Festival and FedEx were both ICS providers because they enabled computer access for multiple users on their respective computer networks to access the Internet by means of the servers on each network. In doing so, the court cited a few cases where employers were sued for online employee misconduct including: Delfino v. Agilent Technologies, Inc., 52 Cap.Rptr.3d 376 (Ca. Ct. App. 2006) (finding the employer was an ICS in suit against employer claiming an employee the employer claiming an employee sent them threatening emails and messages posted to online bulletin boards using the employer’s internet service connection); and Lansing v. Sw. Airlines Co., 980 N.E.2d 630, 631 (Ill. App. Co. 2012) (finding the employer was an ICS in suit for negligent supervision over an employee who sent threatening messages).
The next element provides that the CDA only protects an ICS provider from claims that seek to hold it liable as a publisher. The court found that the Millers were indeed seeking to hold 500 Festivals and FedEx liable as publishers of the defamatory content (as opposed to the Lansing case where the claim was for negligent supervision and not publication). The court found that in suing 500 Festival and FedEx for defamation and intentional infliction of emotional distress that the Millers were certainly seeking to hold both employers as the publishers of the allegedly defamatory posts.
Lastly, the CDA only protects an ICS provider from information provided by someone else. The evidence clearly established that the problematic online posts came from an unknown FedEx user and from an employee of 500 Festival.
Finding the employers satisfied all three elements of Section 230, the court affirmed the trial court’s summary judgment dismissal and sent a message to the Millers to Give It Up.
Employers can try, but they will never be able to control what employees say using the employer’s internet service. The good news for employers is that Section 230 provides immunity for employers for suits that grow out of defamatory online speech made through their computers. But, Don’t Cha Know, it is not a Perfect World, and even with Section 230 immunity, it is important for employers to make sure that their social media or computer usage policies provide sufficient guidance to employees as to what is acceptable online speech that may be made through their computers and what is not. Employers should also be wary of the Lansing opinion, which gives those harmed by defamatory speech a vehicle to go after employers who know their employees are making defamatory statements through use of their computers and do nothing to stop it. While I Want to Make the World Turn Around for employers on these types of liability issues, the law is what the law is. The best practice for an employer is to have proper social media and computer usage policies, train employees on them, and if an employee violates either one, proceed with proper responsive discipline.