Employer not liable for computer misuse

Listen to this article

Merely giving an employee access to a computer doesn’t render the employer liable if he uses it for harassment.

In a Nov. 6 opinion, the Wisconsin Court of Appeals held that summary judgment was properly granted to the employer on a victim’s negligent supervision claim.

David L. & Patricia A. Sigler, and Thomas L. Kobinsky, got into a dispute after Kobinsky allowed his child to urinate in the Siglers’ yard. Kubinsky was employed by CUNA Mutual Insurance Company.

After the incident, Kubinsky used his computer at work to harass the Siglers by, among other things, signing them up for subscriptions and making commitments on their behalf.

The Siglers sued both Kobinsky and CUNA, alleging negligent supervision of Kobinsky.

Dane County Circuit Court Judge C. William Foust granted summary judgment on behalf of CUNA.

Duty of Care

The Siglers appealed, but the Court of Appeals affirmed in a decision by Judge Charles P. Dykman, concluding that CUNA did not owe a duty of care to the Siglers.

The court concluded that the Siglers’ complaint failed to allege facts showing that CUNA should have foreseen that injury was probable from its failure to monitor its employees’ use of the computer.

“[T]he Siglers’ complaint only alleged that CUNA provided Kobinsky with access to a computer and the [I]nternet, and that company policies prohibited personal use of computer resources,” Judge Dykman wrote. “Because it was not reasonably foreseeable that permitting employees to have unsupervised access to the [I]nternet would probably result in an unnecessary risk of harm to some person or some thing, the Siglers have failed to allege facts showing that CUNA had a duty of care.”

Public Policy

The court also concluded that public policy factors precluded liability, for two reasons: the injuries were too remote from the negligence; and allowing recovery would have no sensible or just stopping point.

Addressing the first factor, the court concluded, “The actions of Kobinsky were bizarre and unexpected. CUNA had no relationship with the Siglers and all the information Kobinsky obtained was found on public websites. While the Siglers suffered harm as a result of Kobinsky’s actions, Kobinsky could have obtained the personal identification information about the Siglers with or without the use of CUNA’s computer.”

Addressing the second factor, the court concluded that permitting liability would turn all employers into guarantors or insurers of their employees’ conduct.

Analysis

The ultimate result in the case is correct, but the methodology is problematic.

Rather than finding a lack of duty on the employer’s part, and finding that public policy precluded liability, a simple finding of lack of causation would seem to be the simplest way to have to decided the case.

In the court’s public policy analysis, it finds the injury was too remote from any negligence, because “Kobinsky could have obtained the personal identification information about the Siglers with or without the use of CUNA’s computer.”

In other words, everything Kobinsky did, he could have done just as easily at home from his personal computer.

This fact militates more towards summary judgment on causation grounds, without resort to the more-complex analyses of whether a duty was present, and whether public policy should preclude suit.

Regardless of the methodology, however, the opinion ultimately stands for a rather modest proposition — when an employer does no more than provide an employee a computer with Internet access, it is not liable for whatever misuse he may make of the computer.

For guidance in future cases alleging negligent supervision, attorneys should look to a case at the opposite end of the spectrum — a 2003 unpublished opinion, Fun-World 2, L.L.C., v. Konopka, No. 02-2859 (Wis.Ct.App., Aug. 26, 2003).

Konopka was the systems administrator for an Internet service provider (ISP), and was also a convicted felon and notorious computer hacker known as “Dr. Chaos.”

The employer performed no background checks on employees, and did not monitor what employees and non-employees did on its premises after business hours. Konopka often hosted after-hour hacking parties.

One of Konopka’s victims brought suit against the employer, alleging negligent supervision, but the trial court granted summary judgment, on the policy ground that permitting liability would have no sensible or just stopping point. However, the Court of Appeals reversed.

The employer, as in the case at bar, argued it had no duty to supervise Konopka, but the court summarily rejected the argument. Fun-World 2, at par. 57.

Instead, the court focused on whether the employer breached its duty, and whether that breach was a cause of the plaintiff’s injuries. On those issues, the court concluded summary judgment was improper, and the jury should decide them.

The court also rejected the trial court’s public policy holding, concluding that the issues and facts were too complex for resolution on policy grounds at the summary judgment stage.

Fun-World 2 may be unpublished, but, combined with the case at bar, the two would seem to mark the extreme ends of the continuum when considering future cases alleging negligent supervision of employees who use their computers at work for mischief.

In the case at bar, as the court noted, the employer did nothing more than give an employee a computer and access to the same Internet he could access anywhere. If the employer here could be found liable, all employers could be.

In contrast, in Fun-World 2, the employer was an ISP which hired, and gave free rein to, an employee that the trial court described as, “a deranged criminal who commits any number of different kinds of criminal activity for his own purpose and amusement.” Id., at par. 6, fn. 8.

Most cases alleging that negligent supervision resulted in an employee causing injury by use of a computer should fall somewhere between these two extremes.

In an interview, Madison attorney G. Brian Brophy, who represented the Siglers, emphasized the lack of any history of criminal activity by Kobinsky as the fatal flaw in his clients’ case.

Brophy argued to the court that the sheer volume of time that Kobinsky spent at work harassing the Siglers resulted in a lack of productivity that should have been noticeable to any reasonably diligent employer.

However, while the reputation and criminal record of “Dr. Chaos” made his actions clearly foreseeable, Brophy said, the court did not find the total lack of productivity on Kobinsky’s part sufficient to create foreseeability.