Home / Legal News / Employer had no duty to monitor computers

Employer had no duty to monitor computers

In the first Wisconsin Court of Appeals opinion to address a defendant’s duty of care since two Supreme Court opinions on the issue were released on July 9, the court expressed bewilderment as to what standard to apply.

“[G]iven recent guidance from our supreme court, it is unclear how we are to set forth our analysis,” began Judge Michael W. Hoover, writing for the court.

Ultimately, though, the court decided that, whatever analysis it employs, the result is the same — an employer was not liable for an employee’s misuse of a computer at work to invade the privacy of female employees of another company.

Securitas Security Services USA, Inc. provided security services to Polaris Industries, Inc. Polaris employees wore photo identification badges created by Securitas. Securitas employees used a computer owned and monitored by Polaris, and the computer had a program that prevented access to inappropriate Internet sites.

Troy Schmidt, a Securitas employee, copied photographs of approximately 30 female Polaris employees to a flash drive, printed the photographs at home, masturbated over them, and then posted pictures of the adulterated photos on adult Web sites he created on Yahoo!.

When Schmidt’s activities were discovered, he was terminated, but several employees of Polaris brought suit against Schmidt and Securitas.

After a bench trial, Securitas was found liable for negligent training and supervision, and the employees were awarded a total of $1.4 million.

Securitas appealed, and the Court of Appeals reversed.

The court set forth two possibilities for its review of the case: (1) evaluate whether Securitas had a duty under the circumstances of this case, citing Hocking v. City of Dodgeville, 2009 WI 70, 768 N.W.2d 552; or (2) consider whether Securitas’s actions constituted a breach of the duty of ordinary care, citing Behrendt v. Gulf Underwriters Insurance Co., 2009 WI 71, 768 N.W.2d 568.

But the court concluded that it did not matter which approach it used, because the result would be the same.

“A conclusion of no negligence under the first approach requires that we determine the defendant was not required to act, while under the second it requires that we determine there was no breach for failing to act because the defendant was not required to act (emphasis added by court).”

Rather than look to either of the July 9 Supreme Court opinions, the court looked instead to an earlier negligent supervision case, Sigler v. Kobinsky, 2008 WI App 183, 314 Wis.2d 784, 762 N.W.2d 706.

In Sigler, as in the case at bar, an employee used his work computer to harass the plaintiffs, who argued that the employer should have monitored his computer use to prevent him from causing them harm.

But the Court of Appeals held the employer owed them no duty of care, “[b]ecause it was not reasonably foreseeable that permitting employees to have unsupervised access to the Internet would probably result in harm to some person or some thing.”

Similarly, the court found that it was not foreseeable to Securitas that Schmidt would do what he did.

“It was not reasonably foreseeable that Securitas’s conduct would probably result in harm to some person or some thing. There is nothing inherently dangerous about permitting employees to access the Internet at work.”

The court further noted that the computer was owned, maintained, and monitored, not by Securitas, but by Polaris. Furthermore, even if Securitas did monitor Schmidt’s activities, it would not be likely to have noticed anything amiss, because it was part of Schmidt’s job to copy and transfer photographs of Polaris employees.

Finally, the court concluded, as it did in Sigler, that public policy concerns preclude liability, finding that the injuries were too remote from the alleged negligence, and that allowing recovery would have no sensible or just stopping point.

“It would be an understatement to say Schmidt’s actions were bizarre and unexpected. Schmidt’s actions were unimaginable. … [E]mployers have no duty to supervise employees’ private conduct or to persistently scan the world wide web to ferret out potential employee misconduct.”

Appeal planned

Carol S. Dittmar, who represented some of the Polaris employees, said that she will be seeking Supreme Court review.

“This is a very narrow interpretation of public policy,” she said. “Employers need to be more attuned to the electronic age, and what can be done. I hope to convince the Wisconsin Supreme Court of this.”

But Susan G. Schellinger, who represented Securitas, questioned what duty it could have breached.

Noting that Securitas screened their employees before hiring them, had Internet and harassment policies in place, did not provide access to confidential information about employees and had software blocking in place on the computer, she said, “it was never really articulated what the duty was that Securitas supposedly breached.”

“Here, there was no duty unless it was foreseeable that the employee would do what he did. It was not hard to argue that it was not foreseeable that someone would do this. Nor was it clear what Securitas could have done differently. He did what he did in his own home on his own computer.”


The case is not significant as an expansion of the holding in Sigler. If anything, the case against liability is stronger here.

In Sigler, it was at least possible for the employer to have prevented its employee from using his computer at work to harass the plaintiffs. The plaintiffs alleged that the sheer volume of time the employee spent harassing them while at work should have been noticeable in the form of low productivity. In addition, the employer provided and monitored the computer.

In the case at bar, however, it was not Schmidt’s employer that owned, maintained and monitored the computer, but Polaris. The court also found that monitoring the computer would not have revealed anything out of the ordinary.

Nevertheless, the case is significant as the first Court of Appeals case to attempt to grapple with the recent Supreme Court opinions in Hocking and Behrendt.

Essentially, the opinion requires parties and lower courts to undertake the same bifurcated analysis that the court did here: address the issue of foreseeability in the context of both scope of duty and breach of duty.

The problem with this approach is that the Supreme Court in Behrendt expressly said foreseeability is not part of the duty analysis.

Quoting Restatement (Third) of Torts, Liability for Physical Harm, sec. 7(a), comment j, with approval, the court emphasized, “A lack of foreseeable risk in a specific case may be a basis for a no-breach determination, but such a ruling is not a no-duty determination.”

In light of the opinion in the case at bar though, attorneys would be well-advised, at least in District III, to be prepared to argue foreseeability within the context of the defendant’s scope of duty, as well as within the context of breach.


  1. Given that this sort of thing is in the news on an almost weekly basis, maybe it will become more “forseeable” to our appellate court judges in the future?

  2. I agree with the court’s decision. Securitas could not predict the unlawful use of workplace computers by its employee. Moreover, if there is a negligence claim, that claim should be filled against Pollaris as they are responsible of monitoring their own computers to prevent access to confidential materials.

Leave a Reply

Your email address will not be published. Required fields are marked *