Employer Isn’t Liable for Employee Misuse of the Internet–Maypark v. Securitas

By Eric Goldman

Maypark v. Securitas Security Services USA, Inc., 2009 WL 2750994 (Wis. App. Ct. Sept. 1, 2009)

As part of my efforts to keep up with new cyberlaw developments, I read a lot of cases involving yucky facts. But even with my constitution hardened over time, occasionally I still find some cases that really gross me out. So for this case, I’m just going to quote the key factual sentences from the court’s opinion:

“At some point, Schmidt copied the photographs of approximately thirty female employees to a flash drive. He printed the photographs at home, ejaculated on them, and posted pictures of the adulterated photos on adult websites he created on Yahoo!.” He made these postings without using the company’s connectivity.

Schmidt was the employee of a third party vendor that provided security for a Wisconsin manufacturer’s facility. The affected manufacturer’s employees sued the security vendor for negligent training and supervision. In the trial court, the employees got total damages of $1.4M.

The appellate court reversed this ruling and held that Schmidt’s employer was not negligent as a matter of law because Schmidt’s misconduct wasn’t foreseeable. Implicitly, the court rejects the argument that merely providing Internet access to employees, without more, constitutes per se negligent supervision or training. As the court says, “There is nothing inherently dangerous about permitting employees to access the internet at work.”

The court goes on to say that public policy limits the employer’s exposure to damages here. First, as the court says, “It would be an understatement to say Schmidt’s actions were bizarre and unexpected. Schmidt’s actions were unimaginable.” Second, “employers have no duty to supervise employees’ private conduct or to persistently scan the world wide web to ferret out potential employee misconduct.”

This case reminded me a little of Delfino v. Aglient, where an employer avoided liability for an employee’s rogue Internet activities on 47 USC 230 grounds. I never felt comfortable with 47 USC 230 applied to employer-employee relationships, but I liked that it offered an easy and decisive limiting doctrine to cut off employer liability for bizarre employee Internet conduct (otherwise, we get $1.4M judgments at the trial court level). In the Maypark case, I like how the appellate court anchored its reasoning, in part, on public policy grounds without getting into ambiguous statutory grounds like 230. I found the last statement I quoted (“employers have no duty…to persistently scan the world wide web to ferret out potential employee misconduct”) especially apropos.