E-commerce. It’s the business
buzzword that is bridging the millennium. But as the pace of change continues
to quicken, the electronic revolution is not without its problems for
employers. Through a series of light-hearted but real-life scenarios, Colin
Tweedie looks at some of the serious issues that can arise
Alan and Bob are employed by CyberCo and send e-mails to each other relaying
jokes about fellow employee Dougie’s Scottish background. Dougie is copied in
and Alan and Bob assume he finds it funny, but he takes offence. The e-mails
are all derogatory of Scots and one in particular contains a reference to
Dougie, suggesting he is lazy and often drunk.
Colin Tweedie comments: Alan and Bob’s comments may have seemed like
harmless fun at the time but they are in danger of "cyberlibelling"
Dougie by suggesting he is lazy and often drunk. Cyberlibel is a relatively new
phenomenon which is set to multiply in line with the number of people using
e-mail. E-mail communications have the potential to open up a worldwide
audience of hundreds of millions at the push of a button and so there is
greater risk of liability for Alan, Bob and anyone else committing cyberlibel.
Liability in this case does not, however, stop with Alan and Bob. They were
sending the e-mails during working time, and therefore CyberCo could
technically be held liable by virtue of vicarious liability. Even if they were
acting outside the course of their employment, CyberCo may also be liable as
"publisher". CyberCo is responsible for providing Alan and Bob with
an e-mail system and access to the Internet. CyberCo also has a duty of care to
protect staff from harassment.
For employers with a recognised e-mail policy, the "Internet
defence" under section 1 of the Defamation Act 1996 does provide a defence
if they were not the author or editor, took reasonable care to prevent a libel
or did not know that what they did caused or contributed to the publication of
a defamatory statement.
Every day at work, Alan and Bob spend time surfing the Internet, downloading
jokes and animated cartoons which they attach to e-mails and forward to Dougie.
Colin Tweedie comments: Alan and Bob’s "extra-curricular"
activity is not unique. In fact more and more staff are surfing the Net at
their employers’ expense – booking holidays, for example – and this particular
problem raises a number of important issues for employers to address.
First, there is the question of degree in terms of what material employees
are looking at, and for how long.
Second, opening the computer networks for Internet connection or
unauthorised surfing of the Net makes companies more exposed to hacking and to
computer virus attacks which can lead to theft, destruction or alteration of
important and confidential data. Because of the dangers associated with
surfing, employers need to make a concerted effort to ensure that employees are
aware that extensive private use of company assets such as the Internet is not
permitted. To avoid any confusion, CyberCo should have drawn up a clear policy
outlining the permissible workplace uses of the e-mail and Internet.
Third, copyright exists in text, graphics, sound effects, music and
cartoons. By downloading material from the Internet where there is no express
or implied permission from the copyright owner and forwarding it to Dougie, Alan
and Bob have breached the copyright by transmitting the cartoons. A dedicated
policy would protect CyberCo from vicarious liability in this instance too.
The firm has an important customer, Impress, which employs Alan’s friend
Emma. Thinking Emma would enjoy a joke, Alan sends her an e-mail which reads:
"Hi Emma. I thought you might enjoy this one. Just click on the box and
watch what he does with the haggis! I’ll catch up with the gossip when I see
you on Thursday. Incidentally, there’s a rumour that my boss is leaving to join
local rivals – not official yet."
Inadvertently, Emma copies it to all Impress staff. The managing director of
Impress, Jock, a Scotsman, reads it.
Colin Tweedie comments: One grave anxiety about e-mails is the way they
can, particularly through attachments, import viruses into otherwise healthy
computer systems and cause havoc.
In this scenario, Alan is sending an attachment to Emma and she in turn has
opened an attachment sent from outside. Impress is unlikely to be impressed by
that, particularly if a virus was transmitted. Even though CyberCo was
oblivious to Alan’s antics, it is liable if a virus was transmitted and could
be considered negligent in allowing that to happen.
Although the publication of obscene material is a criminal offence, a recent
survey reported that more than half of the 805 employees questioned had
received obscene, sexist or otherwise inappropriate e-mail correspondence in
the last year.
If employers turn a blind eye to their staff transmitting obscene material,
they may risk being accused of aiding and abetting the crime although, here,
there is no evidence that CyberCo knew about Alan’s e-mail.
To address this problem and that of transmitting a virus, any e-mail policy
should emphasise the golden rule that attached files from outside are not
opened without being screened by the IT department.
Once again, CyberCo and Alan are both guilty in this scenario of copyright
infringement and, by repeating the rumour about his boss joining a rival firm,
Alan may also be in breach of confidentiality on the basis that the departure
of his boss could be confidential and not something that CyberCo would want one
of their customers to hear about.
The informality and simplicity with which e-mails can be sent, and the
material which can be copied and forwarded, is a major problem for all
employers and makes breach of confidentiality far more likely. It also
undermines the employer’s ability to protect its trade secrets and the
confidentiality of its information. In different circumstances, CyberCo could
also be liable if confidential information entrusted to it by a third party was
abused in the same way.
Finally, the e-mail sent around Impress could damage the customer
relationship as it shows a lack of professionalism as well as a lack of client
Meanwhile, CyberCo receives an invoice from a company for a subscription to
its web site. Apparently Bob entered the CyberCo’s name when asked for a password
to enter the site.
Colin Tweedie comments: CyberCo may not think it is legally required
to foot the bill. But staff have apparent authority to form contracts on behalf
of their employers provided an outside party reasonably believes they have that
As e-mails are generally identified as originating from a company, the
recipient will, in most cases, be acting reasonably in believing he is agreeing
a contract if he assumes that it is sent with the company’s authority. In this
case, Bob probably contracts with the outside company when he enters his
password to gain access to the web site and CyberCo is therefore obliged to pay
Dougie invokes the grievance procedure and says he is also consulting a
Colin Tweedie comments: Although he doesn’t say why he is invoking
the grievance procedure, Dougie could be alleging e-mail harassment or
"cyber-harassment" as it is becoming known.
Although cyber-harassment is a fairly recent development in this country, it
can lead to discrimination claims in relation to sex, race or disability.
Claims in the US have centred on the premise that offensive e-mails create a
hostile working environment. One could argue that Alan and Bob may not have
gone quite as far as creating a hostile working environment, but they may
nevertheless be guilty of direct race discrimination against Dougie.
Clearly, employers are under a duty to protect employees from harassment and
should have a policy against harassment. Employers who turn a blind eye to the
problem may face:
a) Liability for breach of that duty
b) Vicarious liability for the acts of employees abusing the
c) The potential for a constructive unfair dismissal claim, based on a
breach of mutual trust and confidence, if the employer fails to deal with the
Dougie also says he is visiting a lawyer, and this raises an important point
in relation to disclosure of information in litigation. Employers should
remember that a party to legal proceedings will be under a duty to hand over
all relevant documents, whether or not they are helpful to its case, including
any electronic records such as e-mails. They should also be careful when
choosing e-mail as a form of communication in relation to contentious material.
Colin Tweedie is an employment partner at Addleshaw Booth & Co
– With the growth of electronic communications, it is crucial that all
employers have a comprehensive e-mail/Internet policy in place.
– When implementing an e-mail policy, employers should ensure that it is
properly drawn up and communicated to all employees, specifying boundaries for
using the firm’s computer equipment as well as the penalties for breaching the
– The policy should clearly prohibit the distribution of defamatory,
abusive, sexist or racist messages as well as the downloading of offensive material.
The rules regarding on-line behaviour need to be set out too. Particularly
important is pointing out the perils of sending confidential messages by e-mail
or Internet, and the importance of having all file attachments checked for
computer viruses before opening to avoid importing viruses into the company’s
– The existence of such a policy, properly implemented, demonstrates that an
employer has taken reasonable care to prevent abuse and misuse of any
Internet/e-mail facilities and will ensure any problems such as those faced by
CyberCo can be resolved quickly and effectively.