Employers: You May Be Eligible for Immunity Under the Communications Decency Act
By James Kachmar
A California appellate court affirmed last month that an employer is entitled to immunity from tort liability for threatening emails sent on or through the employer’s internet/email system by one of its employees. On December 14, 2006, the Sixth Appellate District in the case Delfino v. Agilent Technologies, Inc., 2006 WL3635399, affirmed summary judgment in Agilent’s favor finding that Agilent, as an employer, was immune from tort liability under the Communications Decency Act of 1996 (“CDA”) for threatening emails sent and posted by one of its employees. This case, apparently one of first impression, extended the immunity protections of the CDA to cover corporate employers who provide their employees with internet access through internal computer systems. Employers thus have additional protection from claims that their employees have used the employer’s computer system to commit torts against third persons.
In Delfino, Plaintiffs Michelangelo Delfino and Mary E. Day claimed that an Agilent employee, Cameron Moore, sent a number of anonymous threats over the internet and that he used Agilent’s computer system to send and post these threats. Plaintiffs also alleged that Agilent was aware that Moore was using Agilent’s computer system to threaten plaintiffs but took no action to prevent its employee from continuing to make these threats. Moore’s threats against plaintiffs were allegedly sent in email messages directly to plaintiffs or were contained in messages posted on a Yahoo message board. Plaintiffs sued Moore and Agilent for intentional infliction of emotional distress and negligent infliction of emotional distress. 
Agilent moved for summary judgment, which was granted by the trial court on March 18, 2005, on the ground that it was immune from liability under 47 U.S.C. § 230(c)(1), one provision of the CDA. The plaintiffs appealed the summary judgment asserting that Agilent was not immune from suit under the CDA and had failed to take measures to protect plaintiffs from its employee’s threatening communications.
The Delfino Court looked to the language of § 230(c)(1), which provides in pertinent part, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” The CDA preempts any state law causes of action (such as negligence) that are inconsistent with the CDA: “No cause of action may be brought and no liability may be imposed under any state or local law that is inconsistent with this section.” (47 U.S.C. § 230(e)(3).)
Agilent argued that CDA immunity applied to the plaintiffs’ claims because sought to impose derivative liability against Agilent for its employee’s internet communications. Agilent argued that it was immune since it was simply a provider of an interactive computer service, i.e. the computer network provided to its employees for work purposes.
The CDA was enacted in 1996 with the “primary goal . . . to control the exposure of minors to indecent material” over the internet. The Delfino Court recognized that “an important purpose of [the CDA] was to encourage [internet] service providers to self regulate the dissemination of offensive materials over their services.” (citing Zeran v. America OnLine, Inc. (4th Cir. 1997) 129 F.3d 327, 331, cert. denied (1998) 524 U.S. 937.) The Delfino Court also noted that a second goal of the CDA was to avoid the chilling effect upon internet free speech that would be occasioned by imposing tort liability upon companies that do not create harmful messages, but rather, are intermediaries for their delivery. Thus, CDA immunity is available to an interactive computer service provider or user who undertakes good faith efforts to restrict access to objectionable material.
The Delfino court recognized that for immunity to apply, Agilent had to establish three elements: “(1) the defendant [is] a provider or user of an interactive computer service; (2) the cause of action treats the defendant as a publisher or speaker of information; and (3) the information at issue [is] provided by another information content provider.” (Citing Gentry v. eBay, Inc. (2002) 99 Cal.App.4th 816, 830.)
It is this first element, whether Agilent was “a provider or user of an interactive computer service,” that the case hinges upon. The Delfino Court reasoned that “[c]ourts have noted that the CDA has interpreted the term ‘interactive computer service’ broadly.” Although the Delfino court was not aware of any case that had held that a corporate employer could be a provider of interactive services for CDA immunity purposes, the Court cited several legal commentators who had observed that an employer who provides its employees with internet access through a company’s internal computer system should be entitled to CDA immunity. The Court recognized that, given the advances over the last ten years, “internet resources and access are sufficiently important to many corporations and other employers that those employers link their office computer networks to the internet and provide employees with direct or modem access to the office network (and thus to the internet).”
The Court also found that Agilent met the definition of the term “interactive computer service” as defined in section 230(f)(2) because it provided or enable “computer access by multiple users [i.e., Agilent employees] to a computer server.” Thus, in light of the broad definition under the CDA, the Delfino Court concluded that “Agilent was a provider of interactive computer services.”
The Court then turned to the second element, whether “the cause of action treated the defendant Agilent as a publisher or speaker of information.” Plaintiffs contended Agilent knew that (1) Moore was sending threatening messages; and (2) that he was using Agilent’s computer system to do so. Agilent submitted undisputed evidence in support of its motion to rebut these allegations. The Court reasoned that plaintiffs were essentially alleging that as Moore’s employer, Agilent should be treated “as a publisher or speaker” of Moore’s messages. The court recognized that, although many CDA immunity cases had been limited only to defamatory causes of action, “it is clear that immunity under section 230 is not so limited.” Given that plaintiff sought to impose negligence liability against Agilent as a result of its employee’s threatening messages, the Court concluded “that the claims against Agilent treated it ‘as a publisher or speaker’ . . . of Moore’s messages and that plaintiffs claims were among those to which immunity under the CDA potentially applies.”
Finally, the Court reached the third element, whether “the information at issue [was] provided by another information content provider.” The Court found that Moore was undoubtedly the party who authored the offensive emails and postings and that “there was no evidence that Agilent played any role whatsoever in the ‘creation or development’ of those messages.” The Delfino Court concluded that the trial court had properly found that Agilent was entitled to immunity under the CDA and summary judgment was properly granted.
Although employers are entitled to immunity under the CDA, employers must remain vigilant as to their employees’ use of the employer’s computer system. Immunity under the CDA is only available provided the employer has taken action in good faith to prevent or restrict objectionable materials from its computer system. In Delfino, Agilent quickly investigated and took appropriate actions against its employee, including a reprimand, once it learned of Plaintiffs’ claims. Agilent further cooperated with the FBI in its investigation into Moore’s threats. Thus, it is clear under Delfino that an employer may not be eligible for immunity should it turn a blind eye to its employee’s misuse of its computer system.