Porn free

Do you remember the last time you carried out a computer audit? Notice of such an audit to employees is likely to free up valuable disk space as they discard chunks of stored data in a panic, which may be of a personal nature. A regular audit practice may also suppress or eradicate unlawful activity on your equipment.
Why worry? There are at least three reasons: corporate liability for employees' actions; damage to reputation with adverse media coverage from 'unpleasant' activities and eventual sackings; and last, but not least, the potential loss of key and valuable employees resulting from any necessary sackings. All of these conspire to create an anaemic financial outlook.
Employee activities that may result in liability for an employer include sexual or racial harassment through abusive emails, such as the US cases involving Citibank, Nissan, Chevron and Solomon Smith Barney; or sexual harassment through the viewing of obscene images in the presence of women, such as in the case of Future Reality. Since the suspended sentence metered out to the managing director of CompuServe in Germany by the German courts for not having better safeguards in place to prevent the traffic of pornographic images through its system by users, an employer may not wish to be too complacent about any pornographic traffic through its systems.
Those which may result in adverse publicity include using chatrooms to meet minors, such as in the case of Patrick Naughton, head of technology at Infoseek, an internet company part owned by Disney, who was arrested and charged in an elaborate sting in which an FBI agent posed as a 13-year-old girl. Naughton's arrest had other knock-on effects for Disney, including prompting it to postpone a much-vaunted promotion of its services on the web until after Naughton was brought to trial.
Those involving the loss of valuable employees include the case of Andrew Croft, sacked by East Anglian law firm Birketts, where he was employed as an IT manager, when the firm discovered that he was running a website promoting child pornography on its computing system during work time, earning himself tens of thousands of pounds in the process.
They also include the sackings by Dow Chemical of 24 employees for allegedly storing and sending sexual or violent images on company equipment, with disciplinary measures taken against a further 235 employees. Cable & Wireless, Orange, Xerox, Amlin and Zurich Financial Services and many other companies have experienced issues with employees sending and receiving obscene or distasteful images on their systems.
Australian email specialist Content Technologies, suggests that up to 80 per cent of business email data transmissions consist of pornography and other inappropriate images. This article will consider some of the issues involved in an employee using their employer's equipment for downloading, storing and distributing adult or child pornographic images, and action which an employer may take to minimise any such activity or to deal with employees who are discovered to be involved in such activities.
Essentially, the access of adult sites for one's own personal use is not in itself a criminal offence. However, when adult pornographic material is attached to an email and sent to another person, whether or not for personal gain and whether a work colleague or otherwise, then it becomes a criminal offence under the Obscene Publications Act 1959, punishable by prison or a fine. It is also an offence under s43 of the Telecommunications Act 1984, punishable with up to six months imprisonment or a fine, to send through a public telecommunications system a message or other matter that is grossly offensive or of an indecent, obscene or menacing character.
Child pornography is different in that mere possession, whether or not for the purposes of gain, of a pornographic image is a criminal offence (s160 of the Criminal Justice Act 1988), as is keeping such images with a view to distributing or showing them to others (s1 of the Protection of Children Act 1978 (PCA)). In their defence, an employee can show that they had not seen the photo and did not know or have any cause to suspect it to be indecent, or that the photo was sent to the receiver without any prior request by or on their behalf, and that they did not keep it for an unreasonable time. Downloading of images from sites, even from outside the UK, will fall within the offence (R v Bowden 2000).
It is debatable whether this offence has the potential to impact on an employer where it is in possession of child pornographic images. It may be liable if such possession is with its consent, connivance or neglect on the part of any director, manager, secretary or other officer.
Can an employer be considered, by not monitoring such activity, to be in possession of such images by neglect? As yet, there have not been any cases of prosecutions under the PCA where such images exist on an employer's equipment, so this area is largely untested, but it remains a theoretical possibility.
So what can an employer do to protect itself? There are software programmes available to sniff out pornographic images on an employer's equipment, such as PornSweeper, developed by Content Technologies, or the Vogon Computer Forensic System, proprietory software of Vogon International.
For a wider sweep to monitor how much time users spend on the web, what websites they are accessing, whether they are downloading software, how many emails they send and the size of the files, then Webspy.com has a product called Webspy Analyzer Suite, the use of which is unrestricted in terms of the numbers of users. This system allows a monitor to set up triggers so that it knows immediately when an individual has accessed a prohibited website, downloaded prohibited software and so on.
Of course, all of this gathering and monitoring of evidence is useless without an appropriate IT policy informing staff of where an employer draws the line between acceptable and unacceptable use. In cases involving pornographic material, it is likely that an employer may be able to dismiss an employee for gross misconduct fairly, after going through a proper disciplinary procedure, informing them of the evidence in advance, arranging a meeting on adequate notice and permitting them to be accompanied by a work colleague.
In the majority of the spate of cases over the past three years, sackings for gross misconduct where IT policies were in place were held to be fair, and those without were held to be unfair. There were some exceptions, but any prudent employer would be keen to dust off its policy to ensure that it is current and covers the areas that it considers to be out of bounds, such as access to pornographic sites and chatrooms.
Is it easy for an employer to monitor its equipment at will? Monitoring for the effective operation of an employer's systems – for example, the prevention of viruses – is permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (Regulations). Monitoring to prevent and detect criminal activity is permitted by these regulations and by the Human Rights Act 1998.
This is not the whole story, however. The Data Protection Act 1998 (DPA) also has something to say on the matter. The Information Commissioner published a draft code under the DPA, some of which relates to monitoring communications, which is expected to come into force later this year or early next year.
The draft code contains guidance for those wishing to monitor for the prevention of crime and requires careful thought of the parameters of any such monitoring. As any breach of the DPA may result in fines, it would be useful to pay attention to the content of the draft code relating to monitoring in any IT policy.
Employers would do well to double-check their IT policies to ensure they are up to date and consider whether they wish to perform a computer audit, not least of which will be to monitor for pornographic activity. Turning a blind eye in an age where sniffer programmes are readily available at reasonable prices may not be an excuse to avoiding liability.
Jessica Learmond-Criqui is a partner and head of the employment, pensions, immigration and benefits department at Altheimer & Gray