Zoombombing, Sexting and Revenge Porn, Oh My!
A highlight of some risks employers may face from their employees using Zoom, sexting on a company-issued device or using the device to share intimate photos.
June 10, 2020 at 01:00 PM
8 minute read
The world today is increasingly dominated by electronic interface—snap this, text that, selfies everywhere and now Zoom, which is taking over many of our private and business communications. This article highlights some risks employers may face from their employees using Zoom, sexting on a company-issued device or using the device to share intimate photos.
Many organizations are put in peril by employees who share intimate images of themselves. My clients' workforces often consist of five generations of employees: Traditionalists (1925-1946), Baby Boomers (1946-1964), Generation X (1964-1981), Millennials or Generation Y (1982-1995) and Generation Z (born after 1995). I worry less about the Traditionalists and Baby Boomers engaging in revenge porn or sexting; they generally prefer to communicate orally and tend to be less dependent on the Internet. Generations X, Y and Z pose the deepest threat.
When Justice Potter Stewart said, "I know it when I see it" decades ago, he couldn't have predicted the weaponization of easily shared titillating messages or lewd images captured on phones that we see today. From hacking to sexting to revenge porn, the vernacular for improper workplace communication is evolving.
Sexting
If you consider this lewd conduct to be more of an adolescent crisis, think again. Sexting, which is sharing sexually explicit photos, images or messages, typically from a mobile phone or tablet, is not just something teens do; the number of adults sharing graphic photos has soared. If the FBI has confronted disciplinary problems involving employees sexting and a former member of Congress went to jail for sexting with a minor, you can be assured it is very likely that your employees are engaging in sexting and exposing your organization to risk and liability.
Does your organization supply cell phones, tablets or other devices on which lewd images can be uploaded? Could a manager use one to send an unwelcome intimate image of himself to his assistant? Could an employee in a consensual relationship with a coworker use the device to send intimate images to others after the relationship ends? If so, the claims can begin to mount.
To mitigate the risks, it is crucial to establish and communicate a clear policy that company-issued devices should be used only for company business and any use for improper purposes is prohibited.
When a claim is made, how your organization handles the complaint matters. The investigation must be swift and comprehensive, as should the discipline and consequences. The section in your organization's employment handbook addressing harassment is a good place to start in evaluating the conduct and consequences. Does your handbook have a social media policy? It should, and it should be regularly updated to match the pace of evolving technology.
Claims involving sexting by employees may include sexual harassment, hostile work environment and intentional infliction of emotional distress. Intimate image laws may be triggered if an image is sent from a company-owned device, leading to additional claims against the company that can result in injunctive relief, punitive damages, compensatory damages, court costs and attorney fees. The reputational damages are incalculable.
Revenge Porn
Justice Stewart would have had a hard time imagining "revenge porn," which in its broadest sense is sharing, disseminating or distributing intimate or sexually explicit images or videos without the pictured individual's consent. It is now common enough that there is a Wikipedia page for it. Predictably, as the sharing of intimate images among those who are at least arguably consenting has increased, so too has the publication of graphic images without the subject's permission.
There are currently no prohibitions against consenting adults sharing intimate images voluntarily. However, when the recipient shares an image with a third party or posts it on social media without the sender's consent with the intent to harm or humiliate the sender, or for pecuniary gain, the laws addressing revenge pornography or intimate images are triggered. An organization with operations in multiple jurisdictions needs to carefully review the civil and penal codes regarding this conduct to understand what penalties and remedies are available. While the organization may not have exposure, the potential reputational damage if an employee is sued or prosecuted creates unwelcome consequences.
In addition to traditional civil suits for intentional infliction of emotional distress, in most states (except Mississippi, South Carolina and Wyoming) individuals may face penalties under civil and/or penal legislation that makes sharing an intimate image unlawful. In some jurisdictions it is a felony. And certain localities have also passed laws that may impact employers if their employees engage in this conduct using company-issued devices.
For example, under New York City's Administrative Code, "it is unlawful for an individual who gains possession of, or access to, an intimate image from a depicted individual to disclose that intimate image, without the depicted individual's consent, with the intent to cause economic, physical or substantial emotional harm…where such depicted individual is or would be identifiable to another individual." NYC Admin. Code § 10-177(b)(1). The courts have construed this statute to apply to the individual who receives the intimate image and then sends it to a third party, not to anyone who receives or views it indirectly.
The Code provides a civil remedy against "the individual who violated that subdivision." NYC Admin. Code § 10-177(d). As codified and interpreted by the New York Supreme Court, this statute does not apply beyond the sender and covered recipient; once the image is shared with third parties, the statute does not apply. If an employee uses a company device to send an intimate image in violation of this statute, the employee has individual liability. However, plaintiffs may argue that the employer also has exposure under the theory of respondeat superior because the master is responsible for the acts of its agent. Plaintiffs will have difficulty demonstrating by competent evidence that an act of revenge porn was performed within the scope of an employee's employment, but we expect they will try.
Zoombombing
Zoom has become a prominent tool for group communications, especially over distance. As shelter-in-place orders rolled out across the United States, businesses, schools and governments scrambled to identify platforms for remote learning and business meetings, and some looked to use the free app Zoom. Finding comfort in connecting live was refreshing until Zoombombing entered the picture—literally.
While there have been many hotly debated questions about security and privacy issues when using Zoom, and Zoom has quickly addressed many of them, the problem of Zoombombing is still a risk. Zoombombing, first reported in March 2020, occurs when a participant enters a Zoom meeting to hijack it, often with offensive, graphic, obscene or lewd visual content or verbal content that is typically littered with profanity and hateful rants. The FBI has issued warnings about using the app, and the Canadian, Taiwanese, Australian and German governments and many private-sector companies have prohibited its use. The Sergeant at Arms of the U.S. Senate sent an advisory warning senators against using the app. Schools implemented security measures to ensure a safe remote learning experience for students, only to abandon the app, given the growing complaints and explosion of lawsuits being filed against Zoom.
While the warnings are abundant, there are ways to avoid Zoombombing in a private setting, including password-protecting the session and using other security measures, but if these features are misused or the passwords are published on social media, they will not be effective. Organizations that make Zoom sessions publicly available or do not properly secure them create potential exposure. One easy target is the weekly check-in Zoom meeting for those working remotely. A social media posting invites staff to join and get an update, and the meeting is Zoombombed by an interloper spewing racist rants or pornographic content.
In the current environment, you need to be hypervigilant about the technology your employees use to work remotely. Exposing them to pornographic or racist content when you knew about the risk of Zoombombing is a Pandora's box of awful. The argument will be that it is no different than posting that content in the employee breakroom, that you knew or should have known and failed to take appropriate action to ensure a safe work environment. Criminal penalties are already being pursued against Zoombombers. For example, a Connecticut teen was arrested and charged for making lewd and obscene gestures while Zoombombing a meeting held by his high school. Federal and state law enforcement authorities are actively investigating these matters, with the stated intent to prosecute Zoombombing hackers.
Conclusion
While employees do enjoy certain privacy rights, you need to be cautious in selecting the software platforms they use and restricting the content that can reside on company-owned devices. Employees need to understand and acknowledge in writing that they are aware that any type of inappropriate conduct/content on company devices violates company policies. Repeat it often and be sure you are fully familiar with the laws that govern in the jurisdictions where your employees are located.
Rebecca Brazzano is a partner in Thompson Hine's business litigation practice in New York.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllConsidering the Implications of the 2024 Presidential Election for Jurors in White Collar Cases
8 minute readDistressed M&A: Mass Torts, Bankruptcy and Furthering the Search for Consensus: Another Purdue Decision
Law Firms Mentioned
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250