Possessing or viewing child pornography is illegal under federal law. Therefore, if your company's employees use your company's computers and servers to possess child pornography, both the employee and your company could potentially face liability.
Question: During a routine company IT audit of our company's computer systems, we discovered that one of our employees had child pornography saved on his computer's hard drive. Our IT department reported this to us in HR as soon as they discovered it. We fired the employee for violating our computer policy but are we, as a company, also required to report the images and the employee to the authorities? We are in New York.
Answer: Possessing or viewing child pornography is illegal under both New York and federal law. Therefore, if your company's employees use your company's computers and servers to possess child pornography, both the employee and your company could potentially face liability.
There are three federal laws that govern child pornography: The PROTECT ACT of 2003, The Protection of Children from Sexual Predators Act of 1998 and 42 U.S.C. § 13031.
The PROTECT Act of 2003 makes it a federal crime to, among other things, possess or view child pornography, including internet pornography. See U.S.C.A. §§ 2252A, 2256(8)(B). The PROTECT Act provides a defendant who possessed less than three images of child pornography with an affirmative defense if they either (i) took reasonable steps to destroy each image; or (ii) reported the matter to a law enforcement agency and afforded that agency access to each image. U.S.C.A. § 2252A(d). As the computer used by the employee is company property, your company could be held criminally liable if it knowingly allows employees possess or view child pornography on their computers, storage devices and servers. The Company may also face liability if it chooses to destroy or instructs the employee to destroy the pornographic images if there are three or more images in their possession.
The Protection of Children From Sexual Predators Act of 1998 requires "electronic communication service" providers to report suspected violations of the PROTECT Act to the "Cyber Tip Line at the National Center for Missing and Exploited Children which shall forward that report to a law enforcement agency or agencies designated by the Attorney General." 42 U.S.C.A. §13032(b) (emphasis added). The Act subjects the provider to monetary sanctions for any knowing or willful failure to report such violations. 42 U.S.C.A. §13032(b)(4). The Act defines "electric communication service" to include "any service which provides to users thereof the ability to send or receive wire or electronic communications." 18 U.S.C.A. § 2510(15). Based on this, if your company provides and stores employee emails, it may be deemed to be an "electronic communication service". If it is, it would be subject to the reporting requirements of The Protection of Children from Sexual Predators Act.
Under 42 U.S.C. § 13031, your company will be required to report the employee and the images to the authorities if the company's business relates to the following professions: physicians, dentists, medical residents or interns, hospital personnel and administrators, nurses, health care practitioners, chiropractors, osteopaths, pharmacists, optometrists, podiatrists, emergency medical technicians, ambulance drivers, undertakers, coroners, medical examiners, alcohol or drug treatment personnel, and persons performing a healing role or practicing the healing arts; psychologists, psychiatrists, and mental health professionals; social workers, licenses or unlicensed marriage, family, and individual counselors; teachers, teacher's aides or assistants, school counselors and guidance personnel, school officials, and school administrators; child care workers and administrators; law enforcement personnel, probation officers, criminal prosecutors; and juvenile rehabilitation or detention facility employees; foster parents; and commercial film and photo processors.
It is a crime under New York law to possess or promote child pornography (see N.Y. Penal Law §§ 263.10, 263.11). However, these statutes do not contain any requirements for employers regarding the reporting of child pornography.
However, the New York Social Services Law contains a set list of individuals who are "required to report or cause a report to be made . . . when they have reasonable cause to suspect that a child coming before them in their professional or official capacity is an abused or maltreated child . . . " NY CLS Soc. Serv. § 413(1)(a) (2012). This list of mandatory reporters includes, but is not limited to: physicians, psychologists, registered nurses, licensed marriage and family therapists, licensed mental health counselors, and school teachers. Thus, if your company provides services that fall within the statute's scope, your company is required to report the employee and the images to the authorities.
Possession of child pornography is a crime and, therefore, whether or not your company is required to report it, it is usually best to do so because failing to report may result in harmful consequences to not just your company, but to society as a whole.
Keisha-Ann G. Gray is senior counsel in the Labor & Employment Law Department of Proskauer in New York and co-chair of the Department's Employment Litigation and Arbitration Practice Group.