Child Pornography in the workplace
1. Introduction
The Films and Publications Act 65 of 1996 (as amended)1 (the Act) outlaws child
pornography, and makes it a punishable offence.2 This article will show that it has special
relevance to employers whose employees‟ access the Internet from workplace computers.
This is because the Act imposes positive obligations on an employer who knows (or
ought to know) or even merely suspects (or ought to suspect) that an employee is viewing
child pornography online at work.
It is necessary to note that this article relates specifically to child pornography at the
workplace. Adult pornography is not a crime, and thus although viewing adult
pornography may be a disciplinary offence, different considerations from those discussed
here would apply. Likewise with illegal activity other than child pornography.
2. The offence
Offences related to child pornography are broadly defined in the Act. Section 24B
provides that not only the creation, production and distribution of child pornography is an
offence, but also that any person who unlawfully possesses any film, game or
publication3 which contains depictions, descriptions4 or scenes of child pornography or
which advocates, advertises, encourages or promotes child pornography, or the sexual
exploitation of children, is guilty of an offence.5 It is also an offence to access, or to take
steps to access, child pornography.6
2.1 Possession
1
Act 3 of 2009
2
Section 2
3
'publication' means –
(a) any newspaper, book, periodical, pamphlet, poster or other printed matter;
(b) any writing or typescript which has in any manner been duplicated;
(c) any drawing, picture, illustration or painting;
(d) any print, photograph, engraving or lithograph;
(e) any record, magnetic tape, soundtrack or any other object in or on which sound has been
recorded for reproduction;
(f) computer software which is not a film;
(g) the cover or packaging of a film;
(h) any figure, carving, statue or model; and
(i) any message or communication, including a visual presentation, placed on any distributed
network including, but not confined to, the Internet.
4
This word is included in the Films and Publications Act (supra) because sexual predators often use
descriptions of sexual acts to groom children for future sexual activity (Memorandum on Proposed
Amendments to the Films and Publications Act, 1996 at p. 7)
5
Section 24B, Act 3 of 2009
6
Section 24B, Act 3 of 2009
1
The ordinary meaning of the word „possession‟ would cover instances where child
pornography was downloaded from the Internet onto a computer‟s hard drive or data
storage device, but would not necessarily cover the viewing of such material via a
browser on a computer screen.7
The word „possession‟ is now defined in the Act (supra) as including keeping or storing
child pornography in or on a computer or computer system or computer data storage
medium.8 The definition now also covers instances where child pornography is accessed
and viewed without being downloaded.
Possession of child pornography includes a situation in which a person has custody,
control or supervision over a computer or computer system or computer data storage
medium on behalf of another person.9 This suggests that the mere fact that an employer
has control of a workplace computer on which an employee is accessing child
pornography can make the employer guilty of a criminal offence.
2.2 Fault
Ordinary common law principles would however require a form of fault, intention or
negligence, on the part of the employer for him to be found guilty of an offence. The
Memorandum to the Act10 makes it clear that „dolus eventualis‟ is foreseen as being a
sufficient form of fault to trigger criminal liability. Dolus eventualis would cover the
situation in which an employer foresaw the possibility of child pornography being
accessed on the work computer, and yet did nothing to stop it.
So, for example, if an employer was aware that an employee was visiting Internet sites
with names such as „underage girls‟ or „pre-teen sex‟ and chose to ignore the possibility
that child pornography was being viewed, he could be held criminally liable in terms of
section 24B of the Act.11 Likewise if an employer ignored the reports of another
employee that she suspected a colleague of accessing such sites because she saw
glimpses of images on his computer screen.
Mere inadvertent access to child pornography by an employee, however, would not
constitute criminal possession.12
In determining whether access was accidental the employer would need to consider the
context in which the site was accessed. There are cases where sites with legitimate
sounding names host offensive material, and occasionally a typographical error might
result in unintended sites being accessed. Any evidence of a „pattern‟ of such behaviour
7
Sanette Nel „Child Pornography and the Internet- a Comparative Perspective.‟ 2008 (XL) CILSA 221 at
234
8
Section 1
9
Definition of 'possession' inserted by s. 1 (e) of Act 18 of 2004
10
Memorandum on Proposed Amendments to the Films and Publications Act,1996 at p. 8
11
Ibid
12
Memorandum on Proposed Amendments to the Films and Publications Act, 1996 at p. 10. „Fortuitous‟,
and not „inadvertent‟, is the unfortunate choice of word in the Act, although the intended meaning is clear.
2
would be sufficient in most cases to prove that the possession was not merely
„accidental‟. Another indicator would be whether the user has taken active steps to access
the material or not. The latter would be the case, for example, where unsolicited email
containing child pornography was received by the employee.
2.3 Unlawfulness
The act only criminalises the unlawful possession of child pornography. Factors that
would tend to eliminate the element of unlawfulness would be where the material was
accessed or created for its artistic merit, or for educational, research or medical purposes.
3. Obligation to report the crime
In order to avoid liability in terms of the Act13 it is not sufficient for the employer to take
steps to stop the crime in the workplace – by, for example, disciplining the employee, or
blocking his/her access to offensive sites. The employer also has a positive obligation to
report the perpetrator to the South African Police Services – even if the employer does
not know for a fact, but merely suspects, an employee of accessing and viewing child
pornography. This is in terms of section 24B of the Act,14 which provides that the report
must be made „as soon as possible‟. The employer has a further duty to provide the South
African Police Service with all the particulars of the knowledge or suspicion of child
pornography offences. This means, for example, retaining and handing over evidence
from internal company computer audits, or information technology (IT) reports on
employees‟ activities on the Internet, or employee reports on their colleagues.
A failure to comply with the obligation to report is an offence.
4. Internet Service Providers (ISP‟s)
The Internet Service Provider used by the employer (for example, Telkom or MWEB) is
also legally obliged to report suspected offenders to the police. This includes an
obligation to furnish the police with the particulars of users who gained or attempted to
gain access to an Internet address15 that contains child pornography, as well as to take all
reasonable steps to preserve evidence for investigation and prosecution purposes.16
Internet Service Providers which provide child oriented17 contact-services18 (like chat
rooms) have additional duties. The Electronic Communications and Transactions Act19is
13
Supra
14
Supra
15
An Internet address is defined in section 1 of the Act (supra) as a web site, a bulletin board service, an
Internet chat room or newsgroup or any other Internet or shared network protocol address.
16
Section 24C (2)
17
A „child - oriented service' is defined in section 24C (1)(a) of the Act (supra) as a contact service and
includes a content service which is specifically targeted at children; A „content service‟ is defined in
section 24C(1)(d) of the Act (supra) and content is defined in section 24C(1)(c) of the Act (supra).
18
A 'contact service' is defined in section 1 of the Act (supra)as any service intended to enable people
previously unacquainted with each other to make initial contact and to communicate with each other.
19
No 25 of 2002
3
also relevant as regards an Internet Service Provider‟s obligations with regard to child
pornography.20
Internet Service providers are also required to take all reasonable steps to prevent their
servers from being used to host or distribute child pornography. Internet Service
Providers are not, however, required to actively monitor their users‟ online activity.21 In
practice, the South African Police service maintains a list of Internet sites which host
child pornography and provides such information to Internet Service Providers.22
Nevertheless, new child pornography sites emerge daily. So an employer can never be
complacent and rely on the Internet Service Provider to relieve the employer of its
obligation to be vigilant regarding child pornography on workplace computers.
5. What constitutes child pornography?
5.1 Definitions
In terms of section (1) of the Films and Publications Act,23 child pornography includes:
any image, however created, or any description of a person, real or simulated, who is or who is
depicted, made to appear, look like, represented or described as being under the age of 18 years –
(a) engaged in sexual conduct;
(b) participating in, or assisting another person to participate in, sexual conduct; or
(c) showing or describing the body, or parts of the body, of such a person in a manner
or in circumstances which, within context, amounts to sexual exploitation, or in such a
manner that it is capable of being used for the purposes of sexual exploitation. 24
There was some uncertainty about what was meant by the words 'sexual conduct' within
the definition, and the Act25 now includes the following definition of „sexual conduct‟:
(i) male genitals in a state of arousal or stimulation;
(ii) the undue display of genitals or of the anal region;
(iii) masturbation;
(iv) bestiality;
(v) sexual intercourse, whether real or simulated, including anal sexual intercourse;
(vi) sexual contact involving the direct or indirect fondling or touching of the intimate parts of
a body, including the breasts, with or without any object;
(vii) the penetration of a vagina or anus with any object;
(viii) oral genital contact; or
(ix) oral anal contact26;
20
Sections 71-79
21
Electronic Communications and Transactions Act (supra) section 78
22
Sanette Nel (supra) at p. 239
23
Supra
24
Current definition of 'child pornography' inserted by section 1(c) of Act 3 of 2009.
25
Supra
26
Definition of 'sexual conduct' inserted by s. 1 (f) of Act 18 of 2004.
4
Three points arise out of the definition which are worth drawing special attention to here:
5.2 Age
The offence of possessing child pornography does not depend on whether the person
being depicted is in fact under the age of 18. The definition contemplates persons who are
merely depicted, or described, as being under the age of 18 years.
5.3 Digital Alteration
The definition covers situations where the original material was innocent but which was
subsequently digitially (or otherwise) manipulated so that it became offensive. This is
indicated by the words „however created‟ in the definition.
5.4 Virtual
The definition includes virtual, or computer graphics generated, child pornography, by
referring to a person being either „real‟ or „simulated‟. This is controversial and a similar
provision was challenged as a violation of the constitutional right of freedom of
expression in the United States of America. There are two conflicting cases in this regard.
The first challenge, in United States v Acheson, 1999,27 was unsuccessful. However, a
later challenge in the case of Ashcroft v Free Speech Coalition, 2002,28 was successful. In
many states, legislation prohibiting virtual child pornography was introduced almost
immediately following this decision.29
Whether the inclusion of virtual child pornography in the definition of child pornography
will survive a constitutional challenge in South Africa remains to be seen. Indications are
that it will. The matter was dealt with in the case of De Reuck v Director of Public
Prosecutions, Witwatersrand Local Division, and others,30 where the court held:
The objective of the Legislature was clear. It was to eradicate child pornography in every
form. The viewing and dissemination of child pornography promotes the heinous
impression that children are suitable and acceptable sexual partners; it is debased,
dehumanises and has no redeeming qualities whatsoever. It presents one of the most, if
not the most, serious problems threatening the fabric of South African society. It is
inextricably linked to paedophilia which is rapidly and systematically destroying and
scarring children, parents, and families…Section 27(1) which outlaws the possession of
child pornography, cannot be said to be disproportionate to the objectives which the
Legislature has sought to achieve. In my view the definition of 'child pornography' is not
overbroad.
6. Custody, control and supervision
27
United States v Acheson 195 F. 3d. 645 (11th Cir.1999)
28
Ashcroft v Free Speech Coalition 122 S. Ct. 1389 (2002)
29
Jeffrey Kessler „Ashcroft v Free Speech Coalition.‟ 2003 (61) Appalachian Journal of Law 61 at 74-5
30
2003 (1) SACR 448 (W) at para 86
5
In order for an employer to be held liable in terms of section 24B of the Act31the
employer must have „custody, control or supervision over [the] computer, or computer
system or computer data storage system‟ which is implicated in the crime.
What then of the situation where an employee brings his own computer to work, and
accesses child pornography using the employer‟s Internet facilities. This could
conceivably even be from outside the employer‟s premises but via the employer‟s Wi-Fi
facilities. For that matter, it could even be a stranger. Wi-Fi is not a technical term. It is a
trade mark. A Wi-Fi enabled device, as most laptop computers and smartphones are, can
connect to the Internet when within range of a wireless network connected to the Internet.
A wireless network generally can have a range from an area the size of a few rooms, to
an area covering a number of square kilometers. The area of coverage is called a hotspot.
In terms of section 30B 1 (b) of the Act32 there is a presumption that if „access was
gained, or attempted to be gained, to child pornography on a distributed network,
including the Internet, by means of the access provided or granted to a registered
subscriber or user, it shall be presumed, in the absence of evidence to the contrary which
raises reasonable doubt, that such access was gained or attempted to be gained by the
registered subscriber or user.‟33
The onus is thus on the employer (as the registered subscriber or user of the Internet
facilities) to provide evidence which raises reasonable doubt as to whether the access was
in fact gained by the registered subscriber or user, to avoid liability. There is a similar
presumption in the case of child pornography uploaded onto the Internet.
It is therefore crucial for employers, to protect their Wi-Fi facilities with passwords, and
to keep the size of the hotspot to the office and not extending into public areas. Of course
some businesses (like coffee shops) attract client by advertising that they have a Wi-Fi
facilities for customer use. In such cases proper Internet security and control over sites
visited is essential.
7. Constitutional rights
Will this Act be struck down as unconstitutional on the basis of the constitutional rights
of privacy, freedom of expression or equality of the employee?
It is unlikely. Section 28 (2) of the Constitution of the RSA Act34 makes the rights of the
child paramount. The court in De Reuck‟s case35 held that when seeking to balance
31
Supra
32
Supra
33
Section 30B (1) (a) of the Act (supra)
34
Act 108 of 1996
35
De Reuck (supra)
6
conflicting rights, the rights of the child „will always be deferred to‟,36 even to the extent
„that the constitutional rights of privacy or freedom of expression are curtailed’.37
In any event, the constitutional right to privacy in the workplace also only arises where
the employee has a subjective belief in that privacy, which is objectively justifiable.38
Although there is no case law in point, I submit that there can be no subjective
expectation of privacy when an employee is engaged in illegal activity at the workplace –
including on the workplace computer. In any event I submit that even if an employee did
establish this subjective expectation, it would clearly not be objectively reasonable.
Even if an employee establishes that he does have a right to privacy in the workplace in
circumstances where he was accessing child pornography on the employer‟s electronic
facilities, his rights may be limited in terms of to section 36 of the Constitution39, the
limitations clause, which provides that constitutional rights may be limited:
…only in terms of law of general application to the extent that the limitation is
reasonable and justifiable in an open and democratic society based on human dignity,
equality and freedom, taking into account all relevant factors, including -
(a) the nature of the right;
(b) the importance of the purpose of the limitation;
(c) the nature and extent of the limitation;
(d) the relation between the limitation and its purpose; and
(e) less restrictive means to achieve the purpose.40
The court in De Reuck‟s case41 held that: ‘When one has regard to the objectives of the
legislation and the spirit of the Constitution, it can never be said that child pornography
has any place in an open and democratic society based on freedom and equality.‟42
8. The Regulation of Interception and Provision of Communication Related
Information Act no 70 of 2001 (RIPCRIA)
The RIPCRIA43,which is the Act regulating the interception and monitoring of private
communications, poses no significant barrier to monitoring an employee‟s Internet
activities to ascertain whether he is accessing child pornography.
8.1 General prohibition
Although section 2 of the Act44 contains a general prohibition on the intentional
interception of any communication in the course of its occurrence or transmission, which
36
De Reuck paras 45 and 71
37
Ibid
38
Protea Technology ltd v Another v Wainer and others 1997 (() BCLR 1225 (W)
39
The Constitution of the RSA Act 108 of 1996
40
The Constitution of the RSA Act 108 of 1996, section 36
41
De Reuck (supra)
42
2003 (1) SACR 448 (W) at para 86
43
Supra
7
clearly applies to an employer monitoring and intercepting an employee‟s Internet or
email activities,45 there are also significant exceptions.46
8.2 Consent
Section 4(1) provides for the monitoring and interception of communications by consent.
It provides that any person (other than a law enforcement official), may intercept a
communication, and even covertly record it, provided the person consenting is a party to
the communication. The consent must be in writing (section 5(1).
This exception thus allows employers to secure the written prior consent of their
employees for the employer to intercept and read their email messages, and other
communications sent over the employer‟s communication systems. This consent will
most usually be found in the terms and conditions of the employees‟ employment, or in
relevant policies, practices and procedures to which the employee consents. Also, where
an employer notifies his employees that he will intercept and monitor all electronic
communications and they continue to use the employer‟s electronic facilities, they can be
held to have consented implicitly to the monitoring and interception.
8.3 Carrying on a business
Section 6 (1) provides that:
…any person may, in the course of the carrying on of any business, intercept any indirect
communication (a) by means of which a transaction is entered into in the course of that
business; or (b) which otherwise relates to that business; or (c) which otherwise takes
place in the course of the carrying on of that business in the course of its transmission
over a telecommunications line.
Section 6(2) provides that in order for an interception contemplated in section 6(1) to be
permitted, certain requirements must be met.
Firstly, the „system controller‟ must have consented to the interception. The consent may
be either express or implied. Before consenting, the systems controller is required to
make all reasonable efforts to inform in advance all who use the communications system
that interception may take place. The term „system controller‟ is defined in wide terms –
it is clear that the intention is „that there be a level of senior control over a system that
could easily be abused‟.47 In the employment context, the „systems controller‟ would
usually be the employer itself.
Secondly, the system through which the interception takes place must be provided wholly
or partly in connection with a business.
44
Supra
45
Section 1 of the Act (supra)
46
Section 4, 5 and 6 of the Act (supra)
47
Britz and Ackerman 2006:99
8
Thirdly, the interceptions must be carried out for, inter alia, the specific purposes of
monitoring or keeping a record of indirect communications to establish the existence of
certain facts, to investigate or detect the unauthorized use of the telecommunications
system in question. In other words, there must be a business necessity for the monitoring.
Clearly, monitoring to establish whether child pornography is being accessed at work will
fall within this exception. In fact, in view of the Films and Publications Act (supra) it is
clear that an employer has a duty to monitor for that purpose in certain circumstances. 48
9. Consequences of a failure to comply with the Films and Publications Act49
9.1 Statutory liability
9.1.1 Films and Publications Act
In terms of the Act50 non-compliance is a criminal offence. The Criminal Procedure Act
no 51 of 1977 makes provision for both natural and juristic persons to be prosecuted for
crimes. A discussion of corporate crime is, however, beyond the scope of this article.
9.1.2 The Employment Equity Act 55 of 1998
The Employment Equity Act51 specifically prohibits sexual harassment.
Sexual harassment includes the creation of a hostile working environment and such
examples of non-verbal conduct as „gestures, indecent exposures or the display of
sexually explicit pictures and objects.‟52
A hostile working environment is in turn caused:
when an abusive working environment is created in which an employee finds it difficult
to work. This hostile working environment could be created by jokes, sexual propositions
or other sexual innuendos which are offensive to an employee but not necessarily
directed against that employee as a person …53
The sexual harassment framework is clearly broad enough to cover an employee‟s claim
of having been subjected to a hostile work environment in a situation where she was
exposed to a colleague accessing and viewing child pornography – or perhaps even where
she just suspected so, and reported it to the employer who failed to act.
If this is so, and the provisions of section 60 of the Employment Equity Act54 apply, the
employer may be held strictly liable for damages to that employee. Section 60(3) requires
48
Supra
49
Ibid
50
Ibid
51
Supra
52
Basson et al. Essential Labour Law 208
53
Basson et al. Essential Labour Law 208
54
Supra
9
that an employer notified of harassment must consult with all the parties involved and
take steps to eliminate the alleged harassment, and to comply with the provision of the
Act55 in order to escape strict liability. Section 60(4) allows an employer to escape
liability by showing that he or she took all reasonably practical measures to prevent such
discrimination from occurring.56
9.1.3 The Labour Relations Act 66 of 1995
An employee who resigns in circumstances where her continued employment with the
employer was intolerable, may claim constructive dismissal.57 If proved, this would
entitle her to a remedy in the form of compensation, or reinstatement.58 Compensation,
for obvious reasons, tends to be the preferred remedy, and the maximum which can be
awarded is the equivalent of 12 months remuneration.59 I doubt it would be difficult to
establish an intolerable working environment where an employee was exposed to a
colleague‟s accessing child pornography, and where the employer did not deal with it
adequately. A full discussion of constructive dismissal is however beyond the scope of
this article.
9.1.4 Occupational Health and Safety Act 6 of 1983 (OHSA)
The common law duty to protect an employee‟s well being is supplemented by a statutory
duty on all employers to maintain „as far as it reasonably practicable, a working
environment that is safe and without risk to the health of his employees.‟60
It is conceivable that an adventurous litigant may argue that by failing to prevent child
pornography from being viewed at the workplace, the employer creates a psychologically
unsafe environment for an employee who is exposed to that content. No such case has
come before the court, but Le Roux, Orleyn and Rycroft are of the opinion that „the
general structure of the OHSA and the definitions of the words “health” and
“occupational health” in the act suggest not‟.61
It is a criminal offence to contravene the Occupational Health and Safety Act,62 and there
are serious sanctions for doing so.63
As for damages, if the employee claimed that her psychological disorder was an „injury
or disease‟ acquired during the course and scope of her employment, she would be able to
55
Supra
56
Barbara E Loots „Sexual Harassment and Vicarious Liability: A Warning to Political Parties‟ 2008(1)
Stellenbosch 143 at 148.
57
Labour Relations Act (supra) section 186 (e)
58
Labour Relations Act (supra) section 193
59
Labour Relations Act (supra) section 194
60
OHSA 6 of 1983 s 8(1)
61
Le Roux et al. Sexual Harassment in the Workplace: law, policies, practices(2005) Lexis Nexis
Butterworths, Durban at p. 25
62
Supra
63
OHSA (supra) Section 38
10
claim compensation in terms of the Compensation for Occupational Injuries and Diseases
Act (COIDA).64
COIDA is a no-fault compensation scheme for those who have suffered from
occupational injuries and diseases. It replaces the employer‟s common law delictual
liability for work-related injuries and diseases. Employees are entitled to compensation
for work-related injuries and diseases in terms of the Act even if the employer was not at
fault in any way, but there must be a causal connection between the employee‟s injury
and the employee‟s employment.65
There is precedent for a person claiming compensation via COIDA for a psychological
„injury‟, Post-traumatic stress disorder, on the basis that the concept of an accident
includes the cumulative effect of a series of specific incidents.66 An adventurous litigant
may be encouraged to claim compensation in this way. This would be to the benefit of
the employee if the employer had no assets, and/or if the employee anticipated difficulties
in proving fault on the part of the employer.
9.2 Common law
9.2.1 Liability to another employee
There is a common law duty on every employer to provide its employees with a safe
working environment. This duty extends not only to the physical wellbeing on the
employee, but also to her psychological health. For example, in the case of Media 24 v
Grobler,67 Farlam JA held that an employer has a legal duty dictated by public policy to
prevent harm such as sexual harassment to its employees.
The doctrine of vicarious liability provides that an employer will be held liable for
wrongful acts, whether intentional or negligent, committed by his/her employees in the
course and scope of their employment, and which caused harm to another.68
The rationale behind the doctrine of vicarious liability, has been expressed as:
…the desirability of affording claimants efficacious remedies for harm suffered…[And]
the need to use legal remedies to incite employers to take active steps to prevent their
employees from harming members of the broader community.69
The circumstances in which the doctrine may find application are not finite, and the duty
of the court is to develop the common law in accordance with the spirit, object and
purport of the constitution.70
64
Ibid
65
COIDA (supra) section 22(3)
66
Urquhart v Compensation Commissioner (2006) 27 ILJ 96 (E)
67
2005 JDR 738 (SCA) at 741
68
ME Manamela „Vicarious Liability: Paying for the Sins of Others‟ 2004 16 South African Mercantile
Law Journal 125
69
NK v Minister of Safety and Security 2005 6 SA 4 9 (CC) at para 21
11
One can assume that an employer would never authorize his employees to access child
pornography; and that it is unlikely that doing so would be regarded as being in the
course and scope of their employment, or furthering the employer‟s interests. This is a
potential obstacle in the way of successfully suing an employer for harm cause as a result
of a colleague accessing child pornography at the workplace. This apparent obstacle can
be overcome with reference to the Grobler71 and Carmichele72 cases.
In the case of Grobler v Naspers Bpk,73 the Cape High Court found that an employer
could be held delictually liable via the doctrine of vicarious liability for sexual
harassment committed by his employees despite the fact that it was illegal conduct which
the employer did not authorize. Likewise in the case of Carmichele v Minister of Safety
and Security,74 where the Minister was held vicariously liable for the criminal act of rape
perpetrated by his employees, notwithstanding that they were acts done outside the
employee‟s authority and not in furtherance of the Minister‟s interests. These cases are
important because they rule out an employer‟s argument that he should not be held liable
to the claimant because he did not authorise the accessing and viewing of the child
pornography in the workplace.
When one considers the rationale behind the doctrine of vicarious liability, and the
constitutional imperative on the court to develop the common law, it becomes easy to
extend the established principles and imagine a court finding an employer who has failed
to prevent psychological distress to employees as a result of their colleague viewing child
pornography on the work computers liable to those employees. Proving actual harm, and
causation, would no doubt be difficult in all but the most serious cases.
9.2.2 Delictual vicarious liability to 3rd parties
An employer may also conceivably be held vicariously liable in delict to a third party
harmed by his employee accessing child pornography at the workplace and failing to take
the appropriate action in response.
There is no general duty on anyone to act to protect another from damage or harm, even
if to do so would clearly be morally correct.75 However, there are exceptions where
public policy dictates that there is a legal obligation to prevent harm to another. As
70
NK v Minister of Safety and Security (supra) Carmichele v Minister of Safety and Security (supra);
Wicke „Vicarious liability not simply a matter of public policy‟ 1998 Stell Law Review 21; Calitz
„Vicarious liability of Employers: Reconsidering Risk as the basis for liability‟ 2005 TSAR 215 at 225,
Loots „Sexual Harassment and Vicarious Liability; A Warning to Political parties‟ 2008 Stell Law Review
143 at 144
71
2004 5 BLLR 455 C at 525
72
Supra
73
2001 4 SA 938 (CC)
74
Supra
75
Neethling, Potgieter & Visser Deliktereg ( 2002 ) 400;Minister van Polisie v Ewels 975 3 SA 590 (A)
596-597
12
discussed, one such exception to the general rule is that the employer has a positive duty,
both in terms of statute and common law, to prevent harm coming to his employees.
The list of such exceptions is not a finite one, and the courts are obliged to develop the
common law in line with the spirit and values of the Constitution.76
In the case of CWU v Mobile Telephone Networks (Pty) Ltd,77 an employee of the
company sent out emails which defamed both MTN and clients of MTN. The court held
the employer liable to MTN in damages, and added that there were grounds on which the
clients of MTN could also sue the employer for damages.
Thus, we turn now to consider whether an employer could possibly be held liable to a
third party (i.e. a person other than one of his employees) who has been harmed by his
failure to deal appropriately with employees accessing child pornography at work.
In view of the paramount importance given to the rights of children in the constitution, I
would argue that it is to be expected that an employer in control of a computer system,
knowing or suspecting that child pornography is being accessed, has a duty to act to
prevent harm to that child – perhaps even children as a class. This broader than previous
application of the doctrine of vicarious liability is justified in the light of the
constitutional values of human dignity, equality and freedom – as well as the primacy of
the rights of the child.
There is no South African case law directly in point but there is an American case which
deals with this issue. Although there are significant differences in the structure of the
legal system and the labour laws of America as compared to South Africa, the broad
principles applied in the case to be discussed are similar. Thus it is instructive to consider
the case in some detail.
The case in question is that of Doe v XYZ Corporation.78 The Plaintiff (referred to as
Jane) sued the Defendant employer for damages arising out of the fact that one of its
employees had harmed her ten year old daughter (referred to as Jill) by uploading
pornographic photographs of her to the Internet in order to gain access to child
pornography sites. The employee was Jane's husband and the stepfather of Jill.
These were the facts:
The Defendant employed the employee as an accountant.
76
Carmichele v Minister of Safety and Security 2001 4 SA 938 (CC) Wicke „Vicarious liability: not
simply a matter of public policy‟1998 Stell law review 21, Calitz „Vicarious Liability of
Employers: Reconsidering Risk as the Basis for Liability‟ 2005 TSAR 215 at 225; Barbara E Loots „Sexual
Harassment and Vicarious Liability: A Warning to Political Parties‟ 2008(1) Stellenbosch 143 at 144
77
2003 (8) BLLR 741 (LC)
78
887 A.2d 1156 (2005) 382 N.J. Super.122
13
In about 1998/9 the employer‟s Internet Services Manager (ISM) became aware that the
employee had been visiting pornographic Internet sites. He did not report the matter, but
told the employee to stop.79
Approximately one year later, the employee's immediate supervisor told the ISM that he
suspected the employee of accessing inappropriate websites, and asked him to track the
employee‟s Internet use. The ISM did so, and his investigation revealed that the
employee was still visiting pornographic sites. Despite having the ability to do so, the
ISM did not open the sites to ascertain the nature of the pornography. The ISM reported
the matter to his superior, the Director of Network and PC Services, who admonished
him not to access any employee's logs of websites visited, including those of the
employee ever again.80 This was because she had misunderstood the employer‟s policy at
the time which reserved to itself the right to monitor electronic activity, but warned
employees not to monitor each other frivolously. As the court said, the monitoring in
question did not fall foul of the policy because it clearly had a legitimate purpose.81 At
this stage the Director knew, or should at least have suspected the employee of accessing
illegal sites, as the ISM had told her that the sites included ones with names indicating
bestiality and necrophilia.82
In about December 2000, two colleagues of the employee told their manager that the
employee was acting strangely by shielding his computer screen and quickly minimizing
it so that others could not see what he was doing. They told him they suspected
pornography and that the employee‟s behaviour was making them uncomfortable. No
action resulted from their complaints.83
In February 2001, the employee‟s colleague‟s manager looked for himself at the sites
employee had been visiting and concluded that they were pornographic. He did not open
the sites and did not discuss his findings with anyone or take any action.84
In late March 2001, one of the colleagues again reported distress to her manager, telling
him that while walking past the employee's cubicle she had seen a sexy picture of a
woman on the employee's computer screen. The manager said he had also seen it, and
had noticed the employee blocking his computer screen just as they had reported.85
Later that month, the manager went into the employee's cubicle during lunch when
employee was out, and clicked on the „websites visited‟ button on the employee's
computer. This revealed obvious pornography sites, including one the name of which
suggested child pornography. The supervisor then showed the printout to his boss. Later
that day, the supervisor met with two senior managers to decide what to do. They agreed
that the supervisor should warn the employee to stop. This was done, and the employee
79
Jane Doe v XYZ Corporation (supra) at p.1159>
80
ibid
81
Jane Doe v XYZ Corporation (supra) at p.1166
82
Jane Doe v XYZ Corporation (supra) at p.1159
83
Jane Doe v XYZ Corporation (supra) at p.1159
84
ibid
85
Jane Doe v XYZ Corporation (supra) at p.1159-1160
14
agreed not to visit inappropriate sites. The employee appeared to stop his activities, but in
early June 2001, his supervisor saw that he had started again.86 Nevertheless, he told no
one and left on a business trip, not returning until after employee's arrest on child
pornography charges on June 21, 2001.87
It turned out that for about five months prior to his arrest, the employee had been secretly
videotaping and photographing his ten year old stepdaughter Jill at their home, in nude
and semi-nude positions. The employer was aware that the employee had a young
stepdaughter because she had attended work functions with him.88
On June 15, 2001, the employee transmitted three of the clandestinely-taken photos of Jill
over the Internet from his workplace computer to a child pornography site in order to
gain access to the site.89
The police obtained a search warrant to search his desk and computer, and found
thousands of pornographic images including substantial amounts of child pornography.
The employee later acknowledged that he stored child pornography, including nude
photos of Jill, on his workplace computer.90
The Plaintiff‟s case was based on the following line of reasoning :
[1] XYZ Corporation knew or should have known that Employee was using its computer
and internet at his workstation to view and download child pornography and to interact
with child pornography web sites.
[2] Given the nature of the offence, XYZ Corporation had a duty to report Employee to
the proper authorities for the crimes committed on its property during the course of the
work day.
[3] XYZ Corporation negligently, carelessly, with reckless indifference and or
intentionally breached its aforesaid duty.
[4] As a direct and proximate cause of XYZ Corporation's breach of duty, Employee was
able to continue clandestinely photographing and molesting Jill Doe resulting in Jill Doe
suffering severe and permanent harm.91
The court held that in order to decide the case, it had to address the following issues:
1) Did the employer have the ability to monitor the employee's use of the Internet on his
office computer?
2) If so, did it have a right to monitor the employee's activities?
(3) Did the employer know, or should he have known, that the employee was using the
office computer to access child pornography?
(4) If so, did the employer have a duty to act to prevent the employee from continuing his
activities? and lastly,
86
Jane Doe v XYZ Corporation (supra) at p.1160
87
Ibid
88
Ibid
89
Ibid
90
Ibid
91
Jane Doe v XYZ Corporation (supra) at p. 1161
15
(5) Did the employer‟s failure to act cause harm to Jill? This entailed establishing firstly
whether the employee‟s transmission of the three photographs in July 2001 caused harm
to her, and secondly whether this harm would have been prevented if the employee had
curbed the employee‟s activities prior to July 2001.92
The evidence showed that the employer was able to monitor the employee‟s electronic
activity as it had the appropriate software, and had done so in the past.93 The court held
that the employer did have a right to monitor the employee‟s Internet use by virtue of its
own internal policy, and that in any event, the employee‟s right to privacy in the
workplace would not trump the employer‟s right to monitor the employee at work in
these circumstances.94 The court accepted the evidence showing that the employer knew
or should have known of the employee‟s activities via its supervisory and managerial
staff95 and found that the employer thus had a duty to conduct further investigations.96
The court also found that public policy and principles of fairness required that with the
employer‟s actual or imputed knowledge of the employee‟s illegal activities, it had a duty
to act, either by terminating the employee‟s services or reporting him to law enforcement
or both.97 In South Africa, this duty is imposed by the Films and Publications Act.98
In deciding the last point listed above, the court accepted that if the employer had acted
appropriately in regard to the employee‟s activities, which had been exposed as far back
as 2000, he would presumably been shut down and this would have prevented the action
allegedly causing harm to the third party (Jill) in the form of the three nude and semi-
nude photographs of her that he uploaded onto a child pornography site.99
The last question for the court to decide was whether it was proved that Jill had in fact
suffered harm as a result of the employee‟s activities which the employer could have
prevented. In other words, the court required evidence that Jill had been harmed thereby.
Of course the harm could have been psychological, but it needed to be proved.
The court held that it did not have the necessary evidence to make that decision, and
therefore remanded it back to the court a quo.100
10 Conclusion
The principle established by the court in Jane Doe v XYZ Corporation101case can be
summarised as:
If an employer is on notice that his employee is using a workplace computer to access
pornography, possibly child pornography, it has a duty to investigate the matter and to
take prompt and effective action to stop the illegal activity lest it result in harm to others.
92
Jane Doe v XYZ Corporation (supra) at p.1164
93
Ibid
94
Jane Doe v XYZ Corporation (supra) at p.1165-1166
95
Jane Doe v XYZ Corporation (supra) at p.1167
96
Jane Doe v XYZ Corporation (supra) at p.1167-1168
97
Ibid
98
Supra
99
Jane Doe v XYZ Corporation (supra) at p.1169-1170
100
Jane Doe v XYZ Corporation (supra) at p. 1170
101
Supra
16
If the employer fails to take appropriate action, then third party harmed by the illegal
activity may claim damages from the employer in terms of the doctrine of vicarious
liability.
In view of an employer‟s obligations in terms of the Films and Publications Act,102 and
the court‟s imperative to develop the common law in terms of section 8 and 39 of the
constitution,103 I submit that the principle translates easily into the South African context.
Child pornography in the workplace is a serious matter and it appears from newspaper
reports that it is a real problem in the South African workplace.104 Employers cannot
afford to be lax in tackling the problem. There is much at stake if they fail to rise to the
challenge.
102
Supra
103
Supra
104
The Witness, KZN, 30 January 2011, reporting on a Gauteng Municipality sending a notice to its staff
indicating that it had been informed that staff were accessing pornography sites including child
pornography and bestiality.
17