It’s a situation no one wants to be put in.

“We have a problem,” you hear your chief technology officer say as he walks into your office. “Someone complained that Tim was looking at pornography on his computer.”

“I’m guessing from your tone that you’ve already worked with HR, checked his computer and confirmed the complaint?”

“Yes, but that’s not the problem. It’s the type of pornographic material we found.”

As general counsel, do you know what your responsibilities are when an employee is caught in possession of child pornography? Do you have a legal obligation to report your findings to the authorities? What should you do with these offensive materials? Delete them? Preserve them?

Your company is put in a very difficult situation, and handling it swiftly and appropriately will dictate whether you will have any legal problems arising from this employee’s illegal activities.

One potential problem for employers is criminal liability. The federal PROTECT Act of 2003 makes it a federal crime to possess or view child pornography. Because the workplace computer that the employee uses is company property, your organization could be criminally liable if it knowingly permits an employee to possess or view these materials. There are also other federal and state criminal laws that could impact your company in this situation. These laws impose affirmative obligations on an employer to report child pornography to law enforcement authorities immediately.

Another potential problem for employers is the possibility of civil liability to the exploited children. The leading case on this issue is Doe v. XYC Corp..In that case, the court ruled that an employer could be held liable to a victim of child pornography based on the actions of one of its employees. The facts of the case are eye-opening. The plaintiff’s husband worked for XYZ Corp. She alleged that her husband had been using his workplace computer to view and distribute nude photographs of her daughter (his step-daughter). She further alleged that the employer negligently failed to detect and stop its employee from using its systems to continue the dissemination of the offending materials. In reaching its conclusion that the company could be held liable, the court relied on two key facts: an unenforced electronic communications policy that prohibited viewing pornography at work and a three-year history of unaddressed complaints about the employee viewing pornography from his work computer. The appellate court concluded that the company “was under a duty to exercise reasonable care to stop Employee’s activities, specifically his viewing of child pornography” and “to take effective internal action to stop those activities.”

What steps should you take if an employee places your company in this uncomfortable situation?

1. Immediately report the employee to authorities, and preserve the offending images or files. Acting as quickly as possible will help shield your company from significant criminal sanctions and civil liability.

2. Have in place an electronic systems policy that:

a) Puts employees on notice that they enjoy no expectation to privacy when using company computers or systems

b) Reserves the right to search computers, systems and accounts at any time and for any reason

c) Defines appropriate use, and, more importantly, inappropriate misuse, on company computers and systems, and provides that employees are subject to discipline up to, and including, termination for violations of the policy or the law

d) Provides a mechanism through which employees can report misuse or abuse

e) Advises employees that the company will report illegal use of its computer systems to law enforcement authorities

So, what is the bottom line when dealing with employee access, storage or transmission of child pornography in the workplace? Beyond the moral repercussions, you act at your own significant criminal and civil peril if you turn a blind eye to your employee’s misconduct.