In an article published last Wednesday in the Bangkok Post (www.bangkokpost.com/business/telecom/284253/computers-social-media-and-thai-law-part-i), we discussed the growing use of social media tools by businesses and with it the increased risk of computer-based offences being committed. Today we identify situations in which employers can be liable for communications sent by their employees.
The Civil and Commercial Code (CCC) makes employers jointly liable for the consequences of a wrongful act committed by employees in the course of employment. This would extend to defamation and lese majeste committed in the course of employment.
If an unemployed person without income or assets posts a defamatory comment on a website, then the person defamed by the comments may be successful in obtaining a court order for damages. However, the offender is unlikely to be able to pay.
However, if the person posting the comment was employed by a large company and published the defamatory post during office hours using computer systems owned and operated by the company, then the company would become an attractive litigation target. It would be able to pay substantial damages, and the defamed person could argue the employer is jointly liable for the acts of the employee. This could be difficult to defend if the employee's comments were made on a blog or website operated by the employer.
The success of the litigation against an employer will depend on whether the employer published the defamatory comments in the course of business. The CCC does provide any clarification of what actions are regarded as coming within the course of employment, so a successful defence will require employers to establish a factual basis for asserting that the employee's actions were beyond the scope of the terms of employment.
The Computer Crimes Act (CCA) also contains a section that has the potential to expose many employers to criminal liability for breaches of the CCA by employees. As identified in the first part of this article, the CCA imposes penalties of up to five years' imprisonment and a fine of up to 100,000 baht for entering or forwarding computer data that are:
spurious and likely to cause injury to individuals or the public;
false and likely to cause damage to national security or stir up public agitation;
an offence under the Penal Code in relation to security or terrorism; or
obscene.
However, the CCA also imposes the same penalties on a service provider who intentionally supports or gives consent to the commission of the above acts on a computer system under the service provider's control. This provision is widely regarded as applying to commercial internet service providers and webmasters. However, the definition of the term "service providers" in the CCA is quite broad and applies to anyone who provides others with internet access or any other services that enable communication via a computer system regardless of whether the service is provided on that person's behalf or for the benefit of others.
More companies use through their own servers and operate their own intranet systems to ease communications among employees, and it is conceivable an employer that provides employees with internet access or devices such as BlackBerries or smartphones could come within the definition of a service provider under the CCA. Companies that provide WiFi access to customers or to the public could also be caught, as could an iPhone user allowing others to connect to the internet via a personal hotspot.
Based on recent convictions and prosecutions under the CCA, the webmaster of an internet site can be exposed to penalties under the CCA as a service provider for failing to remove content that breaches the CCA immediately even if the webmaster was not involved in the preparation or dissemination of the content. It is therefore possible that if an employer becomes aware of content on the company's computer system that contravenes the CCA, then the firm could be compelled to remove the content or face proceedings under the CCC.
The highest-risk scenarios will likely be social media applications that allow comments to be posted and viewed by large numbers of people. However, emails and SMSs and other instant messages are also capable of creating liability for employers if the messages are transmitted using the employer's computer system.
Simply put, if an employer's computer system is used to post defamatory comments or breach the CCA, then an employer can be exposed to civil and criminal proceedings. The employer's ability to defend the proceedings will depend on its ability to establish the scope of the employment relationship and the extent to which employees were given consent to use the system.
The CCA also has extraterritorial applications and is not limited to offences taking place in Thailand. Proceedings can be started against Thai nationals who commit a breach of the CCA while abroad and against foreign nationals who commit a breach of the CCA abroad if the injured party is a Thai national or the Thai government. The CCA has already been enforced against a US national in relation to matters that occurred entirely outside Thailand.
Employers must consider how much exposure they have to the social media activities of their employees. In the next article, we will identify methods available to employers to reduce their social media liability under the CCC and the CCA.
Christopher Osborne is a senior associate and Monrawee Ampolpittayanant is an associate at Watson, Farley & Williams (Thailand) Ltd. Email: cosborne@wfw.com, mampolpittayanant@wfw.com