Introduction | JANET Policies | Laws on Networking | Regulated Activities | Other Documents
ACTIVITIES: LIABILITY
Organisations and individuals may be found legally liable for damage caused by either their actions or their failures to act. A finding of liability usually requires a complaint by a victim and a court may require the offender to pay for the damage caused. In the area of computer and network use there are three main areas where organisations may be found liable: for material published on their servers, for the actions of their employees or for failure to act to address known problems. The JISC Legal Information Service have a review of liability issues for universities and colleges.
Liability for publishing
Most of the cases on liability for hosted information concern defamatory material, though similar judgements might be expected for material that infringed other rights, such as copyright. There may also be criminal liability for certain types of illegal material, for example material likey to encourage terrorism.
In defamation the main laws that apply are the Defamation Act 1996 and the Electronic Commerce (EC Directive) Regulations 2002. These allow an organisation to escape liability for material on its servers only if the organisation did not act as editor, author or publisher (a recent court case has indicated that proactively amending or removing posts may constitute editing), if it took reasonable care in allowing others to publish using its systems, and if it did not know that its actions were contributing to the defamation. In court cases, hosting providers have been found not to be liable so long as they had not been informed of a specific defamatory article. Once informed, they must act promptly to remove the material, or else accept possible liability for its publication. This has resulted in many service providers removing material, whatever its nature, as soon as they receive a complaint. The UK Law Commission recommended in 2002 that the legislation be reviewed to establish a better balance between authors and the subjects of articles; a Ministry of Justice consultation in 2011 invited further discussion of this question.
The Terrorism Act 2006 introduced a similar liability scheme where an organisation hosted material likely to encourage terrorism, however here the hosting organisation risks committing a criminal offence if, following formal notice from a police officer, it does not remove or modify material that is later found to break the Act. Once a notice is delivered to a senior manager, the organisation has two working days to act to remove or modify the material.
Further information on the circumstances where it may be necessary under criminal or civil law to remove material from publication can be found on the page on working with law enforcement.
The JISC Legal Information Service has an introduction to Internet Service Provider Liability
Liability for actions or negligence
Organisations may also be held liable where the actions of employees in the course of their employment cause harm to others (known as vicarious liability), and for negligence where by action or inaction they cause harm to their own users or others or fail to fulfil duties placed upon them as a result of their status. Such liability can arise in the electronic world as well as the physical one. A full discussion of these duties of care is available from the JISC Legal Information Service and there is a JANET factsheet on school visits to universities. Technical measures such as e-mail disclaimers or content filtering are sometimes suggested as a remedy, however the legal benefit of these is not clear (see, for example, an article on disclaimers from Weblaw) and can only be assessed by individual organisations based on the risks they face. Agreed policies on the use of communications, may also be useful, as described in a paper from ACAS.