Whose fault is it?

So, what should the employer do? Is this a personal matter for the victim, which he must figure out for himself (using the resources of the world's police forces and such civil law suits as he can afford)? Or could the employer face liability for the ultimate results of nonintervention, which could be the premature end to the victim's contract of employment (a much wider publication of the libel than when the employer was first notified of the problem), or a grisly real-world encounter as threatened acts became reality?

Although I am not aware of any Hong Kong judicial precedent on the subject, it is clear to me that the employer cannot turn its back on this problem. Its IT department cannot say: "We are not allowed to block incoming email, from a known source, as that would be against freedom of speech"--that would merely evidence that the IT department has no handle on legal risk management. Its senior managers cannot say: "We will look into it, but we are powerless to do anything--we don't believe we have any legal responsibility." This is because once the operator of an IT system is notified that it is carrying illegal content, and has the means to prevent its continuance, there is quite some legal precedent that the operator may itself be liable to the victim if it does not take all reasonable steps of prevention within a reasonable time. Also, an employer owes a duty of trust and confidence to its employee.

No one is saying that the employer is responsible for tracking down the perpetrator, although in an extreme case the employer could be expected to decommission the victim's email account. But the employee can expect to receive the following:

' an attempt to block the offending material by commercially reasonable technical means, even if this involves modest financial outlay (if the use of the email account is a required part of the employment).