
    Lori L. Maypark, Mary Pat Geddes and Marcia Lynn See, Plaintiffs-Respondents, v. Securitas Security Services USA, Inc., Defendant-Appellant, Troy C. Schmidt and Polaris Industries, Inc., Defendants. Lisa Christenson, Shannon Aubart, Amelia Cran, Tina M.Dixon, Julie J. Gross, Brenda Johnston and Tami L.Majewski, Plaintiffs-Respondents, v. Securitas Security Services USA, Inc., Defendant-Appellant, Troy C. Schmidt, Defendant.
    Court of Appeals
    
      No. 2008AP1528.
    
    
      Submitted on briefs June 23, 2009.
    
    
      Decided September 1, 2009.
    
    2009 WI App 145
    (Also reported in 775 N.W.2d 270.)
    
      On behalf of the defendant-appellant, the cause was submitted on the briefs of Beth Ermatinger Hanan of Gass Weber Mullins, LLC, of Milwaukee; Susan G. Schellinger and Heather K. Gatewood of Davis & Kuelthau, S.C. of Milwaukee; James R. Johnson of Lommen, Abdo, Cole, King & Stageberg, P.A. of Hudson.
    On behalf of the plaintiff-respondent, Mary Pat Geddes, the cause was submitted on the brief of Warren Lee Brandt of Brandt Law Office, S.C. of Prescott.
    On behalf of the plaintiffs-respondents, Lisa Christenson, Shannon Aubart, Amelia Cran, Tina M. Dixon, Julie J. Gross, Brenda Johnston and Tami L. Majewski, the cause was submitted on the brief of Matthew A. Biegert of Doar, Drill & Skow, S.C. of New Richmond.
    On behalf of the plaintiffs-respondents, Lori L. Maypark and Marcia Lynn See, the cause was submitted on the brief of Carol S. Dittmar of Carol Dittmar Law Office, LLC, of Chippewa Falls.
    Before Hoover, RJ., Peterson and Brunner, JJ.
    
      
       Petition to Review denied 1/12/10. Abrahamson, C.J. and Bradley, J., dissent.
    
   HOOVER, RJ.

¶ 1. Securitas Security Services USA, Inc. appeals judgments awarding money damages for severe emotional distress caused by its negligent training and supervision of its employee, Troy Schmidt. Securitas argues it was not negligent because it was not foreseeable that allowing its employees to access the internet would create an unreasonable risk of harm to others. Securitas also contends public policy considerations preclude liability even if it was negligent. Securitas further argues it cannot be held liable for damages caused by a hostile work environment existing at another employer. Finally, Securitas asserts it is entitled to a new trial due to circuit court bias.

¶ 2. We conclude Securitas was not negligent, as a matter of law, because the circumstances did not present a foreseeable, unreasonable risk of harm. We further conclude public policy precludes recovery because the injuries were too remote from the alleged negligence and allowing recovery would have no sensible or just stopping point. We therefore reverse and direct the circuit court to enter judgments of dismissal as to Securitas.

BACKGROUND

¶ 3. Securitas provided security services to Polaris Industries, Inc., at its Osceola facility. Securitas's security officers were stationed in a guard shack at the entrance to Polaris's parking lot, where they controlled visitor and employee access. Polaris employees wore photo identification badges created with images from a digital camera. As the security manager at the Osceola location, Schmidt was responsible for producing the badges and therefore had access to employee photographs. All security officers were allowed to use the guard shack computer, which was both owned and monitored by Polaris. The computer had a program installed that prevented access to inappropriate internet sites.

¶ 4. At some point, Schmidt copied the photographs of approximately thirty female employees to a flash drive. He printed the photographs at home, ejaculated on them, and posted pictures of the adulterated photos on adult websites he created on Yahoo!. Polaris was alerted to one of the websites on October 29, 2005. On November 1, Polaris's information systems department searched the guard shack computer and located unadulterated badge photos that appeared similar to those appearing online. Polaris identified Schmidt as the likely perpetrator because he could access the photos and the user-identifying information on the website matched his personal background. Polaris printed copies of the website postings and later prepared a report of its investigation.

¶ 5. Polaris notified Securitas there was an issue with one of its employees, but did not disclose any details until a meeting held November 2. At the meeting, Polaris informed Securitas of the website postings of its employees and told Securitas it had a substantial investigation team in place and had contacted Yahoo!. Securitas was shown one of the screen printouts from the website, but was not allowed any copies. Polaris also did not disclose the names of the affected employees. Polaris's human resources director, Polaris's plant manager, and Securitas's regional manager then met with Schmidt. Securitas immediately terminated Schmidt after he admitted posting the images to the websites.

¶ 6. Polaris demanded that Schmidt immediately remove the offensive material and never enter Polaris property or contact any of the women posted on the websites. As part of a written statement, Schmidt identified the websites he recalled posting photos to. That same day, Schmidt informed Polaris he had removed all photos of the Polaris employees and deactivated the Yahoo! account he used to create the websites. Polaris confirmed the photos were removed by 10:00 p.m. Yahoo!'s legal department also confirmed the account was deactivated on November 2 and that the websites had been removed.

¶ 7. Polaris informed Securitas on November 4 that Schmidt cooperated and all material was removed from the internet. Polaris declined Securitas's offers of further assistance. Polaris contacted the Osceola police on November 2, but only told them Schmidt was barred from the premises. The police learned of Schmidt's activities on November 4 from one of the affected employees. After meeting with Polaris personnel, the police referred the matter to the district attorney's office, which determined there was no prosecutable crime.

¶ 8. Two different sets of plaintiffs filed civil actions. After Polaris was dismissed from the one action in which it was named, the two cases were consolidated. Following a bench trial, the court found Schmidt liable for defamation and invasion of privacy and Securitas liable for negligent training and supervision. The court awarded the ten plaintiffs a total of $1,400,000 in damages for severe emotional distress, in varying amounts of $50,000, $75,000 and $333,333. The significantly larger amounts for three plaintiffs were awarded, in part, on the basis of a hostile work environment at Polaris following the Schmidt incident. Securitas now appeals.

DISCUSSION

¶ 9. In this case we analyze whether Securitas was, as a matter of law, not negligent on forseeability grounds. We view the ultimate issue of negligence as a rather straightforward matter in this case. However, given recent guidance from our supreme court, it is unclear how we are to set forth our analysis. Depending on the cases we review, we should either (1) evaluate whether Securitas had a duty under the circumstances of this case, see Hocking v. City of Dodgeville, 2009 WI 70, ¶¶ 10-13, 318 Wis. 2d 681, 768 N.W.2d 552, or (2) consider whether Securitas's actions constituted a breach of the duty of ordinary care, see Behrendt v. Gulf Underwriters Insurance Co., 2009 WI 71, ¶¶ 15-31, 318 Wis. 2d 622, 768 N.W.2d 568.

¶ 10. We conclude it does not matter which approach we employ because, in the end, they are one and the same. A conclusion of no negligence under the first approach requires that we determine the defendant was not required to act, while under the second it requires that we determine there was no breach for failing to act because the defendant was not required to act. See Hocking, 768 N.W.2d 552, ¶ 13 ("[BJecause there was no duty under the circumstances, no breach occurred, and there was not a viable negligence claim.") (discussing Hoida, Inc. v. M & I Midstate Bank, 2006 WI 69, ¶ 46, 291 Wis. 2d 283, 717 N.W.2d 17). Without explicitly employing either approach in this case, we simply conclude Securitas was not negligent, as a matter of law. See Behrendt, 768 N.W.2d 568, ¶ 19 (quoting Restatement (Third) of Torts: Liability for Physical Harm § 7(a) cmt. i (Proposed Final Draft No. 1, 2005)), ¶ 22 (quoting Rockweit v. Senecal, 197 Wis. 2d 409, 419, 541 N.W.2d 742 (1995)).

¶ 11. The claim of negligent hiring, training, or supervision of employees was first recognized in Miller v. Wal-Mart Stores, Inc., 219 Wis. 2d 250, ¶ 2, 580 N.W.2d 233 (1998). There, the court observed the

proper analysis of duty in Wisconsin is as follows: "The duty of any person is the obligation of due care to refrain from any act which will cause foreseeable harm to others even though the nature of that harm and the identity of the harmed person or harmed interest is unknown at the time of the act...."

Id., ¶ 9 (quoting Rockweit, 197 Wis. 2d at 419-20).

¶ 12. Ultimately, our holding in this case is guided by Sigler v. Kobinsky, 2008 WI App 183, 314 Wis. 2d 784, 762 N.W.2d 706, another negligent supervision case. In Sigler, we recognized we may determine, as a matter of law, a party was not negligent because it was not reasonably foreseeable that harm might result from the act or failure to act. Id., ¶¶ 7, 11 (addressing the issue in the context of scope of duty). Our supreme court likewise recognized negligence could be determined as a matter of law due to a lack of forseeability in Behrendt, 768 N.W.2d 568, ¶¶ 22-23, 27, 43 (addressing the issue in the context of breach).

¶ 13. " A person is not using ordinary care and is negligent, if the person, without intending to do harm, does something (or fails to do something) that a reasonable person would recognize as creating an unreasonable risk of injury or damage to a person or property.'" Behrendt, 768 N.W.2d 568, ¶ 56 (Abrahamson, C.J., concurring) (quoting Alvarado v. Sersch, 2003 WI 55, ¶ 14, 262 Wis. 2d 74, 662 N.W.2d 350). "Failure to guard against the bare possibility of injury is not actionable negligence." Grabe v. Moths, 56 Wis. 2d 424, 433, 202 N.W.2d 261 (1972).

¶ 14. The negligent supervision claims in Sigler were substantially similar to the claims against Securitas here. There, an employee used his work computer to harass the plaintiffs, who argued the employer should have "done regular monitoring and should have reviewed individual employee hits on internet websites to prevent employees from using their computers to cause harm." Sigler, 314 Wis. 2d 784, ¶ 4. We concluded there was no duty of care "[blecause it was not reasonably foreseeable that permitting employees to have unsupervised access to the internet would probably result in harm to some person or some thing." Id., ¶ 11.

¶ 15. We conclude Securitas was, as a matter of law, not negligent under the circumstances of this case. Securitas provided Schmidt with training concerning both sexual harassment and employee theft. The guard shack computer was owned, maintained, and monitored by Polaris. Katy Pawlik, Schmidt's supervisor, testified that before Schmidt's acts were discovered, Polaris informed her it could track internet usage by the guards and used a filter that would block inappropriate websites. Polaris never notified Pawlik of any concerns about the volume or nature of internet use. It was not reasonably foreseeable that Securitas's conduct would probably result in harm to some person or some thing. There is nothing inherently dangerous about permitting employees to access the internet at work. Further, there is no evidence, nor did the trial court explicitly find, that Schmidt ever used the work computer to transmit images, adulterated or otherwise.

¶ 16. The trial court also observed Securitas did not monitor Schmidt's access to the Polaris employee photos. Again, in contrast to social security numbers or other personal information, it was not reasonably foreseeable that unsupervised access to photographs would result in harm. Further, as Securitas notes, Schmidt was required as part of his duties to copy and transfer the photos to the guard shack computer for making badges. Thus, there would have been nothing to alert Polaris or Securitas that something was amiss.

¶ 17. The trial court also concluded Securitas was negligent because it failed to take further actions in addition to firing Schmidt, and that the plaintiffs were further injured by this failure to do more. It is not apparent what the underlying basis of recovery is for this conclusion. Clearly, an employer's duties to train and supervise an employee do not continue beyond termination of the employee. In any event, given the circumstances, Securitas cannot reasonably be expected to have done anything more. Polaris, whose unidentified employees were the ones affected, represented that it was handling the matter and that the offending materials had been removed from the internet. The affected employees could, and did, refer the matter to police. Securitas cannot be held responsible for what the police or district attorney's office chose to do or not do.

¶ 18. In addition to concluding Securitas was as a matter of law not negligent, we conclude as we did in Sigler, 314 Wis. 2d 784, ¶ 12, that related public policy concerns would also preclude liability. First, the plaintiffs' injuries here were too remote from the alleged negligence. It would be an understatement to say Schmidt's actions were bizarre and unexpected. Schmidt's actions were unimaginable. Further, while he obtained access to the plaintiffs' images through his employment, similar images could be obtained elsewhere. The images were not of persons who were unclothed or engaged in private conduct. Additionally, any harm caused by Securitas's failure to follow up with Yahoo! or the police, or the police or district attorney's office's failure to further investigate or prosecute, is far too attenuated from any breach of a duty of employee supervision.

¶ 19. We also conclude that allowing recovery would have no sensible or just stopping point for essentially the same reasons set forth in Sigler. Securitas trained Schmidt concerning sexual harassment and employee theft and ensured internet use was monitored and filtered. Schmidt testified he knew he was expected to adhere to the computer usage policies of Securitas's clients and was aware of Polaris's policy. Further, contrary to the trial court's conclusion, employers have no duty to supervise employees' private conduct or to persistently scan the world wide web to ferret out potential employee misconduct. Were we to allow the plaintiffs' claims here to proceed, "this expansion of liability would be limitless and turn employers' into guarantors or insurers." Id., ¶ 13.

¶ 20. As we noted at the outset, Securitas presents additional arguments that it cannot be held liable for damages caused by a hostile work environment existing at another employer over which it had no control, and that it is entitled to a new trial due to circuit court bias. Because we resolve the case on other grounds, we do not reach these issues. See State v. Castillo, 213 Wis. 2d 488, 492, 570 N.W.2d 44 (1997).

By the Court. — Judgments reversed and causes remanded with directions. 
      
       An additional weblog was discovered on November 4, but Polaris never notified Securitas of the discovery. Yahoo! did not know the weblog would remain open after deactivation. The last posting was removed by November 9.
     
      
       Our supreme court decided both Hocking v. City of Dodgeville, 2009 WI 70, 318 Wis. 2d 681, 768 N.W.2d 552, and Behrendt v. Gulf Underwriters Insurance Co., 2009 WI 71, 318 Wis. 2d 622, 768 N.W.2d 568, on the same day.
     
      
       Not only do the majority opinions in Hocking and Behrendt point us in different directions, but so do the concurring opinions. In Behrendt, a concurrence states, "Wisconsin's negligence standard requires a determination of whether the defendant's conduct comported with the standard of reasonable and ordinary care under the circumstances, rather than a determination whether the defendant had a duty under the circumstances to perform an act that was omitted." Behrendt, 768 N.W.2d 568, ¶ 58 (concurrence). Yet, in Hocking the same jurist's concurrence states, "The instant case may be viewed as a failure to act.... If so, I must determine whether under the circumstances of the case the defendants were under a duty to take positive action ... ."Hocking, 768 N.W.2d 552, ¶ 47 (concurrence). Still, the Hocking concurrence ultimately concludes there was no breach, as a matter of law, because, ostensibly, the defendants had no duty to affirmatively act under the circumstances. Id., ¶ 9, n.5 (majority), ¶ 57 (concurrence).
     
      
       The concern expressed in Behrendt, 768 N.W.2d 568, ¶ 3, that a no-duty-under-the-circumstances conclusion risks offending the principle that every person is held to the duty of ordinary care, appears to be based on a conflation of the two distinct aspects of duty. As explained in Hocking, " ’duty[] involves two aspects: (1) the existence of a duty of ordinary care; and (2) an assessment of what ordinary care requires under the circumstances.' " Hocking, 768 N.W.2d 552, ¶ 11 (quoting Hoida, Inc. v. M & I Midstate Bank, 2006 WI 69, ¶ 27, 291 Wis. 2d 283, 717 N.W.2d 17.) Whether a no negligence conclusion flowing from the second aspect is characterized as no duty or no breach is a matter of semantics: Was Jack required to do that act? Did Jill do all that was required of her? The latter inquiry begs the question: what was required?
     
      
       Given the stated testimony, we reject as clearly erroneous the trial court's finding that "[t]here was no showing that Securitas was aware of or relied on the filtering software in place at Polaris."
     
      
       The court found only that there were no safeguards in place that would have prevented Schmidt from transmitting images directly from his flash drive by using Yahoo! Messenger, an instant messaging program.
     
      
       The trial court concluded Securitas should have notified and followed up with law enforcement; notified the state regulatory department that issued Schmidt's security guard license; notified Schmidt's known or reasonably ascertainable other employers; attempted to seize Schmidt's personal computer through either consent or injunctive relief; and confirmed with Yahoo! and other internet service providers that all content was permanently removed and pursued court processes if they were uncooperative.
     