How to Protect Your Business from a Rogue EmployeeDays before Christmas, a New York glass installer who admitted he uploaded an unfinished copy of X-Men Origins: Wolverine to the Internet, received a one-year sentence in federal prison from a U.S. District Court judge who termed his actions "extremely serious."

It's a sad story for Gilbert Sanchez, the glass installer, but what, you ask, does this have to do with my company or start-up? Let's suppose for a moment that instead of installing glass, Sanchez worked for you and, rather than uploading the movie from his home, he did so using his work computer and your company's Internet connection. This circumstance may carry implications for businesses.

Recently, a raft of lawsuits have appeared accusing thousands of individuals of illegally uploading and downloading materials in violation of U.S. copyright laws. Attorneys for film companies -- including one Los Angeles plaintiff that sued more than 5,800 individuals for downloading one particular adult film -- file many of these suits.

OK, so you probably won't see many of these films at the Academy Awards celebration in February, but the plaintiffs in these lawsuits are hell-bent on collecting settlements from a large number of individual defendants. They're in the process of issuing subpoenas to Internet service providers to obtain the name and address of individual subscribers -- including businesses -- to pursue mass settlements.

The question is, what do you do if your company is subpoenaed as a result of a mass filing? The Electronic Frontier Foundation, a nonprofit founded in 1990 to defend digital rights, says that because these cases are unique you should immediately contact an attorney in either the state where the lawsuit was filed or in the state where your business is incorporated.

Stewart Kellar of the San Francisco-based E-ttorney at Law agrees, but says business owners slapped with a mass file-sharing lawsuit also need to have an Internet Usage/Copyright Infringement policy in place to avoid such legal actions in the first place. He says that policy "should state in no uncertain terms that the Internet is to be used for business and (maybe) personal email use only and for no other purpose."

Kellar suggests that if your business does receive a subpoena from its ISP, it should first be determined if the infringement occurred on a work computer by an employee. If so, the company can offer up the employee to the plaintiff, pay the settlement fee and seek reimbursement from the employee. Or a company can just ignore the demand letter and see if the plaintiff will proceed and make good on its threats.

"A business that provides an Internet connection to its employees or the public is itself an ISP," says Keller. "Unless it knew about the infringing activity and then induced or facilitated that infringement, contributory liability is very unlikely."

How have you dealt with employees' Internet usage? Leave a comment and let us know.