Should Mcdonalds Be Sued For Leaked Surveillance Video?

The nearly nude women who trashed a Florida McDonald's was a popular topic on social media last week.

What caused the online frenzy was idiotic employees who leaked the surveillance video clip online (appearantly by filming the monitor with a cell phone), humiliating the women and getting themselves fired.

Here is a video synopsis.

Presumably, employees at the location need access to the system so it might be hard to lock them out of it completely but perhaps restricting access to live video only (without a special user level / password) would minimize such risk.

Secondly, what do you think the legal liability is for McDonald's? Certainly this woman damaged the store but (1) it is not appropriate to respond by humilating her online and (2) the women claims to suffer from mental health issues, making it look even worse for McDonald's.


I'm sure McDonalds will be rethinking access to the video system, but I don't think the answer is simple without knowing more. On the face of it, if businesses were held liable for every single dumb thing their employees did, no one would be in business long. It seems her issue is more with the employees than with McDonalds.

But that's on the surface of it. Did McDonalds management have any pre-knowledge of employees accessing video recordings and ridiculing customers? Was there an established policy on accessing video? Was there a password for the system given only to management or posted on the wall where anybody could see it? These are all facotrs in culpability.

"if businesses were held liable for every single dumb thing their employees did, no one would be in business long"

As a general rule, I am pretty sure businesses are held liable for dumb things their employees do while working while on their premises.

I do agree with you that the policies will have an impact on the level of culpability but I am not sure they could eliminate it even if they had strong policies or practices in places.

Sometimes businesses are held liable for their employees when they are on duty. Sometimes it's right, sometimes it's wrong. What if an IPVM employee used member subscriber information to hit on and stalk an IPVM member, and that member decided to sue IPVM? You didn't condone it. You have policies against it. If you knew about it in time, you would have stopped it before it happened.

But at the fear of moving the forest fire from the Davis Typewriter thread to over hear, I'll leave it at that.

For this case, it should definitely give businesses pause. Just like identity related and credit card information, small businesses may need to start treating surveillance recordings similarly, even if there is not a specific legal requirement to do so.

Rather engage in speculation, there is a specific legal principle at play for employee / employer liability, called "Respondeat superior," defined as "a legal doctrine which states that, in many circumstances, an employer is responsible for the actions of employees performed within the course of their employment."

Online documents tend to mention these three elements:

  1. Was the act committed within the time and space limits of the agency?
  2. Was the offense incidental to, or of the same general nature as, the responsibilities the agent is authorized to perform?
  3. Was the agent motivated to any degree to benefit the principal by committing the act?

Presumably, in this case, McDonald's may argue that the actions were not meant to benefit McDonald's so it should constrain liability. However, 1 and 2 are likely the case.

McDonald's has a Standards of Business Conduct For Employees page that states (2nd paragraph) that all of their employees are required to certify each year that they have read (and will abide by) the McDonald's Standards of Business Conduct.

Here are pages 24 & 25 from that document:

So McDonald's Corp is somewhat covered. However, McDonald's can say 'don't do bad stuff with our stuff', but if they do nothing (or have no policies) to try and prevent unauthorized access of company stuff by employees who shouldn't have access, then they might possibly be vulnerable from that angle.

Also, with 80% of all of their restaurants being franchise-owned (pg 16), does McDonald's Corp even have a surveillance system policy included as part of the franchise requirements? The wildly different equipment I see at various McDonald's makes me believe that they do not.