When will an employee’s breach of confidence justify immediate dismissal under Canadian law? A recent decision by the British Columbia Supreme Court demonstrates that clearly drafted employer policies intended to protect confidential information can indeed be strictly enforced. In Steel v. Coast Capital Savings Credit Union, the court upheld the dismissal of a 20-year employee for cause in response to her breach of confidentiality and privacy policies.
Susan Steel began working for Coast Capital Savings Credit Union on November 4, 1987. On December 10, 1997, she was promoted to help desk analyst in the IT department. In this position, she provided technical assistance to Coast employees when they experienced trouble with the network.
As help desk analyst, Steel was able to access any file in the organization. Her work was largely unsupervised. No one monitored which documents she accessed or for what purpose.
All employees on Coast’s internal computer system were assigned a “personal folder,” intended to be used for confidential information pertaining to the company for the sole use of that employee. The only exception to this rule was for employees like Steel, who could access other employees’ personal folders in order to assist with technical problems. For those situations, Coast established a specific protocol. It required that the help desk support person obtain the specific permission of an employee before viewing a confidential document.
Leslie Kerr, the manager of Coast’s Facilities and Purchasing Department, maintained a spreadsheet in her personal folder that contained a priority list for assigning the limited number of employee parking spaces. Steel didn’t have a parking spot and was affected by this priority list. In July 2008, when Kerr attempted to open the spreadsheet, she received a notice that it was already in use by Steel. Steel hadn’t requested Kerr’s permission to view the document.
Following an investigation, Coast terminated Steel for cause. Believing this to be an excessive response to an isolated incident, she sued Coast for wrongful dismissal.
The trial judge sided with the employer. She determined that Coast’s decision to dismiss Steel for cause was an appropriate and proportional response to her breach of confidentiality.
The judge found that Steel occupied a position of great trust in an industry in which trust is of central importance. Coast couldn’t practically monitor which documents she accessed and for what purpose. Rather, it had to trust her to access documents only as required in the course of her duties and to follow the established protocols when she did so. When she violated this trust, the judge ruled, her conduct amounted to just cause for dismissal. Her lawsuit was dismissed.
Lessons for employers
Key to the finding in this employer-friendly decision was that Coast’s confidentiality and privacy policies were clearly drafted and employees were aware of their importance.
Employers who wish to benefit from this decision shouldn’t rely on oral policies or on the oral dissemination of policies. Rules should always be committed to writing. Employers should require employees to attend refreshers and acknowledge their understanding of the policies. For the most important policies, it should be made clear to employees that any transgression could result in serious repercussions, including dismissal for cause.