Northern Exposure

Tech Employee Fired for Egregious Computer Use: Termination Justified

By Maria Giagilitsis

Along with the extraordinary benefits accompanying today’s rapidly advancing technology comes an increasing vulnerability for Canadian employers who strive to hire the “best of the best” information technology groups.

On the one hand, “wizard like” computer skills are an invaluable asset — they can lead a company’s growth while sharpening its competitive edge. On the other hand, these advanced skills also can be a source of weakness as management struggles to predict the numerous and complex ways in which a technology employee might abuse his or her position and even cause harm to the business.

On December 3, 2010, Ontario arbitrators released a decision in Sheridan College Institute of Technology and Advanced Learning v. Ontario Public Service Employees Union in which they agreed with the termination of an employee for unauthorized computer use as well as an insolent Facebook posting.

Mere technical wrongdoings?
The employee, Steve Rowe, was the consummate techie. At 36 years old, he was considered a technical wizard at the college, having been employed as an infrastructure analyst for 13 years. He occupied one of the highest paid bargaining unit positions at the college, and, until the date that his employment was terminated, he had a clean disciplinary record and was provided with access to the college’s most secure servers. What happened? Like many employees, Rowe blurred the boundary between his personal life and his professional life.

More specifically, Rowe adopted a surplus college computer as his own, even naming it “Numb.” Numb was hooked up to one of the college’s most powerful network servers — a server that facilitated more than $20 million in online transactions each year. Using the powerful system, he was able to download thousands of copyrighted materials, including TV shows, movies, music, and games, all of which he stored on Numb. He also downloaded pornographic videos and engaged in online chats with his girlfriend about their various sexual encounters, some of which purportedly took place on college premises.

In an ever bolder move, Rowe installed his own programming, which granted access to numerous colleagues and college employees as well as several family members and friends, none of whom were granted security clearance by the college to access the server. Essentially, he was a bootleg entertainment dealer for a wide circle of colleagues, family, and friends.

When a third-party audit revealed some of Rowe’s behavior, the college conducted an investigation. The results confirmed that he had been engaging in the unauthorized activities for the better part of the decade. Not surprisingly, his employment was terminated.

That same day, Rowe posted a picture of the rear of a mountain climber on his Facebook page, adding an arrow pointing to the climber’s buttocks with a caption inviting his manager to “kiss this.” Rowe later apologized for the Facebook posting but only after being advised to do so by the union.

Grievance
The union grieved the termination of Rowe’s employment, claiming that the college overreacted. According to the union, the discipline was too harsh given Rowe’s previously clean discipline record and his apology for the Facebook posting. The union also relied heavily on the fact that the college had previous knowledge of his personal use of college computers for the purposes of downloading and storing music and other personal media.

Termination justified
The arbitrators agreed that an employer’s previous knowledge of an employee’s wrongdoings may sometimes affect the appropriate level of discipline. In this case, however, the arbitrators found that the termination was justified for a number of reasons:

  • Though the college had some knowledge of Rowe’s personal computer use, the college had no idea of the extent to which he abused his privileges.
  • The college didn’t have any knowledge that Rowe programmed the computer to grant remote access to other college employees as well as his family and friends. Those other employees also were disciplined for their unauthorized access to the college server, thus demonstrating the severity with which the college perceived Rowe’s conduct.
  • Rowe was provided with an opportunity to explain his conduct during the investigation process. Rather than being candid about his activities, he attempted to surreptitiously delete the personal contents from Numb just before the investigation meeting and was evasive during the meeting itself.
  • Rowe was employed in a position of trust, having access to highly sensitive information and enjoying a high level of security clearance. The arbitrators said that a person employed in this capacity is expected to exercise better judgment.
  • Rowe’s Facebook posting illustrated poor judgment and a total lack of remorse for his egregious conduct.
  • The employer’s evidence showed that Rowe had signed the college handbook, which clearly set out the college’s rules and expectations about personal computer use.

Conclusions
Information technology employees often enjoy access to highly sensitive employer data, and it seems that courts and arbitrators are becoming increasingly sensitive to the threats these skills can pose to an employer’s business interests. The decision in Sheridan College demonstrates that an employee’s lack of remorse, coupled with his or her disregard for the employer’s business and financial interests, can justify firing even a highly paid employee with a long and clean service record. Although this decision arises in Ontario, it may well have application across Canada.