Employee Dismissed for Cause after Breach of Privacy Policy

In Steel v. Coast Capital Savings Credit Union, the Supreme Court of British Columbia upheld the termination of an employee on a with cause basis after the employee breached the bank’s confidentiality policy.

Susan Steel had worked for Coast Capital Savings Credit Union for over 20 years. At the time of her dismissal, she was a Helpdesk analyst in the IT Department. In this role, she provided internal technical support to other employees of the credit union. In order to complete her job duties, Ms. Steel was able to access all documents and files within the organization, including employees’ personal folders. Access to documents and files was not monitored by the credit union, and Ms. Steel was largely unsupervised.

The employer had established several clear policies and protocols relating to accessing documents and confidentiality, which required permission of the owner of the file or permission from the Vice President of Corporate Security before another employee’s file could be accessed and read. As part of the annual performance review process, Ms. Steel had acknowledged that she had read and understood these policies.

Despite this, in July 2008, Ms. Steel accessed another employee’s confidential folder and viewed a document – a waiting list for parking spaces, on which she was listed – for her own purposes. She had not been asked by her employer to procure this document, and she did not have the permission of the owner. Ms. Steel was dismissed immediately for cause.

The employee sought summary judgment in her action for damages for wrongful dismissal.

In order to terminate an employee without notice or pay in lieu thereof, it is well established that an employer must have just cause, and that the onus of proving just cause rests with the employer. Just cause may exist where the employee’s conduct reveals a character that is dishonest or untrustworthy. In such a case, just cause for dismissal exists where the dishonesty violates an essential condition of the employment contract or breaches the faith in a work relationship, or where the behavior is inconsistent with the employee’s obligations to their employer. In this case, the Court noted specifically that the relationship of trust between employer and employee is crucial in the banking industry, and that employees who work with greater autonomy must be held to a higher standard of trust.

Applying these principles to the facts in this case, the Court found that, while Ms. Steel was not a managerial employee, she did occupy a position of significant trust within the credit union. As it was not practical for Ms. Steel to be monitored all the time, trust was an especially important aspect of her unsupervised position. It was concluded that Ms. Steel violated this trust in two ways. First, she opened another employee’s personal files for her own benefit, and not at anyone’s request or as part of her duties. Second, Ms. Steel failed to follow the procedures put in place by her employer to govern access to other employee’s personal files. The court concluded that these reasons satisfied the just cause requirement, and dismissed Ms. Steel’s action.

This case reiterates that breaching the employer’s trust by failing to follow a workplace confidentiality policy may constitute grounds for termination for cause, notwithstanding the duration of an employee’s employment. However, as in this case, in order to support a termination for cause, employers will need evidence to establish that the employee worked in a position of trust and autonomy within the organization, and that the employee was aware of the relevant policies and protocols.