A recent decision of the British Columbia Court of Appeal provides helpful guidance for employers who are faced with employees who breach workplace policies regarding the protection of private and confidential information.
In Steel v. Coast Capital Savings Credit Union, 2015 BCCA 127 (CanLII), the Court of Appeal was asked to consider whether or not the judge at the summary judgment hearing had erred when she held that Ms. Steel, a 21 year Information Technology employee with the Coast Capital Savings Credit Union, was properly terminated for just cause after she breached company policy to view a confidential folder belonging to a co-worker. The evidence established that Ms. Steel had viewed the folder without authorization and for the likely purpose of assessing whether or not she was eligible to receive a company parking spot. The company was also able to show that it had policies that clearly established a protocol for IT workers who wanted to view materials in confidential folders and that Ms. Steel had reviewed and acknowledged the application of this policy to her. Further, Ms. Steel admitted that she deliberately accessed the confidential folder. Her position in the summary judgment motion was that this incident alone was not sufficient to support terminating her employment for just cause.
The Court of Appeal held that the company did have just cause to terminate Ms. Steel’s employment. Although Ms. Steel’s long service with the company had to be taken into account, it could not excuse her breach of the company’s policies. The Court of Appeal found that when assessing whether or not a particular incident of misconduct is sufficient to justify summary dismissal, the Court must decide whether or not the nature of the misconduct was reconcilable with a continuing employment relationship. Applying that analysis to the facts of this case, the Court of Appeal noted that Ms. Steel worked for an employer that operated in the financial services industry, an industry in which trust in employees is of paramount importance. Further, Ms. Steel’s position as an IT help desk worker gave her unfettered access to all of the company’s electronic data and she worked almost entirely without supervision. The company had to place its full faith in Ms. Steel’s judgment and trust that she was conducting herself in accordance with its policies. It was not practical or desirable for someone to monitor her access to the company’s systems. In light of these facts, the company was justified in concluding that the trust and good faith that was required to sustain its employment relationship with Ms. Steel had been irrevocably broken. Her appeal of the summary judgment decision was dismissed.
Although not specifically relied upon by the Court of Appeal, we believe it is notable that the company had written policies in place regarding privacy and confidentiality in the workplace. It also had a specific and detailed protocol for IT employees to follow when they wished to access a folder that was marked as confidential. It would appear that the company was also diligent about having employees review and sign off on their policies on an annual basis. This ensured that when it came time to enforce these policies and hold Ms. Steel accountable for her breach of procedure, the company was well-positioned to show that she was aware of the proper procedure to follow and deliberately chose not to do so.