A recent decision by the British Columbia Supreme Court demonstrates the Court’s willingness to strictly enforce clearly drafted employer policies in order to protect confidential information. In Steel v. Coast Capital Savings Credit Union, the Court upheld the dismissal for cause of a 20-year employee, in response to her breach of confidentiality and privacy policies.
Ms. Steel began working for Coast Capital Savings Credit Union on November 4, 1987. On December 10, 1997, she was promoted to Helpdesk Analyst in the IT Department. In this position, Ms. Steel provided technical assistance to Coast employees when they experienced trouble with the network.
As Helpdesk Analyst, Ms. Steel was able to access any file in the organization. Her work was largely unsupervised. No one monitored which documents she accessed or for what purpose.
All employees on Coast’s internal computer system were assigned a “personal folder,” intended to be used for confidential information pertaining to the Company for the sole use of that employee. The only exception to this rule was for employees like Ms. Steel, who could access other employees’ personal folders in order to assist with technical problems. For these situations, Coast established a specific protocol. It required that the Helpdesk support person obtain the specific permission of an employee before viewing their confidential document.
Leslie Kerr, the manager of Coast’s Facilities and Purchasing Department, maintained a spreadsheet in her personal folder that contained a priority list for assigning the limited number of employee parking spaces. Ms. Steel did not have a parking spot and was affected by this priority list. In July 2008, when Ms. Kerr attempted to open the spreadsheet, she received a notice that it was already in use by Ms. Steel. Steel had not requested Kerr’s permission to view the document.
Following an investigation, Coast terminated Ms. Steel for cause. Believing this to be an excessive response to an isolated incident, Steel sued Coast for wrongful dismissal.
The trial judge sided with the employer. She determined that Coast’s decision to dismiss Ms. Steel for cause was an appropriate and proportional response to her breach of confidentiality.
The judge found that Steel occupied a position of great trust in an industry in which trust is of central importance. Coast could not practically monitor which documents Ms. Steel accessed and for what purpose. Rather, it had to trust her to only access documents as required in the course of her duties, and to follow the established protocols when she did so. When Ms. Steel violated this trust, the judge ruled, her conduct amounted to just cause for dismissal. Her law suit was dismissed.
Lessons for Employers
Key to the finding in this employer-friendly decision was that Coast’s confidentiality and privacy policies were clearly drafted and employees were aware of their importance.
Employers who wish to benefit from this decision should not rely on oral policies or on the oral dissemination of policies. Rules should always be committed to writing. Employers should require employees to attend refreshers and acknowledge their understanding of the policies. For the most important policies, it should be made clear to employees that any transgression could result in serious repercussions, including dismissal for cause.