A recent decision of the Ontario Grievance Settlement Board raises the interesting question of an employer’s vicarious liability for an employee’s privacy breach.
Vicarious liability was described in the leading Supreme Court of Canada case of 671122 Ontario Ltd v. Sagaz Industries Canada Inc. [2001] 2 S.C.R. 983 as the event when the law holds one person responsible for the misconduct of another because of their relationship. The most common relationship giving rise to vicarious liability is the employer and employee relationship.
In Ontario Public Service Employees Union v. Ontario 2015 CanLii 19325 [ON GSB] one employee (“Employee X”) inappropriately accessed the employment insurance file of a co-worker (“Ms. M”) who was away from the workplace due to sickness. The inappropriate access took place during work hours and Employee X discussed Ms. M’s personal information with other employees. There was no work reason for Employee X to be accessing Ms. M’s EI file. The Employer had appropriate policies in place that prohibited the use of the Employer’s IT resources for unacceptable activities and was proactive when hiring new employees to instruct them in connection with their obligations to keep information private.
Upon being made aware of the unauthorized accesses to Ms. M’s EI file the Union representing Ms. M filed a grievance. During the hearing of the grievance the Union put the Employer on notice that it would bring a motion before the Grievance Settlement Board to determine the effect of the tort of intrusion upon seclusion to the disposition of the grievance.
The Grievance Settlement Board considered two questions in relation to the motion:
On the first question the Grievance Settlement Board accepted jurisdiction in the case. The Board held that FIPPA (the Freedom of Information and Protection of Privacy Act) was an employment related statute and that the substantive rights and obligations found therein were implicit in the collective agreement and accordingly the Board had jurisdiction to hear and determine the motion during the grievance.
The more interesting question was that of whether the Employer was vicariously liable for the actions of Employee X who snooped in Ms. M’s EI file.
After reviewing the law in relation to vicarious liability in the employment context and the evidence pertaining to the incident, including the Employer’s hiring practices and the Employer’s privacy policies, the Board concluded that the Employer was not vicariously liable for the actions of Employee X. The Board was of the view that the “wrongful act” of snooping in Ms. M’s EI file was not sufficiently related to conduct authorized by the Employer to attract vicarious liability. Employee X’s actions were viewed by the Board as being the actions of a rogue employee who, for her own purposes accessed Ms. M’s EI file. It was not an action that could be seen to “further the employer’s aims”. The actions were done without the employer’s sanction or knowledge.
The Board accepted the Employer’s evidence that it knew nothing of the intrusion until being told of it by a co-worker of Ms. M. Upon learning of the intrusion the Employer took immediate action to investigate and manage the issue. The evidence indicated that Employee X had received a significant suspension.
The decision, although good news for the Employer, did not leave Ms. M without a remedy. Like the plaintiff in Jones v. Tsige, Ms. M would still be permitted to sue Employee X at common law for damages for the tort of intrusion upon seclusion as a result of her unauthorized snooping.
For employers certain takeaways are immediately apparent:
We have not heard whether the Union will challenge the decision on judicial review. We will continue to follow this case.
Finally, we would caution that the existence of the tort of intrusion upon seclusion as formulated by the Ontario Court of Appeal in Jones v. Tsige has not been endorsed by the Courts of Appeal of all Canadian jurisdictions nor by the Supreme Court of Canada. An action for damages for the tort of intrusion upon seclusion may not be available in all Provinces.
Written by Maggie Hughes, Associate and Kaylee Campbell, Articled Clerk Workplace policies are a helpful tool to provide employees with clear expectations. This may include setting parameters around expected employee conduct or outlining procedures to streamline processes. While there are a wide range of policies that any one organization may implement, it is important to […]
read moreWritten by Ben Ladner Once your corporation is established, it is important to take the necessary steps to set a solid foundation. This checklist outlines essential post-incorporation tasks, from tax filings to corporate governance, to help you navigate the next phase of your business journey. Read more: Post-Incorporation Checklist: Essential Next Steps
read moreWritten by F. Richard Gosse. Background The concept is not new – parties committing to provide work or services decide to write down what each expects of the other: a scope of work, a mechanism for payment, some general provision for timelines, changes, and warranties or the like. More sophisticated engagements may (or may not) […]
read more
