Two employees were working together in a government department.
One employee, ("Employee X"), looked at employment
insurance file of a co-worker who was on sick leave, ("Ms.
M"), during working hours but without a work related reason.
In reviewing the file, Employee X found out that Ms. M had
exhausted her entitlement to employment insurance.
Employee X also disclosed this information to a fellow employee
who then reported the matter to the employer. After an
investigation, the Employer determined that Employee X had accessed
Ms. M's records twice on the same day and on no other
occasions. Employee X was then given a fifteen-day suspension.
The Union representing Ms. M brought a grievance seeking damages
from the Employer for the tort of intrusion upon seclusion, which
was recognized by the Court of Appeal in its 2012 decision in Jones v. Tsige,
and a breach of the Freedom of Information and
Protection of Privacy Act
("FIPPA"). In Jones v. Tsige, the Court of
Appeal awarded Ms. Jones who was employed by the Bank of Montreal
damages of $10,000 after a fellow employee, Ms. Tsige, looked at
Ms. Jones' bank account records over 100 in four years without
a work-related reason or doing so.
The grievance came before the Vice-Chair of the Ontario
Grievance Settlement Board, Felicity Briggs, who rendered a
decision on March 16, 2015.
Arbitrator Briggs was required to decide two issues:
Does the Board have the jurisdiction to determine whether the
tort of intrusion upon seclusion occurred?; and
If so, is the employer vicariously liable for the actions of
The identity of the government department, the geographic
location of the government office, and the names of the
participants were anonymized by the arbitrator.
Issue 1: Jurisdiction
The Employer argued that the Board did not have the jurisdiction
to decide this grievance as the issues arose out of a dispute
between two employees. Moreover, this dispute did not relate
directly or indirectly to a breach of the collective agreement by
On the other hand, the Union argued that it was an implied term
of the collective agreement that all employees' statutory
rights under FIPPA would be protected by the Employer and that
Employee X's actions are a presumed invasion of privacy under
21.3 of FIPPA.
Arbitrator Briggs determined that the Board di have jurisdiction
on the basis that FIPPA is an employment related statute and its
provisions on the protection of privacy are implicitly included in
the collective agreement.
Issue 2: Vicarious Liability
It was not in dispute that Employee X had violated the privacy
of Ms. M. The issue was whether the Employer was vicariously liable
for her actions. The Union's position was that the Employer was
responsible for compensating Ms. M.
The Arbitrator heard evidence from the Employer and the Union on
the workplace policies, training, and the importance of protecting
privacy to the culture of the workplace.
Arbitrator Briggs determined that the Employer had "clear
and sufficient policies regarding the protection of personal
information" and that all employees were reminded of these
policies via pop-up windows when logging in. Moreover, there had
not been any previous incidents involving breaches of privacy in
the office and employees were aware of the importance of protecting
On the basis of the above, the Arbitrator concluded that while
Ms. M had been the victim of the tort of intrusion upon seclusion
the Employer was not vicariously liable. She characterized
Employee X's actions those "of a rogue employee who, for
her own purposes accessed the grievor's EI file." Actions
which were not condoned by the Employer or for its benefit.
Whether employers are vicariously liable for the tort of
intrusion upon seclusion is an unresolved issue. To date, there has
not been an authoritative judicial decision on whether, or in what
circumstances, employers will be vicariously liable. Employers,
however, will likely reduce the risk that they will be vicariously
liable if they have clear policies and procedures, which have been
communicated to employees, and establish a workplace culture in
which the protection of privacy is a core value.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).