A Cautionary Tale: Employee Misconduct Creates Employer Liability
To print this article, all you need is to be registered or login on Mondaq.com.
Consider this scenario: An employee steals co-workers’
personal information and uses it in an attempt to blackmail his
employer, threatening to release it publicly unless a ransom is
paid. Who’s stuck with the liability in this story? You may be
Grossman v. Nissan is a class action in which
the representative plaintiffs are Nissan employees whose personal
information was used by their co-worker (who has never been
identified and is therefore referred to as the “unknown
employee”) in his blackmail scheme. It appears very little
information was stolen and none was released to third parties.
However, the plaintiffs claimed four causes of action against
Nissan: (a) vicarious liability for the unknown employee’s
intrusion upon their seclusion (effectively a breach of their
privacy); (b) breaches of provincial privacy statutes; (c)
negligence; and (d) breach of contract. They indicated that, if
certification of the vicarious liability claim was successful, the
statutory claims would not be pursued.
The plaintiffs argued that Nissan had a responsibility to
protect their information, that the tort of “intrusion upon
seclusion” has been recognized by the Court, and that symbolic
or moral damages can be awarded even if no financial or
out-of-pocket losses are incurred.
The Court certified the class action, stating “I cannot say
that the plaintiffs’ vicarious liability for intrusion claim
has no chance of success.” The negligence claim was also found
to disclose a cause of action.
Of course, this is not the end of the story. If the action goes
to trial, Nissan could be successful in defending the claims. Some
international precedents suggest that this outcome is
However, in the meantime, the Superior Court’s application
of the principle of employers’ vicarious liability in
situations like this – a rogue employee deliberately
instituting a data breach – should cause employers to tread
carefully in permitting access to sensitive data. Only trusted
employees with a genuine need-to-know reason should be granted such
1 E.g. Various Claimants v. Wm Morrisons
Supermarket PLC,  EWHC 3113 (Q.B.); aff’d
 EWCA Civ 2339 (Eng. C.A.); rev’d  UKSC
Originally published 30 July, 2020
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Litigation, Mediation & Arbitration from Canada