A Cautionary Tale: Employee Misconduct Creates Employer Liability

To print this article, all you need is to be registered or login on

Consider this scenario: An employee steals co-workers’
personal information and uses it in an attempt to blackmail his
employer, threatening to release it publicly unless a ransom is
paid. Who’s stuck with the liability in this story? You may be

Grossman v. Nissan is a class action in which
the representative plaintiffs are Nissan employees whose personal
information was used by their co-worker (who has never been
identified and is therefore referred to as the “unknown
employee”) in his blackmail scheme. It appears very little
information was stolen and none was released to third parties.

However, the plaintiffs claimed four causes of action against
Nissan: (a) vicarious liability for the unknown employee’s
intrusion upon their seclusion (effectively a breach of their
privacy); (b) breaches of provincial privacy statutes; (c)
negligence; and (d) breach of contract. They indicated that, if
certification of the vicarious liability claim was successful, the
statutory claims would not be pursued.

The plaintiffs argued that Nissan had a responsibility to
protect their information, that the tort of “intrusion upon
seclusion” has been recognized by the Court, and that symbolic
or moral damages can be awarded even if no financial or
out-of-pocket losses are incurred.

The Court certified the class action, stating “I cannot say
that the plaintiffs’ vicarious liability for intrusion claim
has no chance of success.” The negligence claim was also found
to disclose a cause of action.

Of course, this is not the end of the story. If the action goes
to trial, Nissan could be successful in defending the claims. Some
international precedents suggest that this outcome is

However, in the meantime, the Superior Court’s application
of the principle of employers’ vicarious liability in
situations like this – a rogue employee deliberately
instituting a data breach – should cause employers to tread
carefully in permitting access to sensitive data. Only trusted
employees with a genuine need-to-know reason should be granted such

1 E.g. Various Claimants v. Wm Morrisons
Supermarket PLC
, [2017] EWHC 3113 (Q.B.); aff’d
[2018] EWCA Civ 2339 (Eng. C.A.); rev’d [2020] UKSC

Originally published 30 July, 2020

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Litigation, Mediation & Arbitration from Canada

Case Study: Grossman V. Nissan Canada

Field LLP

An employer who is innocent of negligence or other misconduct can be vicariously liable for the tort of intrusion upon seclusion based on a data breach committed by one of its employees

Source link

Dominic Levent Solicitors
Phone: 020 8347 6640
cash, check, credit card, invoice

1345 High Rd
London, London N20 9HR