As you have undoubtedly heard, the confidential user data of extramarital dating site Ashley Madison was recently leaked. The data leak, which included users’ personal emails and credit card information, has resulted in a class-action lawsuit against Avid Life Media (the Toronto-based parent company of Ashley Madison) and possible links to hate crimes, extortion and multiple suicides. This week, as part one of a two-part series covering the employment law issues relevant to the Ashley Madison scandal, we examine the employment law repercussions of a breach of confidential information by an employee.
Some security experts believe that a lone employee of Avid Life Media was responsible for the leak. If this is indeed the case, one can safely assume (especially considering that Avid Life Media has offered a $500,000 reward for any information that would help catch the perpetrators of the leak) that the company would seek to dismiss the employee for cause.
An employer may sue its employee for breach of confidence to recover losses which arise from the breach. An influential three-part test for breach of confidentiality was outlined in the widely-cited 1969 U.K. decision, Coco v. A.N. Clark (Engineers) Ltd (“Coco”), and has since been followed by the Supreme Court of Canada. Coco held that to be considered confidential, information must:
- be confidential, both in quality and in nature;
- have been imparted in circumstances importing an obligation of confidence; and
- have been used without authorization to the detriment of the party communicating it.
Employers can also protect themselves from a breach by including a confidentiality clause in their employees’ employment contracts which restricts employees from disclosing confidential information. Because most breaches of confidentiality would be less damaging to the organization than the Ashley Madison leak, a sound confidentiality clause may be required to uphold a just cause termination in instances of employees revealing confidential information. Employers should seek legal advice with respect to their confidentiality clauses to ensure that they are legally enforceable.
In the event that an employee’s employment contract does not include a confidentiality clause, employers can still use contractual means to protect their confidential information. If an employer wants to ensure that an employee dismissed without cause does not reveal confidential information after the end of the employment relationship, the company can include a release that includes a confidentiality clause as a term of a termination package. However, an employer must include payment in excess of the employee’s statutory entitlements.
In the case of the Ashley Madison breach, if it is indeed a lone employee responsible for the hack, that employee’s breach of confidence and its impact on the site and its clientele would almost certainly be great enough to be in contravention of the general duty of good faith and fidelity owed by an employee, regardless of the existence of a specific confidentiality clause in the employee’s employment agreement. According to the Supreme Court of Canada, the duty of good faith and fidelity is a legal principle that both parties to a contract “must not lie or otherwise knowingly mislead each other about matters directly linked to the performance of the contract”. The release of Ashley Madison’s user data would, in all likelihood, be in breach of this duty and therefore be sufficient grounds for a just cause termination, especially because Ashley Madison’s business model is so dependent upon discretion.
If the employee breaching confidentiality is a fiduciary, meaning that he or she is a key employee who holds a position of trust within the organization, the employee’s confidentiality responsibilities are greater than if the employee does not hold fiduciary responsibilities. A fiduciary, unlike other employees, is required at law to put the interests of the organization above his or her own, therefore making it easier to uphold a just cause termination for a confidentiality breach.
The Ashley Madison leak, if conducted by an employee or employees of the organization, is a good example of the potential impact of a confidentiality breach by an employee on an organization. Situations like this one are why we typically advise our clients to include confidentiality clauses in employment contracts.
Confidentiality is not the only element of employment law that is potentially at issue as a result of this hack; next week, we will look at the Ashley Madison breach and how it relates to the law surrounding employee off-duty conduct.
This blog is provided as information and a summary of workplace legal issues.
This information is not intended as legal advice.