During the course of their employment, employees may have access to confidential information which belongs to their employer. This information may be in the form of personal information provided by customers and is therefore sensitive in nature.
While access to customer information may be required by an employee in order to carryout their duties, it is critical that employers have policies in place to protect customer information and ensure that it is not misused or improperly accessed.
The importance of employers having policies in place is demonstrated in Dinov v Australia and New Zealand Banking Group Ltd T/A ANZ Bank [2021] FWC 745, where the Fair Work Commission (FWC) upheld an employee’s dismissal after finding that she had contravened policies which were in place to protect customers’ confidential information.
The employee was a part-time personal banker who had been employed by Australia and New Zealand Banking Group Limited (ANZ Bank).
Following an investigation, ANZ Bank found that the employee had engaged in unacceptable conduct by using its software system on a number of occasions to search and access the profiles of customers without approval or a legitimate purpose. Amongst those customer profiles accessed by the employee were accounts held by her brother, a colleague and a celebrity.
ANZ Bank’s policies stated that employees were not permitted to access customer accounts including those belonging to family members or friends without an appropriate business reason or account holder approval.
Accordingly, ANZ Bank commenced disciplinary action against the employee putting allegations to her of unacceptable conduct for misuse of its software system to search and access profiles of customers in breach of its policies.
The employee denied all of the allegations and instead suggested that another person had tampered with her work station to obtain her password which was kept in a drawer and used it to conduct the searches in question.
ANZ Bank did not accept the employee’s explanation and terminated her employment immediately on the grounds that she had contravened ANZ Bank’s policies and procedures by deliberately and repeatedly accessing its customer’s confidential information.
The employee subsequently lodged an application with the FWC claiming that ANZ Bank had unfairly dismissed her.
The employee denied all allegations and submitted that she had no knowledge of why the searches were made, although acknowledged that her account had been used to carry out the searches. She claimed that she did not know any of the people whose accounts were accessed and therefore had no reason to search for people not known to her.
The employee also accused ANZ Bank of creating accounts under her family member’s name to support the allegations against her and subsequent termination. However, before the FWC and in response to ANZ Bank’s evidence indicating the contrary, the employee conceded that this was in fact inaccurate.
The employee maintained in her submissions before the FWC that an unknown person had tampered with her work station to conduct the searches themselves and that she had raised this concern with senior management on a number of occasions, however her concerns were disregarded.
In response, ANZ Bank submitted that the employee’s explanation was not ‘plausible’or ‘logical’, as:
The FWC agreed with ANZ Bank and found that the employee’s explanations were 'completely without substance' and on the balance of probabilities, the misconduct alleged was indeed undertaken by the employee.
The FWC noted that ANZ Bank’s customers entrusted them with highly sensitive and personal information and to allow the employee to continue with her employment would directly undermine ANZ Bank’s values.
On this basis, it found that there was a valid reason for the employee’s dismissal.
While the FWC acknowledged that the employee would now struggle to obtain employment in the banking industry given she had to disclose her misconduct with future employers in line with industry protocol, it considered this factor to be significantly outweighed by the employee’s continual denial and lack of remorse for her misconduct. The FWC held that the employee had not been unfairly dismissed and accordingly dismissed her application.
Lessons for employers
This case serves as a reminder for employers to ensure that they have policies in place regarding the access and use of confidential information. Where it involves personal information, these policies should reflect the Australian Privacy Principles in relation to access, use and non-disclosure of personal information.
Employers must also ensure that its policies are regularly communicated to employees as this knowledge can be relied upon in the event there is a breach of policy.
