The BC Supreme Court’s recent decision in Ari v. Insurance Corporation of British Columbia, 2022 BCSC 1475, should be read with a keen eye by employers and insurers when it comes to assessing their risk of vicarious liability for the conduct of employees. The Court’s decision in Ari appears to narrow the test for such vicarious liability to nothing more than whether the employer provided the opportunity for wrongdoing that takes place.
Vicarious liability, where circumstance give rise to it, is strict liability that makes an employer liable for the wrongful conduct of an employee even when there has been no wrongful conduct or breach of duty by the employer. In order for it to apply in an employment setting, there must some connection between the employee’s wrongful conduct and their relationship to the employer.
Between April 2011 and January 2012, 13 individuals had their homes and vehicles targeted in arson and shooting attacks. The only thing in common between the attack victims was that they had at some point parked in the parking lot of the Justice Institute of British Columbia. Investigation revealed that they were among a group of ICBC customers whose personal information had been accessed from ICBC’s databases and sold to a third party by an ICBC employee. The third party who obtained the information commissioned the attacks.
After finding that ICBC’s employee’s acts were a breach of the plaintiffs’ privacy pursuant to the Privacy Act, R.S.B.C. 1996, c. 373, the Court considered whether ICBC was vicariously liable for the damages caused by their employee’s breaches.
In finding ICBC vicariously liable for the conduct of its employee, the Court focused predominantly on whether ICBC created the risk of wrongdoing and provided the opportunity for same. Not discussed in the Court’s decision were other factors to that can be considered in determining vicarious liability, such as whether the employee’s wrongful act furthered the employer’s aims.
With respect to foreseeability, the Court held that although the ICBC employee was expected to access the ICBC databases only for purposes directly related to her employment, she clearly had the opportunity to abuse this access. Going further, the Court found that not only was the risk of such conduct by their employees foreseeable, it was actually foreseen given the warnings ICBC had given to the their employees about the consequences of if they accessed that information for non-employment related reasons. Although the Court found that ICBC had rules and policies in place forbidding improper use of its databases, it also found that the possibility of an individual employee choosing to ignore those rules and policies was clearly foreseeable. Further, no evidence was found of any mechanism within ICBC that would have prevented or detected the conduct of the employee in real time. This suggests that additional steps could be taken to mitigate against a finding of vicarious liability, but this case appears to move past the strict liability assessment for vicarious liability into negligence on the part of the employer.
Should this decision not be appealed, employers and insurers will be faced with a greater likelihood that they will be held vicariously liable for almost all acts of their employees that are made possible in anyway through their employment.