Worker accidentally exposes 850 email addresses during employer-approved fundraiser
The Fair Work Commission (FWC) recently examined an unfair dismissal claim involving a truck operator who was terminated for "serious misconduct" after sending a fundraising email to colleagues.
The case arose when the worker organised a charity shirt sale to support a colleague diagnosed with advanced cancer, but accidentally exposed personal email addresses of approximately 850 employees and contractors.
The worker argued she was acting in good faith to help a seriously ill colleague and had received approval from management to organise the fundraiser.
She maintained that her mistake of using "cc" instead of "bcc" for email addresses was unintentional, and that she had sought guidance from her manager who failed to respond to her requests for direction.
The employer contested the worker's claim, arguing that she had been dismissed for serious misconduct after knowingly disregarding instructions and breaching privacy and confidentiality policies.
The company claimed the worker had caused reputational harm and exposed the organisation to potential liability under Australian Privacy Principles.
Cancer fundraiser gains management approval initially
The employment relationship began in 2021 when the worker started as a plant operator at a Queensland mine.
She approached the project manager to organise a fundraiser to support a colleague diagnosed with cancer, seeking approval and assistance from the employer.
The project manager initially supported the fundraiser, with the employer sourcing shirts that would include the company logo.
However, payroll deductions used in a previous 2022 fundraiser could not be implemented due to the Christmas period timing.
The worker then established an alternative payment platform at her own expense, incurring approximately $719 in setup costs plus fees totalling around $600.
The fundraiser aimed to raise money for the ill colleague and nominated charities through shirt sales.
Email guidance requests go unanswered by management
The worker repeatedly emailed the project manager seeking guidance on fundraiser communications, specifically asking whether she could send information via email to all employees, stating she was "happy to send to you first for approval of course." The project manager failed to respond to these requests for direction.
During cross-examination, the project manager admitted he did not respond to these emails, though he claimed he was seeking approval internally.
Crucially, he did not communicate to the worker that she should wait for a response. The project manager later stated he had "no interest in the fundraiser" and was focused on running his business operations.
This lack of engagement left the worker without guidance when she felt pressure to finalise the shirt ordering process due to her colleague's deteriorating health condition and upcoming chemotherapy treatment.
Accidental email disclosure triggers investigation process
On 6 November 2024, after receiving no response from the project manager, the worker obtained an email distribution list from a site administrator and sent fundraiser information to approximately 850 employees and contractors.
She intended to use "bcc" to hide email addresses, but accidentally used "cc," making all recipients' personal email addresses visible.
The following day, the human resources business partner received complaints from employees expressing concern about their personal email addresses being disclosed.
The company sent an email acknowledging that "personal email addresses may have been inadvertently released" and stating they were taking the matter "very seriously."
Five days later, the worker was stood down pending investigation. On 13 November 2024, she received a show cause letter alleging she had "knowingly disregarded instructions to refrain from obtaining employee information."
Commission examines policy breaches and training issues
The FWC examined whether the worker had actually breached company policies. The Commission found the privacy policy extract relied upon by the employer related to the company's commitments to employees rather than employee obligations.
The human resources business partner who conducted the investigation struggled during cross-examination to explain how the worker's actions fitted within confidentiality agreement definitions.
The Commission noted the worker had received no training or explanation on these policies when they were signed electronically.
The worker stated: "I was never told during my employment that email addresses were confidential or personal information that should not be accessed or shared."
Her role as a dump truck operator did not require email use, and the employer provided no guidance on email protocols.
The Commission found this lack of training significantly undermined the employer's ability to rely on these policies as reasons for termination.
Comparative treatment reveals discriminatory dismissal approach
The FWC discovered that other senior employees had engaged in similar or more serious breaches without facing dismissal.
Evidence showed previous instances where emails had been sent to all employees with email addresses visible, including communications from senior management. These incidents did not result in any disciplinary action.
Additionally, after the worker's dismissal, a human resources superintendent had sent emails containing confidential employment information to incorrect recipients, including performance management details and sensitive medical information.
These emails involved more sensitive information than the worker's fundraising communication, yet the senior employees remained employed.
The Commission found this comparative treatment "significantly undermines the valid reason that [the employer] has relied on in relation to [the worker's] conduct."
FWC order reinstatement despite employer's objections
The FWC concluded that the worker's dismissal was not for a valid reason and was "harsh, unjust and unreasonable."
The Commission found the unfairness arose from inadequate policy explanations, lack of management support, and discriminatory treatment compared to other employees who committed similar or more serious breaches.
The Commission ordered reinstatement to the worker's former position, finding that claims of lost trust and confidence were not soundly based.
However, the FWC declined to order payment of lost wages for the interim period, recognising that the worker had acknowledged she could have waited for proper authorisation.
The Commission stated the wage stoppage "serves as a deterrent for other breaches of the procedure or policies at the workplace" while confirming that wages paid in lieu of notice were not recoverable by the employer.
The fundraiser ultimately raised around $18,000 for the ill colleague and nominated charities.
