The issue of whether an employee can be dismissed if his password is obtained and used by another to commit fraud became the central point in a recent Department of Education case that went all the way to the Labour Appeal Court (LAC). In this article, we explore the events that unfolded and the LAC’s ruling on the matter.

This case involved so-called ‘ghost’ employees and employees from the Gauteng Department of Education (“Department”) that had allegedly been involved in establishing these ghost employees and benefitting from it.

The complaint by the Department was that the employees had been involved in the appointment and salary adjustment of two ghost employees, S. Mabena and L. Mataba, as educators at Isiqalo Primary School. In addition, one employee was alleged to have been involved in the extension of the contracts of the same ghost employees, and another was alleged to have been involved in the appointment of two other ghost employees, S. Kekana and Z. Mabeyo, at both Isiqalo and Munsieville Primary Schools. 

The employees were dismissed by the Department and referred an unfair dismissal dispute to the General Public Service Sectoral Bargaining Council following their dismissals. The evidence at arbitration was that in April 2013, the Gauteng Provincial Government’s User ID and Password Policy were approved, which required that user staff identities and passwords on the PERSAL system remain private and not be shared. There was no dispute at arbitration that the employees’ PERSAL credentials, being their usernames and passwords, were used over a period of two years to defraud the Department of approximately R2 million through the appointment and payment of ghost employees. The monies defrauded from the Department were paid in respect of these ghost employees into bank accounts belonging to a Mr Mothlang, employed by the Department as principal personnel officer. In their defence, the employees contended that it was Mr Mothlang who had committed the fraud, for which he was criminally charged and convicted, and that they were not aware how he had obtained their passwords, despite these being repeatedly changed by them over the two years.

The arbitrator concluded that the Department’s case was “highly improbable and not convincing at all” and had been based on a presumption, which was successfully rebutted, that if an employee’s credentials were used, they could be presumed to have committed the fraud. The evidence was found not to support a finding of fraud. The employees were consequently reinstated retrospectively into their employment with the Department with back pay. 

The Department, however, had the arbitration award reviewed. The review application was dismissed by the Labour Court. The Department then approached the Labour Appeal Court, arguing on appeal that the Labour Court had overlooked the key issue before the arbitrator, namely, whether the employees had been involved in the appointment and payment of ghost employees, given that their PERSAL credentials had been used over two years, despite each of them changing their passwords monthly.

From 2013, the employees would have been aware of the relevant policy and the rule to safeguard their passwords. The LAC found that the arbitrator failed to consider all the evidence before him, including undisputed evidence, and did not properly weigh it as required. The LAC further found that the Labour Court had wrongly concluded that the arbitrator’s award was reasonable. It was a relevant consideration which required the careful attention of the arbitrator that the employees failed to tender any explanation as to how Mr Mothlang could have repeatedly obtained their updated passwords over a period of almost two years. Their failure to offer any such explanation was glaring, more so given the undisputed evidence that they had repeatedly and regularly reset their own passwords. 

The Department’s appeal was accordingly upheld and the orders of the Labour Court and arbitrator were set aside and substituted with a finding that the dismissals were procedurally and substantively fair. 

This judgment can be seen as a warning to employees to heed their employer's password policies and not assume they may not be seen as complicit if they share their passwords but don’t themselves engage in the illegal conduct.


Disclaimer: This article is the personal opinion/view of the author(s) and does not necessarily present the views of the firm. The content is provided for information only and should not be seen as an exact or complete exposition of the law. Accordingly, no reliance should be placed on the content for any reason whatsoever, and no action should be taken on the basis thereof unless its application and accuracy have been confirmed by a legal advisor. The firm and author(s) cannot be held liable for any prejudice or damage resulting from action taken based on this content without further written confirmation by the author(s).