Senior steward investigated for using union’s credit card for personal expenses
In highlighting questionable business expenses, a British Columbia union violated privacy law by releasing the detailed credit card transaction records of its senior steward, according to a recent decision.
However, in an Oct. 31, 2025 decision, Justice J.G. Morley of the BC Supreme Court dismissed all damages claims after finding the union's breaches were not "wilful" because it relied on legal advice, and the official could not prove the specific transaction details caused her election loss.
Kelly Moon served as senior steward for IATSE Local 891 for 12 years before losing her 2019 re-election bid. She blamed her defeat on the union's January 2019 release of an audit report detailing her personal use of a business credit card.
Personal purchases with business card
Moon received a union credit card for business expenses in 2008. The following year, she signed a credit card policy stating: "Personal expenses are prohibited from being charged to I.A.T.S.E. Local 891 credit."
Despite this, Moon used the card for personal purchases at clothing boutiques, hotels, casinos, and an eye clinic, and took cash advances. The policy also stated: "Cash advances from I.A.T.S.E. Local 891 credit cards are not permitted." The audit identified unauthorized transactions totaling over $60,000 from 2008 to 2017, though all amounts were repaid.
The investigation began in June 2017 after Moon used the card for $283.70 in personal expenses to accompany a terminally ill friend. Moon had also filed internal charges against the executive board in May 2017, which were dismissed. That proceeding cost the union $434,837 in legal fees, which was commented on at general meetings.
Violations of privacy law
The Office of the Information and Privacy Commissioner found the union violated the province’s Personal Information Protection Act (PIPA) by including unnecessary transaction details. The commissioner ruled that while informing members about policy breaches was legitimate, itemized spending crossed the line.
The commissioner stated: "The fact that the complainant spent X number of dollars at a particular store at a particular date was, in my view, an unreasonable level of specificity about her activities and not reasonably needed to inform the membership about the investigation."
The union had consulted lawyers before releasing the report, receiving advice that full disclosure was permissible. That advice proved incorrect. The union also failed to implement basic security measures, lacking a privacy management program or training.
No damages despite violations
Moon sued under both the Privacy Act and PIPA. Under the Privacy Act, only "wilful" violations trigger liability without proving harm. Justice Morley found the breaches were not wilful because the union acted on legal advice, citing precedent that organizations meet their standard of care by "refraining from taking action that they believed, on good faith and on the basis of reputable, professional legal advice, to be unlawful."
Under PIPA, violations create liability only if "actual harm" is proven. Moon could not establish the specific transaction details caused her election loss, separate from legitimate disclosure of her policy violations. Justice Morley dismissed all claims against the union and named defendants.
