To print this article, all you need is to be registered or login on Mondaq.com.
Technology in the workplace
Government agencies will increasingly be challenged by the
introduction and management of technology designed to offer
employers an efficient and accurate means to secure their
workplaces, and monitor and record their employees’ time and
attendance.
In the past, these technologies have included surveillance
cameras, IT monitoring, GPS tracking and mobile phone tracking.
These technologies have largely been accepted into the workplace
and, in some jurisdictions, are governed by express legislation
like the Workplace Surveillance Act 2005 (NSW).
The boundaries are now being tested with new technologies, in
particular biometric technology which captures facial, fingerprint
and iris scans. How should a government agency deal with these
technologies?
One significant concern is the potential misuse of biometric
information gathered through such technology. While a password can
be easily changed, a record of a fingerprint or iris scan could
lead to identify theft and other significant security breaches if
the information was stolen.
In addition to the security needed around the storage and use of
such biometric information, the more fundamental question relates
to privacy.
Jeremy Lee v Superior Wood Pty Ltd
In Jeremy Lee v Superior Wood Pty Ltd [2019] FWCFB 2946
(Lee) the Full Bench of the Fair Work Commission
examined the boundaries of an employer’s ability to compel
their employees to provide their biometric data in order to comply
with sign-in policies that rely on this information.
The finding at first instance in Lee was that a sawmill employee
was fairly dismissed because his failure to comply with an
Attendance Policy, requiring fingerprint scanning to sign on and
off from work, was a valid reason for the dismissal. The Full Bench
upheld an appeal by the worker against this finding and reversed
it.
The Full Bench found the policy did not form part of the
applicant’s employment contract, having come into existence
well after he was employed. Therefore, his obligation to comply
with it, and thus the validity of his dismissal, “[depended]
on whether the direction to do so, using the scanners to sign in
and out of work each day, was a reasonable and lawful
direction”.
This was found not to be the case as the requirement contravened
the Privacy Act by:
- requiring the collection of the applicant’s sensitive
information without his consent, contravening Australian Privacy
Principle (APP) 3 - failing to properly inform the applicant by not issuing a
privacy collection notice, as required by APP 5.
Further, none of the exemptions in the Privacy Act, namely ss
16A and 7B(3), applied to the employer in this case. In particular,
s 7B(3), creating an exemption for the use of information held as
employee records was confined to presently held information and did
not apply to the prospective holding of information. Of course,
this exemption does not apply to most government employers.
The subsequent finding that “the direction to Mr Lee to
submit to the collection of his fingerprint data, in circumstances
where he did not consent to that collection, was not a lawful
direction” meant that his failure to comply with it was not a
valid reason for his dismissal.
Implications for government agencies
The result in Lee indicates that attempts by employers to
implement compulsory tracking or sign-on systems which require the
collection of biometric data are likely to come up against a
combination of privacy and unfair dismissal laws – that is,
the failure to gain the meaningful consent of employees subject to
any such system will bring not only the collection of their data,
but the direction of employees to provide the data into conflict
with the Privacy Act (or the equivalent State or Territory privacy
legislation that applies to state or territory government
employers). Failure to comply with such a policy will therefore in
many circumstances not provide a valid reason for dismissal and
this may limit the capacity for employers to compel compliance.
If you are an employer who wishes to impose a requirement for
employees and other persons performing work in your workplace to
provide biometric data as part of a system to track employees’
time and attendance, you need to do the following:
- develop a clearly-expressed and up to date privacy policy that
complies with the applicable privacy legislation regarding the
collection, use and storage of personal information - give employees written notice of intention to collect data
- use reasonable and lawful means to solicit employee consent to
collection.
You will then be better placed to discipline employees who
unreasonably withhold their consent.
This publication does not deal with every important topic or
change in law and is not intended to be relied upon as a substitute
for legal or other advice that may be relevant to the reader’s
specific circumstances. If you have found this publication of
interest and would like to know more or wish to obtain legal advice
relevant to your circumstances please contact one of the named
individuals listed.
POPULAR ARTICLES ON: Government, Public Sector from Australia
