Employee gives his employer the finger, but not in the way they wanted him to. This FWC decision could change the way employers approach biometric data collection.
Asking an employee to share their tax file number is a reasonable request to receive from an employer, but asking them to share their unique fingerprint might be a step too far.
In a recent appeal case, the Fair Work Commission (FWC) sided with an employee who claimed unfair dismissal after being terminated by Queensland sawmill company Superior Wood for refusing to participate in biometric data collection. The process was touted as a way of improving the company’s payroll system. He was one of hundreds of staff who refused to use the new system.
In the initial decision in November last year, the FWC heard the unfair dismissal case and backed the employer, with commissioner Jennifer Hunt deeming it to be a lawful workplace attendance policy. She said it was “reasonably necessary” for the business to introduce the new system.
Passing through too many hands
Protecting personal data from third party hackers is an increasing concern for employees. A report from OH&S Alert said that in this particular case up to six separate entities had access to the data. They included Superior Wood, the companies that captured the data and converted them into templates unique to individuals, the entity that operated the relevant server, and the system that processed Superior Wood’s payroll.
“There is no evidence that any of these entities had, at the relevant time, any actual mechanism in place to protect and manage information collected by Superior Wood, consistent with its obligations [under the Commonwealth Privacy Act]. The concerns expressed by [the employee] were not, in our view, devoid of merit, ” the FWC report reads.
It turns out, legally, the employee had every right to be concerned.
Michael Byrnes, partner at legal firm Swaab, told HRM it’s an employee’s prerogative to refuse to withhold that information.
“If an employee is being deliberately recalcitrant or subversive, then that’s a problem. On the other hand, if an employer is asking an employee to hand over sensitive information by way of a fingerprint, the employer needs to make a reasonable effort to convince that employee that the information is going to be treated in a way where confidentiality is preserved,” Byrnes says.
“It’s not enough for an employer to say, ‘this is a system we’re implementing and from this date, you will be expected to provide biometric data.’ That analysis is overly simplistic. It’s not good enough. An employer needs to be able to make the case for the need for that information to be collected,” says Byrnes.
Convenience versus necessity
Byrnes says the use of biometric data collection may be valid in a situation where health and safety is an issue, but even then he emphasises the necessity of providing adequate privacy policies and data security assurance to employees.
In this case, the reason Superior Wood supplied for implementing this new system was to bolster the “integrity and efficiency” of its payroll system, as well as improve “safety in the event of an emergency by avoiding the need to locate the paper sign in and out book to ascertain attendance on site.”
In the appeal case, deputy presidents Sams and Gostencnik and commissioner McKinnon didn’t consider that to be a particularly compelling argument, but they were satisfied that “the scanners, through their capacity to display attendance records on supervisors’ phones, offered safety benefits, even though the main function was clearly to improve its payroll operation.”
In order to support the employer’s dismissal decision, Superior Wood had to prove that the fingerprinting was “reasonably necessary”, which it was unable to do.
In a Smart Company article, workplace lawyer Athena Koelmeyer says, “This is a very good example of how the word ‘reasonable’ means different things to different people. If you work at ASIO, or at a deeply secret part of the Australian Federal Police, then biometric scanning for restricted access may well be very reasonable.”
Still, it demands the question, surely there’s a less intrusive way to streamline this particular process?
Yes, it’s important for organisations to stay ahead of the curve when it comes to utilising new workplace technologies, but if the organisation’s main concern is overhauling its paper based record keeping process, there are less intrusive methods than biometric data collection. Why not just have employees download an app to log their hours?
How does it differ from other “invasive” policies?
Others have drawn comparisons to other job requirements that are now considered to be appropriate, such as undergoing a medical test or supplying a blood or urine sample.
“It’s completely different in my view,” says Byrnes. “Testing for drugs and alcohol in an employee’s systems goes to the heart of workplace health and safety and that’s of fundamental importance to the welfare of employees. Biometric testing is usually, but not always, for administrative convenience for the employer. That’s the big difference.”
This is not the view workplace lawyer Peter Vitale takes. In the same Smart Company article, he says, “The commission has repeatedly held a direction to undergo a medical in the right circumstances is lawful…that an employer who has valid reasons for introducing fingerprint scanning can’t then direct an employee to provide the basic data seems to me to be inconsistent with broader principles.”
Advice for employers
[A provision that] exempts private sector employers from having to comply with the Privacy Act when handling an employee’s personal information for a purpose directly related to the employment relationship. However, if a private sector employer handles personal information for a purpose that is not directly related to the employment relationship, the exemption will not apply and the Privacy Act will.
He goes on to suggest that employers play devil’s advocate when implementing a policy like this. Think about the ways in which your staff may object, and plan for specific pain points. Think of ways in which you can gain their trust from the beginning by demonstrating that you’ve taken all appropriate measures.
Just because you can, it doesn’t mean you should
Bruce Arnold, assistant professor at the University of Canberra’s School of Law and Justice previously spoke to HRM about biometric identification in the workplace.
He raises an interesting point in saying that “once an employee leaves, the question remains as to whether an employer is obliged to remove all biometric data relating to them from its systems. There is an expectation that employers will safely dispose of personal data, but there isn’t a statutory fixed period for retention, and an ‘obligation’… will depend on the circumstances.”
In a previous article that Byrnes wrote for HRM on microchipping employees he argued that “just because a technological development enables a particular process or innovation to be adopted for employees, this doesn’t mean it automatically can be.” That applies in this case too, he says.
Byrnes acknowledges that streamlining administrative processes is a laudable objective, but privacy trumps convenience. Had the reasoning behind the system been completely dedicated to workplace health and safety, Byrnes says the employer’s position would have been stronger, but not unassailable.
“When there’s a genuine nexus between the collection of biometric data and improved outcomes in health and safety, backed by evidence, that’s when there will be a much stronger prerogative for an employer to ask an employee to provide that data.”
This is a nascent and developing area of the law, says Byrnes, which means it’s vexed. But the one thing that is crystal clear from this case is the need to prioritise employee privacy.
What do you think about this decision? Share your thoughts in the comments below.
The use of biometrics in the workplace is just one of many ethical dilemmas that HR practitioners face. AHRI’s short course ‘Workplace ethics’ will arm you with the information you need.