Australia: Can You Be Dismissed From Your Workplace For Not Providing Your Fingerprint?

Last Updated: 6 February 2019
Article by Jonathan Wyatt and Fiona Le

In the recent decision of Jeremy Lee v Superior Wood Pty Ltd [2018] FWC 4762, an employee was dismissed from his job because he refused to provide his fingerprint to his employer. Initially, the Fair Work Commission dismissed his application for unfair dismissal on the basis that this was a valid ground for dismissal. However, on 17 January 2019, the Full Bench of the Fair Work Commission in Jeremy Lee v Superior Wood Pty Ltd t/a Superior Wood [2019] FWCFB 95 granted the applicant permission to appeal the decision on the basis that there was an arguable case of 'appealable error'.

Biometric data collection is becoming increasingly common in the workplace. For example, the data can be used to control employee's access to restricted areas, timekeeping and using software. However, this raises issues surrounding collection of data, obtaining consent, retention policies, biometric data ownership, how information is stored and protected in the workplace and in particular, whether an employer has valid grounds to dismiss an employee for refusing to provide sensitive information.

The facts

Superior Wood Pty Ltd t/a as Superior Wood (Superior Wood) operates two sawmills at Melawondi and Imbil in Queensland and is part of the Finlayson Group. Mr Jeremy Lee was employed as a casual General Hand for a period of 3.25 years at both sites. In October 2017, Superior Wood introduced a new 'Site Attendance Policy' (Policy) as a safety measure. The Policy provided that employees would only be allowed access to a site, once their fingerprint had been scanned.

Mr Lee objected to the collection of his biometric information and refused to use the scanners. As an alternative, he proposed that he continue using the 'paper sign-in' process or the swipe card system.

On 12 February 2018, Mr Lee's employment with Superior Wood was terminated on the grounds that he failed to adhere to the Policy and comply with lawful directions by his employer to adhere to the Policy. Mr Lee lodged an unfair dismissal application with the Fair Work Commission (Commission) claiming that his dismissal was 'harsh, unjust and unreasonable" and therefore unfair within the meaning of s.387 of the Fair Work Act 2009 (the Act).

Mr Lee submitted that his failure to comply with the Policy or Superior Wood's direction to comply with the Policy did not constitute a valid reason for his dismissal, as the Policy was unlawful (and as such so were the directions) because it contravened the Privacy Act.

Both parties did not contest:

  1. that the sole reason for Mr Lee's dismissal was his failure to comply with both the Policy and Superior Wood's directions that he adhere to the Policy; and
  2. that Superior Wood was subject to the Privacy Act and as such obliged to adhere to its obligations under that act.

The relevant law

Section 13G of the Privacy Act provides:

"An entity contravenes this subsection if:

  1. The entity does an act, or engages in a practice, that is a serious interference with the privacy of an individual; or
  2. The entity repeatedly does an act, or engages in a practice, that is an interference with the privacy of one or more individuals."

The phrase "interference with the privacy of an individual" is defined in section 13 of the Act to mean:

  1. "An act or practice of an APP entity [an agency or organisation] is an interference with the privacy of an individual if:

    1. The act or practice breaches an Australian Privacy Principle [APP] in relation to personal information about the individual; or
    2. The act or practice reaches a registered APP code that binds the entity in relation to personal information about the individual.

Section 15 of the Privacy Act provides that an APP entity must not do an act, or engage in a practice that breaches an APP.

The APP's are set out in Schedule 1 of the Privacy Act. They stipulate, amongst other things, that APP entities must:

  1. manage personal information in an open and transparent way (APP 1.1);
  2. have a clearly expressed and up to date policy about the management of personal information by the entity and sets out what information the policy must contain (APP 1.3);
  3. must take steps as are reasonable in the circumstances to make its APP privacy policy available (APP 1.5);
  4. if an APP entity is an organisation, the entity must not collect personal information unless the information is reasonable necessary for one or more of the entity's functions or activities (APP 3.2) ; and
  5. must not collect sensitive information, without the individual's consent (APP 3.3).

The Privacy Act contains an employee records exemption, section 7B(3) of the Privacy Act. This exempts private sector organisations from the operation of the Privacy Act in circumstances where the private sector organisation is or was an employer of an individual and where its act or practice is related directly to the employment relationship between the organisation and the individual, and the employee record held by the organisation.

The parties submissions

Superior Wood submitted that a failure by an employee to follow the employer's lawful and reasonable direction can constitute a valid reason for dismissal. The Policy was reasonable and that there was a valid reason for the termination of Mr Lee's employment as he failed to comply with the Policy. There were no reasonable privacy concerns involved in the use of the scanners and that it had not breached the Privacy Act as the employee records exemption applied.

Mr Lee submitted that the Policy was unlawful (and as such so were the directions) as it contravened section 13 (G) of the Privacy Act as:

  1. Superior Wood did not have an APP Policy;
  2. the scanners were collecting "sensitive information", as that term is defined under the Privacy Act and Superior Wood had not informed its employees that the scanners were collecting sensitive information;
  3. Superior Wood's employees had not consented to Superior Wood collecting their sensitive information;
  4. Superior Wood's employees had not given their consent to the collection of sensitive information;
  5. the scanners were not owned by Superior Wood, but Finlayson Timber, and each time an employee used a scanner, Finlayson Timber would have received sensitive information about the employee, without the employees consent; and
  6. if the employee records exemption applied (which he denied), it only protected the Superior Wood and not Finlayson Timber.

Determination by the Commission

The Commission determined that the Policy was not "unjust or unreasonable" as it improved safety and the "integrity and efficiency" of the payroll system across the Finlayson Group. The Commission then went on to determine whether Superior Woods had breached the Privacy Act and whether those breaches made the Policy unlawful.

The Commission found:

  1. the information collected by the scanners was "sensitive information", as defined by section 6 of the Privacy Act, and that prior to the introduction of the scanners, Superior Wood did not:

    1. inform its employees that that the scanners collected their sensitive information;
    2. provide them with a collection notice regarding the collection of their sensitive information (as it was required to do under the Privacy Act); or
    3. discuss the obligations imposed on it in handling the employee's sensitive information;
  2. that the employee record exemption did not exempt Superior Wood from complying with its obligations under the Privacy Act in respect of collecting its employee's sensitive information; and
  3. that Superior Woods did not have a privacy policy, as it was required to do under the Privacy Act.

Although the Commission acknowledged that Superior Woods had breached the Privacy Act, those breaches did not render the Policy unlawful. As such, the Commission determined that Mr Lee failure to comply with the Policy was a valid reason for his dismissal.

Appeal

The Full Bench of the Fair Work Commission granted permission for Mr Lee to appeal on the basis that:

  1. There is an arguable case of appealable error identified in the appeal as to whether the request to comply with the Policy was lawful and/or reasonable;
  2. Whether the Commission's findings as to the application of the Privacy Act were reasonable and or appropriately balanced with the exercise of the Commission's discretion under Part 3-2 of the Act – Unfair Dismissal;
  3. To the extent the Privacy Act is relevant, whether the employee record exemption applies to the process by which the employee record is obtained or created;
  4. Whether an employee's refusal to provide consent to the collection of sensitive "information about an individual" is a breach of the Policy;
  5. Whether the "consent" required by APP 3.3 includes "implied consent" in circumstances where the employees have registered their fingerprint algorithm to be used by the scanners without first having been notified as required under the Privacy Act; and
  6. There was a public interest in the issue of whether an employee's refusal to provide their biometric data for purpose of recording a person's presence at the workplace constitutes a valid reason for dismissal pursuant to section 387(a) of the Act.

Ramifications on employers and employees

Other than the Privacy Act, which was not drafted to address employment issues, there is no legislation which protects an employee's employment if he/she refuses to provide his/her consent to his/her employer to collect and store their biometric data. With the increasing collection of employee data in the workplace, this decision may influence and encourage legislative reforms to recognise the implications of biometric data collection. Further, it is hoped that when the Full Bench determines the appeal it will provide clarity as to what extent the Privacy Act will apply to protect employees in this regard.

In the meantime, employers should review their current policies and procedures in the workplace relating to the collection of biometric data to ensure that they have policies and that their policies and procedures concerning the collection of biometric data complies with their obligations under the Privacy Act.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Similar Articles
Relevancy Powered by MondaqAI
 
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
 
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
 
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions