Increasingly, healthcare employers are using biometric and electronic databases and surveillance cameras to monitor their employees, who need to be vigilant about protecting their rights and personal information. This case dealt with an unfair dismissal claim in a non-healthcare workplace, but it has direct relevance to the health sector and issues of privacy.
The case concerns a company that introduced fingerprint scanning of employees as part of a new attendance policy. One employee (Mr L) was a casual ‘general hand’ of more than three years standing. In a November 2017 meeting, he refused a request to provide his fingerprints. Mr L was not satisfied the company could guarantee no third-party access to the fingerprint database, a concern he provided in writing. The company responded with documentation from the scanner supplier that said the data could not be used for any “purpose other than linking your payroll number to a clock in/out time”.
Mr L, however, continued to use the ‘sign in’ book. He was given a verbal and then a written warning that if he did not comply with the scanning policy, his employment would be terminated.
Further discussions did not bring about a resolution, and in February 2018 he was dismissed. Mr L brought an application in the Fair Work Commission (FWC) for unfair dismissal.
The employer submitted that its policy to use fingerprint scanning was lawful, reasonable and practical. Its justification was that fingerprint scanning improved safety in the event of an emergency, and that the policy formed part of Mr L’s contract of employment and he was therefore obliged to comply. Further, the collected biometric data was secure and confidential, and there was no breach of privacy due to an exemption in the Privacy Act 1988 (Cth) with respect to his records.
Mr L’s submissions were that his fingerprints and associated biometric data constituted “sensitive information” according to the Privacy Act, and, in any event, were his private property. He asserted that once his personal biometric data was digitised, it would be difficult to contain its use by third parties, including for commercial purposes, and he was never informed exactly who was likely to have access and under what circumstances. Lastly, he submitted that the Privacy Act exemption did not apply to his records because the company failed to issue a ‘privacy collection notice’ as required by the Privacy Act.
Mr L successfully appealed the decision to the full bench of the FWC on several grounds. Overturning the initial decision, the full bench found that the company’s reasons for dismissing Mr L were not valid and contravened Australian privacy laws – by not complying with its privacy obligations pursuant to the Act.
As a result, Mr L was within his rights to refuse to provide his fingerprint data and was not in breach of his employment contract because at the time of entering into the contract such (electronic and biometric) policies were not part of it.
In determining Mr L’s successful appeal, the FWC undertook a detailed review of the relevant Australian Privacy Principles (APP).
APP 1 requires a company/business to have an up-to-date and clearly expressed policy about its management of personal information and how, in an open and transparent means, it manages storage of such personal information.
APP 3 prohibits the collection of an individual’s sensitive information without consent, unless the information is “reasonably necessary” for the company’s activities or functioning. Any collection of personal information can only occur by lawful and fair means. The FWC found the company’s direction to Mr L for provision of his fingerprints was not “reasonably necessary”, and therefore not lawful.
The FWC stated that Mr L was within his rights to refuse consent to having his fingerprints scanned and registered and therefore there was no valid reason to dismiss him.
As more electronic devices are introduced into health workplaces, nurses need ever more vigilance. Such vigilance is often nothing more than reminding an employer of their legally mandated obligations.
Do you have an idea for a story?
Email [email protected]