Fair Work Decision involving Biometric Fingerprint Scanning - What does it mean for you?

May 22, 2019

Fair Work Decision involving Biometric Fingerprint Scanning - What does it mean for you?

On the 1st of May 2019 the Fair Work Commission made a decision in the case of Mr Jeremy Lee v Superior Wood Pty Ltd.  For the full decision you can view on the Fair Work Commission website here: https://www.fwc.gov.au/documents/decisionssigned/html/2019fwcfb2946.htm 

Biometric fingerprint scanning, unfair dismissal, privacy policies, sensitive personal information...what does this all mean for you as an employee?  Does it change anything for you as an employer? Should I be using Biometrics in my workplace? With this case making traction in general media, such as this recent ABC  news article, https://www.abc.net.au/news/2019-05-21/fingerprints-biometric-data-worker-wins-unfair-dismissal-case/11129338, a lot of questions have been raised by payroll officers, HR managers and business owners.  One thing is for sure, consumer feedback is that there seems to be some confusion over this decision and what it means for biometrics in the workplace.

Firstly, this case was about unfair dismissal.  And the decision was upheld that Mr Jeremy Lee was unfairly dismissed.  This was not a case about whether a business should use a biometric fingerprint device or not, but rather about the consent, collection and use of biometric information.

 

What were some key factors that contributed to Mr Jeremy Lee being considered to be unfairly dismissed?

  • Employee Consent:  The Privacy Act prohibits the collection of sensitive information about an individual, unless that person consents to the collection of the information.  Mr Jeremy Lee did not consent to provide his biometric data.
  • Notice To Employees: The Privacy Act requires a ‘privacy collection notice’ to be issued to individuals before or (if that is not practicable) as soon as practicable after the sensitive information is collected by lawful and fair means.  Mr Jeremy Lee did not receive a ‘privacy collection notice’.
  • Privacy Policy: Mr Jeremy Lee’s employer did not have an appropriate Privacy Policy in place.  And more importantly, the supplier of the biometric scanners did not have a relevant privacy policy in place at the time.  Mr Jeremy Lee could not be guaranteed that his sensitive data would be handled correctly under the Privacy Act.

The Privacy Act has been in place since 2001 and all businesses have obligations under the Privacy Act.  This case has really brought to the fore an employers obligations to comply with the Privacy Act.

 

What does this mean for me as an employee?  

As with any individual using a product or service, you have a right to know that your personal information is being used correctly, stored securely and that you have control over that information.  You should be able to obtain from your employer documentation to show you that your personal information will be used in compliance with the Privacy Act. And if using a biometric system in place at work (fingerprint device, facial recognition device, app that uses facial recognition or captures a photo), you should be able to be provided with appropriate documentation regarding the storage and use of your data.  Due to the fact that most places of employment have security video surveillance which is capturing ‘biometric’ information (photos and videos) of employees during the course of their day, it would be very rare for an employee not to consent to similar ‘biometric’ data being used in specific business systems, such as time and attendance.  However, as an employee you want to be reassured that your biometric data is being collected and stored correctly.

 

Does this change anything for me as an employer?  

Not really, as the Privacy Act has been in force since 2001.  This case will hopefully make more employers aware of their obligations under the Privacy Act.  Those obligations include having a Company Privacy Policy, issuing a ‘privacy collection notice’ to employees when collecting ‘sensitive employee information’ and obtaining employee consent before collecting ‘sensitive employee information’.  It is also important to ensure that suppliers of business software and hardware that you use within your company have relevant privacy policies in place and comply with best practice for the collection, storage and securing of the data within those systems.

 

Should I be using biometrics in my workplace then?  

Biometrics are a part of life now.  Most of us unlock our phone, verify payments on our phone, access our PC and head through immigration at the airport using biometric identifiers.  Call up the ATO and you’ll be asked to use your voice to identify. Microsoft, Google, Samsung and Apple implement biometrics in their mainstream products and services.

 

The short of it is that biometrics provide fast identification of us as an individual, without the need to use pin-codes or additional mediums such as plastic cards.  So to implement key business systems that use biometrics can greatly improve efficiency and security within a business. Ensure that your business meets its requirements under the Privacy Act in all matters of data collection and storage.  And make sure that the biometric systems you put in place are provided by trusted vendors with robust security and data protection policies.





Leave a comment

Comments will be approved before showing up.