There are a range of things that businesses can do to better manage the collection, use and disclosure of employee information
Following an earlier article written for HRD magazine on the matter under appeal for an unfair dismissal around fingerprint data collection, the Full Bench of the Fair Work Commission has clarified what businesses need to be doing about the collection of employee data.
Decision under appeal
Late in 2018, Commissioner Hunt handed down a decision that held the collection of an employee’s biometric data, based on operational and safety reasons, was for a company function or activity that was reasonably necessary.
This finding overshadowed any concerns the Commissioner had about the company’s compliance (or lack thereof) of the Privacy Act 1988 (Cth). The Commissioner also held that the employee’s dismissal was for a valid reason in view of the employee’s repeated refusal to consent to the collection of his biometric data (fingerprint).
The appeal
The Full Bench disagreed with the Commissioner, finding the employee’s dismissal was unfair. In doing so, the Full Bench held that the company was bound to comply with the rules for the collection, use and disclosure of personal information in the Privacy Act and could not rely on the exemption that applies to employee records in the Privacy Act.
The Full Bench was sympathetic to the former employee’s concerns about compliance with the Privacy Act and the security of his biometric data.
The company was in breach of the Privacy Act (and also in breach of the Australian Privacy Principles) at the time because:
In addition to the above, the third party provider did not have a privacy policy at the time.
Lessons companies should act on:
The Full Bench decision provides some clear direction that companies should learn from when collecting employee data:
How businesses can minimise risk
There are a range of things that businesses can be doing to better manage the collection, use and disclosure of employee personal and sensitive information:
It is advisable you seek legal guidance to review your policies and processes around data collection and storing sensitive employee personal information. Companies should take the time to check where personal information is gathered, both customer and employee data, and review transparency, consent and safety.