The rules around data collection for employees are undergoing rapid changes. Joe Murphy, ABLA’s managing director, national workplace, explains
A full Bench of the Fair Work Commission has granted permission for an employee to appeal an unfair dismissal based on “public interest” as the case raised “important, novel and emerging issues” concerning personal data, security and fingerprint scans.
Yes, fingerprints – familiar from forensic procedurals and one of a range of biometric measures used to monitor employee movements. In this particular case, the employer advised employees that they were introducing this technology for signing in and out of work. One employee refused as he was concerned that his biometric data would be accessed, sold or used against him. Despite responses from his manager regarding security, he still refused and was consequently terminated 12 weeks later.
This case and subsequent appeal are significant as they will allow the Full Bench to review what personal data employers can request from their employees in a time of increased fear around data collection, breaches and privacy.
As individuals become better educated on the threats against cybersecurity and the damage that can occur from identity theft, it raises the question: at what point can an employee refuse to share personal data with an employer without the risk of dismissal?
Employees’ rights to ‘opt in’
As we have seen with the government’s My Health Records and the significant number of ‘opt-outs’, people don’t trust organisations to keep their personal data safe. How many organisations can give assurances that personal data will be secure at all times?
No organisation can give a 100% guarantee that they won’t be hacked, but they should put every reasonable protection in place to make that data secure. Employment contracts, induction training and policies should clearly state reasons for data collection.
Managing Generation Z
With younger, tech-savvy generations in the workforce, many companies are looking at adopting a Bring Your Own Device (BYOD) policy, including personal phones and laptops. These policies present another area for review.
Smartphones today are more than a technological tool. They can hold all of an employee’s private data, medical and financial records – even their fingerprints! If an organisation asks employees to use personal devices to access corporate data, policies and processes should be in place so they are clear on the employer’s rights to access the device and its data.
When is a company within its rights to collect data?
Building trust and proceeding reasonably are critical when an employer is exercising its rights to collect information. If you have a workplace culture built on communication and trust that properly informs employees when, why and how you collect their personal data, you should experience minimal resistance. Whatever personal data you collect, keep these rules in mind:
If you collect data or monitor your employees, you should communicate clear workplace policies to avoid repercussions should an unfair dismissal claim arise. Have a policy for email and internet use, social media drug and alcohol testing, and personal data collection.
Whether fingerprint scans or health records, handling employees’ personal data can be a grey area. Review your methods of collection, the purpose of the data and the security measures adopted. Bring in relevant departments that have a role in protecting the privacy of employees. If in doubt, get professional advice on whether your current processes are best practice and would stand up in court if challenged.
Joe Murphy is the managing director, national workplace, at Australian Business Lawyers & Advisors (ABLA). Serving business and only business, ABLA is trusted by the Australian Chamber of Commerce and Industry and is the leading voice for business in the Fair Work Commission. ABLA was voted #1 Employment & Workplace Law Firm of the Year 2018. Contact Joe on 1300 565 846 or at [email protected] if you have any questions raised by this article.