07 June 2019
In this age of technological advancement, new, innovative ways of monitoring and identifying employees in the workplace are emerging. Increasingly, employers are using biometric data, such as fingerprint scanning and hand scanning, to identify employees, establish records of working hours, restrict access to specific areas, provide security and enhance workplace health and safety (amongst other things).
Biometric authentication is an attractive system for employers for security, accountability and convenience purposes. Its reliance on unique biological characteristics means it is almost impossible for individuals to hack or exploit the system. Although biometric authentication systems can be implemented for a number of legitimate reasons, employers can face serious legal issues if implementation is not thought through properly. By way of example, biometric authentication systems can infringe upon employees’ right to privacy under the Privacy Act 1988 (Cth) (Privacy Act).
This raises a wide range of issues that employers must consider. For example, what happens when employees do not consent to the use of these mechanisms and refuse to provide their biometric data?
This scenario was recently the subject of a recent decision of the Full Bench of the Fair Work Commission. In Lee v Superior Wood, an employee, Mr Lee, refused to scan his fingerprint as a means of signing in and out for his shifts for privacy concerns. Mr Lee was dismissed and subsequently made an unfair dismissal claim. In coming to a decision, the Full Bench of the Fair Work Commission (Full Bench) was required to consider the intersection of privacy law and employment laws.
This decision raises important issues for employers looking to introduce new biometric data collection technology in the workplace and provides guidance on how to lawfully manage an employee’s refusal to participate in that process.
In October 2017, Superior Wood Pty Ltd (Superior Wood), introduced fingerprint scanners in the workplace to log employees’ start and finish times. The fingerprint scanners were introduced for safety and payroll efficiency.
After significant consultation with employees and a seven week trial period, the fingerprint scanning was formally implemented in January 2018 and employees were directed to comply with the ‘Site Attendance Policy' (Policy) and provide a fingerprint scan.
The Policy provided that all employees were required to use the scanners to record their attendance on site, both when arriving and leaving the site. Signing attendance sheets alone was no longer acceptable. Mr Lee, who had been employed by Superior Wood for approximately 3 ¼ years, refused to register his fingerprint and continued to manually sign in and out for his shifts, as he was concerned about the collection and storage of his personal information. He expressed concern about the control of his biometric data and the inability of the employer to guarantee no third party would have access to his personal information.
Mr Lee was assured by the scanner’s supplier that the collected data would only be used for linking payroll numbers to a clock in or clock out time. However, Mr Lee continued to resist the use of the scanners and, after being issued multiple warnings, was dismissed from his employment.
Mr Lee subsequently brought an unfair dismissal claim. At first instance his application was dismissed by Commissioner Hunt. He then appealed against the decision to the Full Bench.
At first instance, Commissioner Hunt found that Mr Lee had not been unfairly dismissed because, in the circumstances, it was reasonable for Superior Wood to request biometric data from its employees. Commissioner Hunt found that although Superior Wood may have breached its privacy obligations under the Privacy Act, the biometric system provided safety benefits, by providing real-time access to information about which employees were onsite, and also provided payroll efficiencies. Mr Lee’s refusal to provide his biometric data amounted to a breach of the Policy.
On appeal, Mr Lee raised nine grounds of appeal before the Full Bench. The Full Bench ultimately overturned Commissioner Hunt’s decision, finding there was no valid reason for dismissal.
The Full Bench decided the Policy did not form part of the terms and conditions of Mr Lee’s employment because the way in which his employment contract was drafted meant he was only bound by policies in place at the time his employment contract was signed. Because the Policy was introduced after Mr Lee had entered into his employment contract, it did not form part of the terms and conditions of his employment. Therefore, Mr Lee’s obligation to comply with the Policy depended on whether the direction to use the scanners to sign in and out of work each day was a ‘reasonable and lawful’ direction.
To determine whether the direction was ‘reasonable and lawful’, the Full Bench was required to consider the interaction of the Policy with the Privacy Act, which contains specific requirements in relation to the collection and solicitation of employees’ personal information. Superior Wood was required to comply with the Privacy Act, and was therefore:
Superior Wood did not comply with these obligations which arose from the Australian Privacy Principles, as:
Superior Wood sought to rely on an exception to the obligation for certain entities to comply with the Australian Privacy Principles, contained in s 7B(3) of the Privacy Act. That exception is in relation to ‘employee records’. Superior Wood sought to rely on this exception in relation to the fingerprint scanner, arguing that all records generated by an employer, including those that have not yet been created, are within the scope of that exception. However, the Full Bench found that this exception did not to extend to records not in existence, therefore could not apply to the fingerprint scanners. Consequently, Superior Wood was held to be bound by the Privacy Act requirements regarding the collection and solicitation of its employees’ personal information.
The Full Bench found that the direction to comply with the Policy was not a ‘reasonable and lawful’ direction because the direction itself was not lawful. As Mr Lee did not give his consent (as required by the Australian Privacy Principles), the Full Bench decided that the direction to submit to the collection of his fingerprint data was not a ‘lawful direction’ and could not form the basis of the decision to terminate Mr Lee’s employment. Given this finding, the Full Bench did not consider it necessary to consider whether the direction was reasonable.
As is evident from the above, while there are clearly privacy law implications when introducing and implementing biometric technology in the workplace, there may also be broader implications for employers. By way of example, in some jurisdictions the implementation of biometric technology has given rise to discrimination claims.
In the United States, an employee successfully argued he had been unlawfully discriminated against based on his religion when he refused to give his fingerprints to his employer. In 2011, the Equal Employment Opportunity Commission brought a lawsuit on behalf of Beverly Butcher (Butcher), a coal miner who resigned from his job rather than allowing his fingerprint to be scanned at the beginning of each shift to record his time worked.
Butcher, an Evangelical Christian and an ordained minister, argued that the biometric scan would tag him with the biblical ‘mark of the beast’ and condemn him to eternal punishment. This is a reference to the thirteenth chapter of the Book of Revelation in the New Testament of the Christian Bible, which concerns a ‘beast coming out of the earth’ who causes people ‘to receive a mark in their right hand, or in their foreheads’. This beast is usually identified as the antichrist and its mark believed to be the symbol of opposition to God.
A federal court jury unanimously found that Butcher had been unlawfully discriminated against because of his religion and awarded him $586,860 in lost wages and benefits and compensatory damages. The United States Supreme Court declined to review the case after the employer requested an appeal.
Such a finding is not limited to the United States and could foreseeably arise in Australia. Some anti-discrimination legislation – such as the ‘General Protections’ provisions within the Fair Work Act 2009 (Cth) (FW Act) and some state based anti-discrimination legislation (for example, the Equal Opportunity Act 1984 (WA)) – makes it unlawful to discriminate on the basis of a number of protected attributes, including religion. Discrimination on the basis of religion alone is currently not unlawful under federal anti-discrimination law, however the Coalition Government has committed to new religious anti-discrimination laws, which are (at the time of writing) being prepared.
Corrs have advised a range of clients on similar biometric systems, where employees have raised discrimination complaints on the grounds of religious belief, and have cited a concern over “the mark of the beast”.
With new and emerging forms of technology increasingly being utilised in workplaces, employers need to consider the potential implications and take steps to minimise the risks that can emerge when implementing such technology in the workplace.
To avoid potential legal issues, employers should:
Employers who are ‘APP entities’ for the purposes of the Privacy Act should also incorporate well-drafted privacy policies that make clear what, how and when employee personal information may be obtained and used.
The implementation and use of biometric technology can raise a number of legal issues, including privacy, discrimination and adverse action issues. Employers need to consider these potential claims when making decisions of this sort. While there may be a practical administrative burden to accommodate employees’ concerns, it is advisable to take extra measures to accommodate employees, where reasonable and possible, to reduce the risk of future claims.