By Katherine Argyriou & Vaughan Granier

More and more employers are making use of electronic systems for, amongst other things, security, tracking, time recording (timesheets, payroll etc.) and access control. This involves employees registering their personal biometric information with their employer to be able to be paid, or to access the workplace. Personal biometric information can include fingerprints, palmprints, facial recognition and voice prints. A single fingerprint pressed on a scanner will record a number of statistics such as identity, time, date, and location. This information can then be instantly integrated into a time management system that helps business control and manage aspects of security and payroll record keeping.

There is no doubt that increasingly technological solutions to workplace issues, such as access, will result in more streamlined and innovative solutions. Biometrics are linked to huge improvements in efficiency because systems can process information far faster than paper based or even pin-code systems, suggesting that the prevalence of these systems can be expected to increase. Paper based systems also come with an administrative load – converting those records into payroll or other digital records for use. Behind all of this, biometrics prevent time fraud through “buddy-clocking” or having to assume worked hours through missed log-ins or log-outs.

Changes to the traditional way of doing things can be confusing or even uncomfortable for employees. While many employees may not think twice about biometric recognition at work, many others guard their privacy and are struggling to reconcile giving away their personal or private information to anyone, including giving biometric information to their employers. There have been some questions raised as to the legitimacy of this, and the extent to which it can be required.

The main concerns for employees are identity theft and recognition errors. While most people trust the accuracy of fingerprints, significantly less numbers are trusting of facial recognition or voice recognition. As it becomes mainstream (for example, eGate passport controls at airports, voice activated telephone banking), this may change, but the transition will not be immediate, and the transition phase may present challenges for employers who are early adopters.

The disclosure of biometric information is regulated by Clause 6 of the Australian Privacy Principles however, there is currently no legal framework in place to explicitly cover the intersection between biometric information and employee privacy rights. There are overriding concerns that arise from compliance with the principles of privacy law and more specifically, the Privacy Act 1988 (Cth). It is very important to the fairness and legitimacy of the use of biometrics that the Act is complied with. Under the Act, biometric information falls under the definition of ‘sensitive information’ that ‘is to be used for the purpose of automated biometric verification or biometric identification.’

Significant factors in the lawfulness of the introduction and use of the technology are very important, and privacy and employment law overlap in the need for proactive and good faith communication with employees.

The recent decision of Lee v Superior Wood Pty Ltd [2019] FWCFB 2946 discusses some aspects of the issue. Mr Lee, the employee, refused to permit fingerprint scanning login, an attendance recording method that had been formally implemented at his place of work. Mr Lee refused to use the technology after his employer failed to guarantee that no third party would have access to his biometric information, and continued manually signing in and out for his shifts. The scanner’s supplier reassured Mr Lee that the collected information would only be used for payroll purposes.

As a result of his noncompliance with the employer’s ‘Site Attendance Policy’, Superior Wood dismissed Mr Lee from his employment. Bringing an unfair dismissal claim, Mr Lee’s case was dismissed at first instance, on the basis that it was reasonable for Superior Wood to require biometric data from its employees.

On appeal before the Full Bench however, it was found that there was no valid reason for Mr Lee’s dismissal. Superior Wood’s ‘Site Attendance Policy’ was found not to encompass the terms of Mr Lee’s employment, as his employment contract was implemented prior to the policy. Subsequently, the Full Bench felt it necessary to determine whether or not requiring employees to submit to biometric login was considered ‘lawful and reasonable direction.’

It was found that Superior Wood neglected to comply with the Privacy Act by not having a privacy policy in place at the time of Mr Lee’s employment, not receiving Mr Lee’s consent to the collection of his biometric data and failing to provide alternative options, as Mr Lee’s biometric information was not reasonably necessary. Therefore, as Mr Lee failed to provide his consent under the Privacy Act, Superior Wood’s direction was not lawful, and Mr Lee’s dismissal was unfair.

Taking advantage of technological advancements to more efficiently manage employees can prove an invaluable change for employers but threatens to raise the risk of privacy issues within the workplace. Therefore it is important to correctly manage staff information and subsequently is vital to adequately protecting yourself and your business.

Katherine Argyriou is a passionate Workplace Relations Consultant at FCB Group and HR Assured Australia. Katherine provides in-depth advice on a range of employment relations matters with a particular interest in the employee life cycle.

Vaughan Granier is the National Workplace Relations Manager for HR Assured NZ. He has over 24 years’ experience in international human resources, health and safety, and workplace relations management. With over 10 years working in New Zealand and Australian companies, he provides in-depth support to leadership teams across all areas of HR, Health and Safety, and employee management.