Call 1300 565 846 or +61 2 9466 4740
Close

Subscribe

Join our mailing list to receive breaking news and webinar invites.

Please tick if you'd like to receive alerts and webinar invites on the following topics:*


Agree to the terms of our Privacy Policy.: By submitting this form you agree to the terms of our Privacy Policy.

Resources

Tread carefully when collecting employee data

Tread carefully when collecting employee data

Published: 21 Feb 2019

Tread carefully when collecting employee data

Tread carefully when collecting employee data

Published: 21 Feb 2019

A Full Bench of the Fair Work Commission has granted permission for an employee to appeal an unfair dismissal based on “public interest” as the case raised “important, novel and emerging issues” concerning personal data, security and fingerprint scans.


Yes, fingerprints – familiar from forensic procedurals and one of a range of biometric measures used to monitor employee movements. In this particular case, the employer advised employees that they were introducing this technology for signing in and out of work. One employee refused as he was concerned that his biometric data would be accessed, sold or used against him. Despite responses from his manager regarding security, he still refused and was consequently terminated 12 weeks later.

This case and subsequent appeal are significant as they will allow the Full Bench to review what personal data employers can request from their employees in a time of increased fear around data collection, breaches and privacy.

As individuals become better educated on the threats against cybersecurity and the damage that can occur from identity theft,   it raises the question: at what point can an employee refuse to share personal data with an employer without the risk of dismissal?

Employees’ rights to ‘opt in’

As we have seen with the government’s My Health Records and the significant number of ‘opt-outs’, people don’t trust organisations to keep their personal data safe. How many organisations can give assurances that personal data will be secure at all times?

No organisation can give a 100% guarantee that they won’t be hacked, but they should put every reasonable protection in place to make that data secure. Employment contracts, induction training and policies should clearly state reasons for data collection.

Managing Generation Z

With younger, tech-savvy generations in the workforce, many companies are looking at adopting a Bring Your Own Device (BYOD) policy, including personal phones and laptops. These policies present another area for review. Smartphones today are more than a techno- logical tool. They can hold all of an employee’s private data, medical and financial records – even their fingerprints! If an organisation asks employees to use personal devices to access corporate data, policies and processes should be in place so they are clear on the employer’s rights to access the device and its data.

When is a company within its rights to collect data?

Building trust and proceeding reasonably are critical when an employer is exercising its rights to collect information. If you have a workplace culture built on communication and trust that properly informs employees when, why and how you collect their personal data, you should experience minimal resistance.

Whatever personal data you collect, keep these rules in mind:

  1. Communicate: Tell employees what data you need and why, at every point of collection. If they understand the rationale behind it, cooperation should follow.
  2. Document: Make policies available to employees at the start, and frequently remind them of what data you collect, and why and how it will be used.
  3. Secure: Access to employee records and data should be restricted to the few who need it to do their job, as well as the employee. Giving the employee equal access is considered best practice.
If you collect data or monitor your employees, you should communicate clear workplace policies to avoid repercussions should an unfair dismissal claim arise. Have a policy for email and internet use, social media drug and alcohol testing, and personal data collection.

Whether fingerprint scans or health records, handling employees’ personal data can be a grey area. Review your methods of collection, the purpose of the data and the security measures adopted. Bring in relevant departments that have a role in protecting the privacy of employees. If in doubt, get professional advice on whether your current processes are best practice and would stand up in court if challenged.

If this article has raised any issues for your business, get in touch on 1300 565 846 or info@ablawyers.com.au.

Join our mailing list to receive breaking news and webinar invites.

Please tick if you'd like to receive alerts and webinar invites on the following topics*:


By submitting this form you agree to the terms of our Privacy Policy.

Australian Business Lawyers & Advisors (ABLA) (ACN 146 318 783) is the Trustee of Australian Business Lawyers & Advisors Trust (ABN 76 008 556 595). Liability limited by a scheme approved under Professional Standards Legislation.  Legal practitioners employed by or directors of Australian Business Lawyers & Advisors Pty Limited are members of the scheme.

To understand how we protect your privacy, please refer to our Privacy Policy.