The Facts

Company introduces site attendance policy with biometric fingerprint scanning

A company introduced a biometric fingerprint scanning system as part of its new site attendance policy for all its employees. This measure was intended to provide security, safety and efficiency benefits for the company.

After the policy was announced during a floor meeting in October 2017, all company staff were directed to register their fingerprints over the following week. Once registered, employees would then check in and out of the company's work sites by using scanners provided at the start and finish of each shift.

Employee refuses to provide fingerprints

One employee was a casual general hand who had worked at the company for more than three years. In November 2017 he was called in and attended a meeting, but did not provide his fingerprints when asked to do so.

The following day he met his supervisors, who provided him with further information about the site attendance policy and the scanning system. They provided reasons for the decision to introduce the scanners and the benefits the system would bring to the company.

Employee concerns regarding third party access to fingerprint data

The employee said he was not satisfied that the company could guarantee that third parties would not be able to access the electronically stored fingerprint data and there was no guarantee that the biometric information in his prints could not be used by any other persons.

The employee then wrote to the company, setting out his concerns about privacy and his objection to providing his fingerprints. The company responded with additional information about the nature of the fingerprint data collection.

The company provided the employee with documentation from the suppliers of the scanners, which said that the data collected could not be used "for any other purpose other than linking your payroll number to a clock in/out time".

Company dismisses employee after discussions and warnings

The scanners were implemented in January 2018. Meanwhile, the employee continued to check in and out of work using the sign in and out book.

He was given a verbal warning and was subsequently warned in writing that if he continued to fail to comply with the policy, it would result in his employment being terminated.

The employee wrote to the company that he wished to be allowed to keep his job, but insisted on retaining ownership of his biometric data. Further discussions did not result in any resolution.

In February 2018 a show cause letter was issued to the employee, after which he was dismissed.

The employee brought an application in the Fair Work Commission for unfair dismissal. It was up to the commission to determine whether it was reasonable and lawful for the employer to require the employee to provide the biometric data and if so, whether the dismissal was harsh, unjust or unreasonable.

case a - The case for the employer

case b - The case for the employee

  • Our requirement that employees use biometric fingerprint scanning is lawful, reasonable and practical.
  • This measure is part of our site attendance policy. It improves safety in the event of an emergency by avoiding the need to locate the paper sign in and out book to ascertain attendance on site.
  • The site attendance policy formed part of the employee's contract of employment, so he was obliged to comply with its terms.
  • The biometric data collected by the fingerprint scanners is secure and confidential, as are all employee records.
  • There was no breach of privacy, due to the exemption in the Privacy Act with respect to employee records.
  • We have the right to manage our affairs by requiring employees to comply with company policies.
  • The commission should find that he was not unfairly dismissed.
  • My fingerprints and the biometric data they contain constitute "sensitive information" according to the Privacy Act. They are my personal and private property.
  • Employers are not entitled to collect an employee's sensitive information without proper notice and without their consent.
  • The company did not talk to me or to any other employees about its legal obligations and responsibilities in handling sensitive information.
  • The company supplying the scanners also failed to provide adequate information about the collection and use of personal and sensitive information in accordance with Australian privacy laws.
  • Once my personal biometric data is digitised, it could be difficult to contain its use by third parties, including for commercial purposes. I was never told exactly who was likely to have access to this sensitive information.
  • The Privacy Act exemption does not apply to my records, because the company failed to issue a privacy collection notice as required by the Privacy Act.
  • It is not true that the fingerprint scanners would improve safety, nor that their introduction was reasonably necessary. The commission should find that I was unfairly dismissed.

So, which case won?

Cast your judgment below to find out

Mark Shumsky

Employment law

Stacks Collins Thompson

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.