The recent Full Bench of the Fair Work Commission decision in Lee v Superior Wood [2019] FWCFB 2946 may limit the circumstances where an employer can safely dismiss an employee for failing to follow certain workplace policies. In this case, an employee was dismissed because he refused (after repeated warnings) to use an employer’s biometric (fingerprint) scanner. The employee was held to have been unfairly dismissed.

This decision could have significant implications. In particular, employers will need to be careful when dismissing employees because the employee has failed to follow workplace policies requiring them to provide their employer with certain information.

Lee v Superior Wood

Lee v Superior Wood, concerned an unfair dismissal claim made by Mr Lee.

His employer, Superior Wood, determined that its employees should sign in and out of work using biometric scanners. It did this to improve site safety and payroll administration.

To this end, Superior Wood created a biometric scanner policy.

This policy required Superior Wood’s employees to register their biometric information on its biometric scanners and to use those scanners to sign in and out of work.

Mr Lee refused to comply with the policy. He refused to register his biometric information. After numerous warnings, Superior Wood dismissed him for failing to follow the policy.

Mr Lee then lodged an unfair dismissal claim against Superior Wood.

Unfair Dismissal – a valid reason

In determining whether an employee has been unfairly dismissed, the Fair Work Commission will consider (amongst other things) whether there was a valid reason for dismissing the employee.

Superior Wood argued it had a valid reason to dismiss Mr Lee because he had failed to follow its biometric scanner policy and that policy was a lawful and reasonable direction.

A lawful and reasonable direction?

Employees have an implied contractual duty to comply with the lawful and reasonable directions given by their employer.

An employer’s policies can be directions to their employees. Consequently, an employer can have a valid reason to dismiss an employee if the employee has failed to comply with a policy which is reasonable and lawful.

The Full Bench held that Superior Wood’s biometric scanner policy was not a lawful and reasonable direction. It was unlawful because it breached the Privacy Act 1988 (Cth) (Privacy Act”).

Therefore, the Full Bench determined, Mr Lee’s refusal to comply with the policy was not a valid reason for dismissal.

A policy in breach of the Privacy Act is not a lawful direction

The Biometric Scanner Policy was unlawful because Superior Wood breached various provisions of the Privacy Act in requiring Mr Lee to provide his biometric information.

In particular, Superior Wood breached the Privacy Act by:

  • not having a clearly-expressed and up-to-date privacy policy regarding its’ management of personal information;
  • not issuing a notice to employees informing them of various matters; and
  • not obtaining Mr Lee’s consent to collect biometric data.

This meant that Superior Wood’s policy requiring Mr Lee to provide his biometric information was not a lawful direction as it was contrary to the Privacy Act.

Implications for employers

This decision suggests the Privacy Act will impose various obligations on (most) employers when collecting ‘sensitive information’.

The Privacy Act’s obligations regarding sensitive information may be relevant regarding directions and policies concerning the collection of an employee’s health, genetic or biometric information.

These obligations could be problematic for employers who direct employees to undertake drug or alcohol tests or medical examinations, or to use a biometric scanner. The Privacy Act may apply to these directions and policies.

If so, an employer may not have a valid reason to dismiss an employee if they refuse to comply with the policy (or direction) if it breaches the Privacy Act. For example, a policy may breach the Privacy Act if the employer fails to notify the employee of certain information, or does not have a privacy policy.

Consequently, employers should understand their obligations under the Privacy Act before they create a policy which requires an employee to provide sensitive information. These obligations can include (but are not limited to):

  • having a clearly-expressed and up-to-date privacy policy;
  • notifying employees of certain information, as required by the Privacy Act; and
  • obtaining an employee’s genuine consent to the collection of their information.

Additional obligations may apply where sensitive information is stored overseas.

When are employee records exempted from the Privacy Act?

The Privacy Act does not apply to acts relating to certain records held by employers regarding current or former employees (“Employee Record Exemption”).

In Lee v Superior Wood, the Full Bench also clarified the scope of the Employee Record Exemption. It held that the exemption only applies to records the employer already holds. The exemption does not apply to the collection of employee information.

This means that employers should comply with the Privacy Act when collecting sensitive information.

However, once that information has been collected, the Employee Record Exemption applies, and the Privacy Act no longer applies to that information.

This decision (as it currently stands) limits the scope of the Employee Records Exemption. Consequently, employers may need to consider whether they are complying with the Privacy Act when collecting employee information.

Adam Colquhoun

Principal, WestmoreJacobs

This article is general information only. It is not legal advice. If you need legal advice, please contact us.