Employee finger print scanning and privacy implications

Many employers have operated on the assumption that, because employee records are exempt from the Privacy Act, employers have significant freedom when dealing with employee privacy.

A recent Fair Work Commission decision from the Full Bench has clarified this is limited. The case also gave rise to interesting considerations around an employer’s ability to issue a lawful and reasonable direction for drug and/or medical testing.


In the decision of Lee v Superior Wood[1] the Fair Work Commission found that a direction requiring an employee to consent to having a fingerprint scan was not lawful.

In fact, this insistence infringed the employee’s rights under privacy legislation.

The employee’s dismissal for failing to follow this direction was therefore deemed unfair.

Superior Wood sought to introduce fingertip scanners into the organisation to record employees’ start and finish times. Mr Lee did not consent to registering his fingerprint, and continued to manually clock in and clock out of work.

The employee records exemption is limited: it only applies to records actually held by the employer and does not extend to records that are not yet in existence.

Because Mr Lee did not give consent, and there were actually other means of recording an employee’s start and finish time, the direction to register his fingerprints was not deemed to be lawful and reasonable, and therefore, his refusal to follow it did not constitute an adequate reason for his dismissal. 

Implications for drug and alcohol testing and employee surveillance

This case raises some important issues relating to not just surveillance but also drug and alcohol testing.

The question has now been raised as to the legality behind requiring an employee to attend a medical examination, or a drug or alcohol test. It’s common practice to do so. This may be to ensure adherence to duty of care obligations, or ascertain what ability an employee has to perform the full requirements of their role.

While there is no test case to answer this, Australian Privacy Principal 3 is an exception stating that consent it not required where the collection of such sensitive information is required by law.

This could provide an avenue for employers to argue that a lawful and reasonable direction to undertake a drug or alcohol test, for example, is necessary to protect workplace health and safety. There will no doubt be cases in future applying this reasoning that will help determine the way forward.

What employers need to know

The most important take away is to ensure that any direction given to an employee is not only reasonable, but is lawful. You should be sure to consider the contents of relevant legislation before giving the direction.

Employers who are bound by the Privacy Act should consider:

  1. Do you have a compliant privacy policy in place? This policy should be clear about what, how and when personal and/or sensitive information may be collected, and when consent may be required.
  2. Are your policies and procedures around issues such as drug and alcohol influence in the workplace clear and up to date? Policies and procedures should be flexible enough to ensure that employees abide by all of them and that they can be changed from time to time.
  3. Are employment contracts drafted in a way that protects your organisation, and is in line with legal obligations concerning the collection of personal information? You should also consider including a privacy statement in your employment contracts that state the type of personal and/or sensitive information may be collected.
  4. If you are introducing new technology, such as fingerprint scanning, have you performed a Privacy Impact Assessment to ensure you are compliant with privacy when introducing it?

It’s also important to remember not only privacy laws need to be considered in this context. Depending on what is monitored, collected and stored, employers also need to be aware of applicable surveillance legislation (which differs state by state) and health records legislation.

How can Moores help?

Our privacy and employment law gurus here at Moores can help in a number of ways including reviewing/drafting a compliant privacy policy, employment contracts and other relevant policies and procedures.

We can also provide you with strategic advice and implementation strategies in a variety of different matters. Should you have any questions or queries, please do not hesitate to contact us.

[1] [2019] FWCFB 2946