By Andrew Piper and Alex Millman, NRA Legal
As businesses navigate the challenges of ensuring the health and safety of their customers and employees during the COVID-19 pandemic, they must be careful to avoid infringing upon the privacy of their employees.
A recent decision in the Fair Work Commission is useful for understanding what information an employer can request of its employees, as well as whether disciplinary action can be taken against an employee who refuses to provide requested information.
Request to complete COVID-19 travel survey
In March 2020, One Key Resources (Mining) Pty Ltd (One Key) like many other Australian businesses was growing increasingly concerned about the spread of COVID-19 and the risks this posed to its customers and employees.
As a means to mitigate this risk, One Key decided to direct employees to complete a survey about their recent history of travel. The purpose of this survey was to identify if any employees had recently visited any “high-risk” countries.
The survey provided information about countries that had been identified as high-risk or moderate risk countries for COVID-19 and requested the employee’s:
- whether they had travelled to high-risk or moderate risk countries from 1 February 2020 to 6 March 2020; and
- whether they had any travel plans in the near future.
An employee of One Key, Mr Knight, refused to take part in this survey. Mr Knight was of the view that this survey was asking for private information that he was not willing to divulge.
One Key first reminded Mr Knight to complete the survey before issuing him with a warning for failure to follow a lawful and reasonable direction. Following Mr Knight’s further refusal to complete the survey the decision was made to dismiss Mr Knight for failure to follow a lawful and reasonable direction.
Mr Knight then proceeded to make an unfair dismissal claim in the Fair Work Commission against One Key.
Was refusal to take part in the survey a valid reason for dismissal?
When the Fair Work Commission considers whether a dismissal was harsh, unjust or unreasonable, section 387(a) of the Fair Work Act 2009 (Cth) provides that the presiding member must consider whether there was a valid reason for the dismissal related to the person’s capacity or conduct (including its effect on the safety and welfare of other employees).
One Key made the decision to terminate Mr Knight on the basis that he had engaged in misconduct through failing to follow a lawful and reasonable direction to complete the survey.
The key issue of dispute in this case was whether One Key could lawfully request this information from Mr Knight.
An employee’s privacy and an employer’s need to know
The outbreak of the COVID-19 pandemic has caused employers to walk a tightrope between balancing their privacy obligations and the responsibility to maintain a safe and healthy workplace.
In this case, Mr Knight alleged that One Key had breached the Australian Privacy Principles by requesting ‘sensitive information’ in the form of health information. The Australian Privacy Principles found in Schedule 1 to the Privacy Act 1988 (Cth) (Privacy Act) prohibit the collection of ‘sensitive information’ about an individual unless that person consents, and the collection of that information is reasonably necessary for one or more of the entity’s functions or activities.
Relevantly, the definition of ‘sensitive information’ under the Privacy Act includes ‘health information’.
Mr Knight argued that the direction given to take the survey could not be lawful since it was, in his view, requesting him to provide sensitive (health) information without his consent.
Work, health and safety obligations
One Key argued that the request was lawful and reasonable since it was made in order to comply with its work, health and safety obligations. These obligations exist under section 18 of the Workplace Health and Safety Act 2011 (QLD) (WHS Act) which provides that One Key must do what is reasonably practicable to ensure the health and safety of its workers.
One Key needed to turn its mind to relevant factors including:
(a) the likelihood of the hazard or the risk concerned occurring; and
(b) the degree of harm that might result from the hazard or the risk; and
(c) what the person concerned knows, or ought reasonably to know, about –
(i) the hazard or the risk; and
(ii) ways to eliminate or minimise the risk, and
(d) the availability and suitability of ways to eliminate or minimise the risk.
It was the view of One Key that a survey requesting information about any recent travel and future plans for travel was reasonable in light of these obligations. Further to this, One Key argued that Mr Knight had a duty as an employee to comply with any reasonable instruction given for the purposes of complying with the WHS Act.
One Key disagreed with Mr Knight’s arguments that the survey was requesting sensitive information. Instead, One Key argued that the survey was not a request for health information; rather, it was a request for travel information that would enable One Key to appropriately assess the risk of COVID-19 to employees within the business. At no point did the survey attempt to find out health information such as whether Mr Knight had COVID-19.
Ultimately, Commissioner Simpson found in favour of One Key, agreeing that the direction to complete the survey was a lawful and reasonable direction. Mr Knight’s failure to follow this direction was therefore found to be a valid reason for his dismissal.
The application was dismissed.
Takeaways for managing privacy in the COVID-19 landscape
This case demonstrates the importance of being careful and precise about what information is requested from employees. The survey used by One Key was a good example of a request for information that was careful to avoid infringing upon employee privacy but that was appropriate for the purpose of assessing a workplace safety risk to employees.
However, many employers may need to specifically request health information from employees, such as whether they have contracted COVID-19. Usefully, One Key did argue in this case that even if the information they requested was found to be ‘sensitive information’ it would be a ‘permitted general situation’ for the purposes of section 16A of the Privacy Act.
A ‘permitted general situation’ enables an employer to request and collect certain information without having to meet the requirements imposed by the Australian Privacy Principles. In this context, One Key argued (and the Commissioner ultimately agreed) that a permitted general situation existed since the entity reasonably believed that the collection and use of this information was necessary to lessen or prevent a serious threat to the life, health or safety of an individual or to public health or safety.
Despite this conclusion, employers should always exercise caution and ideally gain professional advice before proceeding with such a request.
If you require more information on managing the challenges of balancing your privacy and work, health and safety obligations towards employees be sure to contact the National Retail Association’s Workplace Relations team on 1800 RETAIL (738 245) for advice.