A recent decision of the Fair Work Commission (FWC) has highlighted the privacy considerations for employers when implementing vaccination policies in the workplace, particularly in the current COVID-19 environment.
Across Australia, many employers have been required to introduce (or at least consider introducing) vaccination policies as a result of public health orders or directions issued by federal, state and territory governments.
These types of policies require employees to disclose to their employer sensitive information such as medical information relating to their vaccination status (i.e., proof of their vaccination or evidence of a medical contraindication that prevents the employee from being vaccinated).
There are limitations on the sensitive information that an employer is able to collect about an employee and, in situations where such collection is allowed, employers have obligations on how it can be disclosed, used and stored. These are set out in theย Privacy Act 1988ย (Cth) and the Australian Privacy Principles (APPs).
Employee argued request for vaccine proof breached privacy rules
In a recent decision, the FWC was required to consider these privacy concerns in the context of an application for unfair dismissal made by a care service employee at an aged care facility.
Between July and September 2021, the aged care facility issued a vaccination policy to reflect a public health order (PHO) that prevented employees of aged care facilities from entering or remaining on the premises unless they received at least one dose of a COVID-19 vaccine.
The PHO also required operators of aged care facilities to take all reasonable steps to ensure that anyone subject to the requirements of the PHO complied and also that anyone subject to the requirements provided the operator with โvaccination evidenceโ if necessary for the operator.
The PHO also contains an exemption for any person who was unable to be vaccinated due to a medical contraindication, as long as the person was able to present an approved certificate which specified the medical contraindication.
The aged care service employee did not provide any evidence that she had received at least one dose of a COVID-19 vaccine or any evidence to support the existence of a medical contraindication.
Instead, she raised a concern (among others) that the employerโs request for medical information was a breach of an individualโs right to privacy under the Privacy Act.
Valid reason for dismissal
Ultimately, the employee was dismissed from her employment as her refusal to disclose the medical information required by the PHO meant she was prohibited from entering the workplace and she could not undertake her role.
The FWC considered this to be a valid reason for the employeeโs dismissal.
It noted that a PHO, once in force and applicable to a particular workplace, must be complied with unless or until it is declared invalid or unlawful by a court of competent jurisdiction (a question which the FWC did not have jurisdiction to determine). Accordingly, the employer had no option but to comply with the PHO and could not provide the employee with any duties to undertake.
The FWC further noted that, while the APPs prevent an employer from collecting sensitive information (such as medical information) about an individual without the individualโs consent, there is an exception that allows the collection of such information if it is required or authorised by or under an Australian law, which is defined to include an โAct of the Commonwealth or of a state or territoryโ. The FWC considered that this exception applied in these circumstances.
The FWC found, even if there was a breach of the Privacy Act (which it did not consider there was), this had to be balanced against other considerations. The fact remained that the employer and employee were required to comply with the PHO and the employee did not have any capacity to perform any work because she was prohibited from entering the workplace.
Accordingly, the employeeโs application for unfair dismissal was dismissed.
Lessons for employers
This decision enforces the position that an employeeโs refusal to comply with a PHO (or workplace policy reflecting a PHO) will likely be found to be a valid reason for dismissal, particularly in circumstances where such refusal means the employee is not able to perform their role.
With respect to privacy concerns, an employerโs obligations under the Privacy Act and the APPs are just one of the many competing obligations that it must consider when seeking to enforce a PHO or workplace policy.
Employers must ensure that collection of sensitive information (in this case, medical information) from employees is done in compliance with applicable privacy legislation and the FWCโs comments in this decision support the view that this can be done.
Legal advice should be sought to ensure that such policies are compliant with the relevant legislation.
โThis article was first published on the Workplace Law blog.ย Information provided on the blog is not legal advice and should not be relied upon as such.
Comments