More and more businesses use tracking devices to help manage their vehicle fleets. What do you need to do to ensure that your devices comply with the law and data privacy regulations?
More and more businesses these days use GPS tracking devices in their vehicle fleets. GPS devices are a great way of increasing fleet efficiency, and also have safety benefits for employees.
Many businesses now augment GPS tracking with external and internal-facing dashcams. External cameras are a great asset for dispute resolution. Internal-facing cameras, coupled with artificial intelligence technology, also have safety benefits such as monitoring for driver fatigue and distraction.
These devices are not without controversy due to their potential to intrude on employees’ privacy.
In response to this, State and Federal governments have passed legislation to strike a balance between the utility and controversy of these devices. Unfortunately, the result is a set of regulations that vary from State to State, overlaid with Commonwealth privacy laws.
In South Australia, the Surveillance Devices Act 2016 (SA) regulates these devices. This Act sets out the conditions for the use of ‘listening devices’, ‘optical surveillance devices’ and ‘tracking devices’. In short, the SA Act prevents the installation or use of any of these devices without the consent of the person being monitored. Companies are subject to fines of up to $75,000 for breaching these provisions.
You should be aware that each State has its own surveillance device laws. For example, NSW legislation requires 14 days prior notice before installing a surveillance device in a vehicle. In comparison, in Tasmania there is no regulation of the use of GPS devices at all. Be mindful of these differences, but note that the common thread through them is the need for consent from your employees.
Consent is key. Explicit consent is best, say by way of a clause in your employment contract. Consent can also be implied. For example, an employee may consent to being tracked by choosing to drive a vehicle with a ‘GPS Tracking Device Installed’ sticker on the dashboard.
Commonwealth data privacy legislation is also becoming more and more important. The data collected by these devices falls under the definition of ‘personal information’ under the Privacy Act 1988 (Cth). This results in a need to protect that personal information according to that Act.
Even more relevant in today’s day and age is the fact that this data is invariably stored in a cloud service, by a third party, and quite likely stored overseas.
If you do outsource your data to a third party you must ensure that your provider complies with the Privacy Act. If you and/or your provider store your data outside of Australia, then you are subject to additional regulations relating to the disclosure to your employees of where that data is stored and for what purposes it’s used.
If you don’t already have one, and internal Data Collection policy is probably worthwhile. Your policy should set out the data you collect, the purposes for which you collect it, how long you want to keep it, and the locations where the data is stored. Most employment contracts contain clauses that ensure employees’ compliance with corporate policies as part of the conditions of employment. A Data Collection policy fits nicely into this framework.
If your standard employment contract doesn’t contain such a clause, or you don’t have written employment contracts, it may be worth coming to see us!
GPS trackers and dashcams are a great way for fleet managers to increase fleet efficiency and employee safety. Make sure your employees are fully aware of the devices you use and what you use them for. Also, make sure you are properly managing the privacy of the data you collect.
If you need advice on employment contracts, Data Collection policies or compliance with data privacy and surveillance laws please contact us.