Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
Reference checks are a valuable part of hiring. They help you confirm a candidate’s experience, culture fit and risk profile before you commit.
But they can also be a legal minefield if they’re not handled carefully. A poorly managed reference process can expose your business to complaints, reputational damage or even legal claims - especially if a candidate’s job offer is withdrawn after a negative reference.
In this guide, we’ll walk through how to give and receive references lawfully, reduce your risk, and set up a clear internal process so your team knows exactly what they can (and can’t) say.
Why Reference Checks Matter For Small Businesses
When you’re a small business, every hire counts. A reference check helps you validate what you’ve learned through interviews and testing, and can flag issues you might otherwise miss.
Done well, reference checks can:
- Confirm key facts (roles, dates, responsibilities and achievements).
- Provide insight into working style, reliability and collaboration.
- Surface performance or conduct risks that need follow-up.
- Save time and cost by preventing mis-hires.
However, there are legal guardrails to follow. You’re handling personal information and relying on statements that must be accurate and fair. Having a documented approach makes it easier to stay compliant and consistent.
Can You Give A “Bad” Reference In Australia? Legal Risks To Watch
You can share honest, accurate and job-relevant information - even if it’s negative - provided you do so lawfully and fairly. The risks arise when a reference is inaccurate, misleading, discriminatory, or shared without a proper basis.
Privacy And Consent
References typically involve disclosing personal information about a former or current employee. As a general rule, get clear permission from the candidate before you share details with a prospective employer. Using a simple signed consent form reduces risk and makes the process transparent. Many businesses use a dedicated Privacy Consent Form alongside their recruitment paperwork, and inform candidates through a Privacy Collection Notice about what data will be collected and why.
If your business collects, holds or discloses personal information as part of hiring, ensure your Privacy Policy explains how you handle reference information and who you share it with.
Defamation, Misrepresentation And Negligent Statements
Defamation claims can arise when someone’s reputation is harmed by false statements. While truth is a defence, you still need to be careful: stick to facts you can support, present opinions as opinions (based on specific observations), and avoid exaggeration or speculation.
Keep your comments strictly job-related. Avoid personal remarks (for example, appearance or family circumstances) and steer clear of protected attributes such as age, disability, sex, race, religion, sexual orientation or pregnancy - which can also engage discrimination laws.
Unlawful Or Inappropriate Topics
The same principles that apply to interviews apply to references. Don’t ask for, or provide, information that would be unlawful or irrelevant to the role. If you’re the one making inquiries, make sure your team understands which topics are off-limits. As a refresher, review common illegal interview questions and align your reference templates accordingly.
Recording Reference Calls
It might be tempting to record a reference call “for accuracy”. Recording laws vary by state and territory, and in many cases you’ll need consent. If your process includes recordings or you receive recorded references, ensure you understand business call recording laws and be transparent about what you’re doing.
Data Retention And Secure Storage
Reference notes are personal information. Store them securely, restrict access on a need-to-know basis, and don’t keep them longer than necessary for your hiring purpose. It’s helpful to document your practices with reference to your broader obligations under data retention laws in Australia.
Best-Practice Process For Providing References
A consistent, documented process protects your business and ensures managers know how to handle reference requests. Here’s a practical framework you can adopt.
1) Set A Clear Policy
Start with a concise, accessible Reference Check Policy that sits within your broader workplace policy suite. Clarify who is authorised to provide references, the level of detail permitted, permissible topics, and approval steps. Many small businesses prefer references to be handled by HR or a single senior contact to reduce inconsistency.
2) Get Written Consent
Obtain written permission from the individual before providing a reference, especially if they are a current employee. Store the consent with the rest of the recruitment file. A standardised Privacy Consent Form makes this simple.
3) Stick To Verifiable Facts And Role-Relevant Opinions
Confine your reference to facts you can verify (job title, dates, responsibilities, KPIs) and clear, role-relevant opinions (e.g. “met deadlines for X project”, “handled a 15-store territory”, “needed direction on complex matters”). If you’re expressing an opinion, link it to specific examples or documented performance feedback.
4) Avoid Sensitive And Unlawful Topics
Don’t comment on health conditions, union membership, family responsibilities or other protected attributes. Don’t share confidential business information either (like client strategies or pricing). Keep the conversation squarely on performance and conduct in the context of the role.
5) Use A Standard Template And Brief Notes
Provide staff with an approved question set and prompts so the content is consistent and compliant. After the call, record brief notes that accurately reflect what was asked and answered, then store them securely with your recruitment records.
6) Train Managers And Gatekeep Requests
Run short training for leaders so everyone is aligned on the policy, privacy obligations and your approval workflow. For example, require all external requests to come through HR or the hiring lead so ad hoc references don’t slip through.
7) Consider A “Confirmation-Only” Reference Policy
Some companies adopt a policy of confirming employment dates and titles only, and declining to provide performance commentary. This can lower legal risk, though it’s less helpful for the receiving employer. If you take this approach, make sure it’s applied consistently to avoid discrimination concerns.
Receiving References: Withdrawing An Offer After A Bad Reference
On the other side of the process, you may receive a negative reference that makes you rethink a role. If you’re considering withdrawing a job offer in Australia, take a measured, documented approach.
Make Offers Conditional And Set Expectations Early
To preserve flexibility, issue conditional offers (for example, subject to satisfactory reference checks, right-to-work verification and background screening). That way, if concerns arise, you can reassess before the employment relationship begins. Ensure your wording is clear and consistent in your offer letters and recruitment communications.
Assess Objectively And Keep Records
Evaluate the reference against the inherent requirements of the role. Is the issue job-relevant? Is there corroborating information? Keep careful notes of what was said, by whom, and why it matters. If the reference is vague or unexpected, you can seek a second reference to validate the picture.
Give The Candidate A Chance To Respond
Procedural fairness is good practice. Share the concern in general terms and offer the candidate an opportunity to respond or provide context. This reduces the risk of acting on inaccurate or outdated information and demonstrates a fair process.
Check For Discrimination Risks
Ensure your decision isn’t based on protected attributes or assumptions that could be discriminatory (for example, assumptions about future carer responsibilities or medical conditions). Focus your reasoning on the role’s requirements and documented evidence.
Use A Lawful Withdrawal Process
If you decide to withdraw, communicate promptly and respectfully, and reference the condition that hasn’t been satisfied. If an employment contract has already been signed, check the terms you’ve included (such as pre-commencement conditions or termination clauses) and seek advice before acting. For a practical overview, see how an employment offer can be withdrawn in Australia.
Tidy Up Your Hiring Documentation
Negative reference outcomes often reveal gaps in paperwork. Consider refreshing your Privacy Collection Notice for candidates, your Privacy Policy, and your workplace policy framework so your process is consistent and defensible.
Handling Complaints: If Your Reference Allegedly Cost Someone A Job
Occasionally, a former employee or candidate may complain that your reference caused them to lose an offer. Here’s how to respond calmly and reduce risk.
Have A Clear Intake And Response Plan
Treat complaints seriously. Acknowledge receipt, set out a timeframe, and outline what you’ll do next. It helps to adopt a written privacy complaint handling procedure for issues involving personal information.
Review The Facts
Check the consent you held, who gave the reference, the content of what was shared, and the notes recorded. Confirm that your policy was followed and that the comments were factual, job-relevant and made in good faith. If there’s a gap, address it in your process and training.
Respond Proportionately
Where appropriate, explain your process and the basis for the information provided. If you identify an error, correct the record with the requesting employer (with the candidate’s consent) and update your internal practices.
Address Systemic Issues
If a complaint reveals a systemic problem - for example, managers giving off-the-cuff references - reinforce your policy, refresh training, and tighten gatekeeping. For persistent or sensitive issues, consider appointing a single point of contact for all reference requests.
Build Your Reference Check Toolkit: Key Documents
A few well-drafted documents go a long way toward making your reference processes smooth, consistent and low-risk. The exact mix depends on your business and industry, but most small businesses benefit from the following.
- Workplace Policy (Reference Checks): Sets out who can give references, what can be shared, approval steps and record-keeping expectations. This typically sits within your broader Workplace Policy framework.
- Privacy Consent Form: A short form where candidates authorise you to provide or obtain references and share personal information with nominated third parties. You can standardise this using a Privacy Consent Form.
- Privacy Collection Notice: Explains to candidates what personal information you collect during recruitment, why you collect it, and who it may be shared with. Many employers include this in application portals or as a separate Privacy Collection Notice.
- Privacy Policy: Outlines your approach to handling personal information across the business, including recruitment and references. It’s standard to publish a Privacy Policy on your website and reference it in your hiring materials.
- Employee Privacy Handbook: Internal guidance to help managers handle staff and candidate data correctly (collection, storage, access, security and disposal). An Employee Privacy Handbook supports day-to-day compliance.
- Reference Check Template: A question set and note-taking template to drive consistent, role-relevant inquiries and accurate records.
- Conditional Offer Letter Template: Offer wording that clearly makes employment conditional on satisfactory references and other pre-employment checks, avoiding uncertainty later.
If you partner with external recruiters, align your expectations in your services agreement and provide your policy and templates so they follow your standards.
Practical Tips To Lower Risk And Keep Your Process Fair
- Be consistent: Apply the same reference process to all candidates for a given role. Inconsistent approaches can look unfair and lead to bias.
- Focus on job requirements: Tie questions and assessments to the skills and behaviours the role actually needs.
- Keep it short and factual: Long narratives invite exaggeration. Stick to facts and brief, supported opinions.
- Train your team: Provide short refreshers before each hiring round. Include a reminder about illegal interview questions and off-limits reference topics.
- Manage recordings carefully: If you ever record a reference, get consent and follow relevant call recording laws.
- Document proportionately: Keep concise notes you could stand behind later. Store them securely and only as long as you need for your hiring purpose.
Key Takeaways
- You can provide negative reference information in Australia if it’s truthful, job-relevant, fair and shared with appropriate consent.
- Set a clear Reference Check Policy, limit who can give references, and train managers to avoid unlawful or sensitive topics.
- Protect privacy with a Privacy Consent Form, a Privacy Collection Notice and a published Privacy Policy, and store reference notes securely.
- Make offers conditional on satisfactory checks, assess negative references objectively, and give candidates a chance to respond before withdrawing an offer.
- Handle complaints with a clear process, review your records and correct any errors promptly, then address any systemic gaps in policy or training.
- Templates and consistent processes reduce risk and save time, especially when your business is growing and more leaders are involved in hiring.
If you’d like a consultation on setting up compliant reference check processes for your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
