Effective Reference Checks: Legal Guide for Australian Employers

Reference checks can make or break a hiring decision. Done well, they validate a candidate’s experience and reduce the risk of costly mis-hires. Done poorly, they can cross legal lines around privacy, discrimination and fair hiring practices.

If you’re hiring staff in Australia, it’s important to understand what you can ask, when you need consent, how to store the information you collect, and the practical steps to run a fair and compliant process.

In this guide, we’ll walk through the legal basics and share a simple, repeatable approach you can use for every hire-so you can be confident you’re getting the information you need without exposing your business to unnecessary risk.

Why Reference Checks Matter (And What They Are)

A reference check is when you contact a candidate’s former manager, colleague or client to verify work history, responsibilities and performance. It’s a core part of due diligence-especially for roles with high responsibility or where past performance is a strong predictor of future success.

When you approach reference checks strategically, you can:

• Confirm the accuracy of employment history and job titles.
• Understand strengths, development areas and working style.
• Validate claims about achievements and leadership experience.
• Spot red flags early, before you issue an offer.

However, because reference checks involve personal information, you need to treat them as a formal part of your hiring process-not just a quick call. That means getting consent, asking lawful and job-relevant questions, and storing notes securely.

Can You Legally Conduct Reference Checks In Australia?

Yes-reference checks are lawful in Australia, provided you collect and use information in a way that complies with privacy and anti-discrimination laws. In practice, that means:

• You should only seek information that is reasonably necessary for assessing the candidate’s suitability for the role (job relevance is key).
• You should not ask questions that could lead to discrimination on protected attributes (for example, age, sex, pregnancy, disability, race or religion).
• You must collect, store and use personal information in line with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) if they apply to your business or you choose to comply as best practice.
• Any notes or records you keep should be accurate, secure and retained only as long as needed for your hiring decision and legal record-keeping obligations.

A helpful way to stay on track is to align your reference questions with the inherent requirements of the role and your documented selection criteria. If a question doesn’t map back to the job, don’t ask it.

What Can You Ask In A Reference Check (And What Should You Avoid)?

Focus on questions that test the candidate’s core skills, behaviors and outcomes against your role requirements. For example:

• Can you confirm the candidate’s role title, employment dates and reporting line?
• What were their main responsibilities and typical workload?
• How would you describe their strengths and development areas?
• How did they handle deadlines, stakeholder communication or conflict?
• Would you re-hire the candidate? Why or why not?

Avoid questions that stray into sensitive or unlawful territory. Many of the same rules that apply to interviews also apply to references, so avoid topics that fall into the category of illegal interview questions (for example, questions about family plans, age, marital status, religion or medical history unless directly related to the inherent requirements of the role and handled lawfully).

You should also avoid asking for medical or health information unless there’s a clear, lawful reason. If health is relevant to performing the role safely, be precise about the inherent requirements and consider whether a conditional offer subject to medical clearance (handled properly) is more appropriate than probing during references.

Finally, be careful with open-ended prompts that could encourage a referee to speculate on matters unrelated to performance. Keep questions structured and job-focused.

Do You Need Consent? Privacy, Records And Data Handling

In almost all cases, you should obtain the candidate’s express consent before contacting referees. Consent sets clear expectations and supports compliance with privacy laws.

Get Clear, Written Consent

Ideally, collect written permission identifying the referees you’ll contact and the purpose of the check. Many employers use a simple form or a short clause during the application process to document this. If you’re formalising your process, a Privacy Consent Form can help you capture consent for collecting and using personal information as part of recruitment.

Tell Candidates What You’ll Collect (And Why)

Transparency is central to the APPs. Even if you’re a small business, it’s best practice to inform candidates about what information you collect, how you use it and who you may disclose it to. Include this in a short Privacy Collection Notice and in your broader Privacy Policy.

Collect Only What You Need

Stick to information that’s necessary for assessing suitability for the role. Don’t record extra personal details “just in case.” This helps you comply with the data minimisation principle and reduces risk if there is ever a data breach.

Store Notes Securely

Keep reference notes in a secure HR system or locked files with access limited to those on the hiring team. Set a sensible retention period aligned with your hiring cycle and legal obligations, then securely delete the information when it’s no longer needed.

If You Record Calls, Know The Rules

Some employers prefer to record reference calls. In Australia, call recording laws vary by state and territory. If you intend to record, make sure you comply with relevant recording laws in Australia, which typically require consent from all parties. When in doubt, take written notes instead.

Step-By-Step: How To Run Compliant, Effective Reference Checks

1) Map Your Questions To The Role

Start with your position description and selection criteria. Identify the top competencies you must verify-technical skills, leadership, communication, reliability, safety compliance, or client service. Draft 6-10 structured questions aligned to those competencies.

2) Obtain Consent And Verify Referee Details

Get the candidate’s written permission to contact named referees. Ask for work emails or LinkedIn profiles so you can verify the referee’s identity and relationship to the candidate (e.g. direct manager vs. peer).

3) Prepare A Short Introduction And Privacy Script

When you call, introduce yourself, explain the purpose, and confirm the referee is happy to proceed. If your business records calls, mention it upfront and seek explicit consent in line with applicable laws. If not, let them know you’ll be taking notes and the information will be handled confidentially.

4) Ask Structured, Job-Relevant Questions

Use the same core questions for each candidate to ensure fairness and consistency. Ask follow-up questions to clarify facts but avoid areas unrelated to job performance or that could prompt unlawful disclosures.

5) Take Accurate, Objective Notes

Document the referee’s responses in factual terms. Avoid adding assumptions or commentary. Where the referee offers opinions, note them clearly as such and tie them to examples or outcomes where possible.

6) Cross-Check And Weigh Objectively

Compare reference notes against your interview impressions and any skills tests. Consider potential bias (positive or negative) and the context. For example, a “deadline issue” might reflect resourcing constraints rather than the candidate’s capability.

7) Handle Red Flags Carefully

If a referee raises a serious concern, consider whether it’s substantiated, current and relevant to the role. You can explore with a follow-up, ask for a second referee, or-if appropriate-discuss the issue with the candidate in a fair and sensitive way.

8) Keep Records Secure And Delete When Appropriate

File notes in your HR system with limited access. If the candidate is unsuccessful, retain their information for a sensible period (for example, in case of a challenge) and then securely destroy it in line with your internal policy.

What Legal Documents And Policies Help?

Formalising your recruitment process with clear documents protects your business and supports a fair, consistent approach.

• Privacy Policy: Sets out how your business collects, uses and stores personal information during recruitment and employment.
• Privacy Collection Notice: A short notice that tells candidates what information you’ll collect (including reference checks), why you’re collecting it and who you may share it with.
• Privacy Consent Form: Captures the candidate’s consent to contact referees and handle their personal information for hiring decisions.
• Workplace Policy: Your recruitment and equal opportunity policies should set clear rules on lawful questions, privacy practices and record-keeping.
• Employment Contract: Once you’ve selected your candidate, a compliant contract formalises role duties, confidentiality and other key terms from day one.

The right framework not only supports compliance-it also creates a better candidate experience and a more defensible hiring decision if it’s ever challenged.

Tricky Areas: Discrimination, Defamation And References You Give

Discrimination Risks

Both interview and reference questions can stray into unlawful territory if they touch on protected attributes. Keep questions tightly tied to the inherent requirements of the role, and avoid anything that could prompt disclosure about age, sex, pregnancy, family responsibilities, disability, religion, political opinion or other protected grounds.

Train hiring managers on what’s off-limits and give them a structured question set. Referring managers to your equal opportunity policy and a quick refresher on illegal interview questions helps keep everyone aligned.

Defamation And Misleading Statements

When your business is the one providing a reference for a former employee, stick to accurate facts and genuine opinions based on first-hand experience. Avoid exaggeration, speculation or sharing unverified allegations. If you can’t speak to a topic, say so.

If you have an internal policy on references (for example, HR-issued employment confirmations only), ensure managers follow it and direct external enquiries through the right channel.

Criminal History And Background Checks

Certain roles (for example, working with children, aged care, or finance) may require formal background checks. Treat these checks separately to informal references and ensure you follow the relevant statutory process, obtain consent, and limit the use of results strictly to the role requirements.

Practical Tips To Lift The Quality Of Your Reference Checks

• Set expectations early: Let candidates know you’ll run reference checks as part of the process and ask them to prepare suitable referees.
• Target the right people: Prioritise direct managers over peers where possible, and seek one recent referee and one longer-term perspective.
• Use behaviour-based questions: Ask for specific examples (“Tell me about a time the candidate had to influence a difficult stakeholder”).
• Be consistent: Use a standard question set for all candidates to reduce bias and improve comparability.
• Document concisely: Capture key quotes and facts, not a transcript. Note dates, time and the referee’s role.
• Close the loop: If reference feedback changes your assessment, revisit your notes and ensure your decision ties back to objective criteria.

If you’re establishing your first formal hiring process, it’s worth reviewing your recruitment policy, privacy documents and question sets together. Our team can help you align your documentation and workflows so everything is consistent and legally sound from the start.

Frequently Asked Questions

Do I need the candidate’s consent for reference checks?

Yes, you should obtain clear consent before contacting referees. Consent supports privacy compliance and builds trust with candidates. A simple written permission or a Privacy Consent Form works well.

Can I record reference calls?

Only if you comply with applicable state and territory laws, which often require all-party consent. If you’re unsure, stick to written notes and check your obligations under recording laws in Australia.

How long should I keep reference notes?

Keep notes only as long as reasonably necessary for your hiring decision and any legal record-keeping obligations. Your Workplace Policy can set a sensible retention period and destruction process.

What if a referee shares sensitive information?

Steer the conversation back to job-relevant performance and avoid recording unnecessary sensitive details. If sensitive information is disclosed, store it securely, restrict access and consider whether it is lawful and necessary to rely on it.

Key Takeaways

• Reference checks are lawful in Australia when they’re job-relevant, consent-based and handled in line with privacy and anti-discrimination laws.
• Keep questions structured and focused on the inherent requirements of the role; avoid topics that overlap with illegal interview questions.
• Obtain clear consent, inform candidates via a Privacy Collection Notice, and back it up with a robust Privacy Policy and secure storage practices.
• Use a repeatable process: verify referees, ask consistent questions, make objective notes, and retain records only as long as necessary.
• Train hiring managers to manage tricky areas-like sensitive information, call recording rules and providing references themselves.
• Support your process with the right documents, including a Privacy Policy, collection notice, consent form, recruitment policy and a compliant Employment Contract for successful hires.

If you’d like a consultation on setting up compliant, effective reference checks for your Australian workplace, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.