Employee Due Diligence: Australian Employers’ Legal Guide

Bringing new people into your business is exciting - but it can also feel daunting if you’re not sure how to manage the risks. Hiring the wrong person can open the door to legal issues, financial loss, or reputational damage.

That’s why employee due diligence is more than just calling referees. It’s about taking reasonable, lawful steps to verify a candidate’s suitability, so you build a safe, compliant and high‑performing workplace from day one.

In this Australian guide, we’ll unpack what employee due diligence involves, the key laws to be aware of, the checks you should consider, and the documents that help you stay compliant as you grow. By putting the right process in place now, you’ll save time, money and stress later.

What Is Employee Due Diligence (And Why Does It Matter)?

Employee due diligence is the process of assessing and documenting a candidate’s suitability for a role before you hire. It covers skills, experience and culture fit - and extends to legal appropriateness for the work you need done.

In practical terms, this can include:

• Verifying identity and the person’s right to work in Australia
• Checking employment history and contacting referees
• Confirming qualifications, licences or registrations where required
• Running relevant criminal history, working-with-children or bankruptcy checks (role‑dependent)
• Validating professional memberships or disciplinary history (for regulated professions)
• Assessing health and safety fitness for inherently high‑risk roles (done lawfully and fairly)
• Considering values and culture alignment with your workplace

The exact checks you run will depend on the role, industry and risk profile. For example, a childcare provider will have stricter screening obligations than a small office hiring an admin assistant - but every employer should think about compliance, privacy and fairness throughout the process.

Due diligence also supports your broader duty of care to provide a safe workplace. Taking reasonable steps during hiring helps prevent harm to staff, clients and the public - and reduces the chance of disputes and costly mistakes down the track.

How Do I Run Employee Due Diligence Checks (Step By Step)?

You don’t need a huge HR team to get this right. A simple, consistent process goes a long way.

1) Define The Role And Identify Risks

Start with the role description. List the activities, access and responsibilities. Identify risks (e.g. working with vulnerable people, handling cash or payments, access to confidential data, driving or using machinery). Your risk assessment guides which checks are necessary and proportionate.

2) Confirm Identity And Right To Work

Always verify identity and confirm the person is legally allowed to work in Australia. For non‑citizens or non‑permanent residents, conduct a visa work‑rights (VEVO) check and note any expiry dates relevant to ongoing employment. Keep copies of the evidence you rely on in your recruitment file.

3) Reference And Background Checks (With Consent)

Contact referees and ask job‑relevant questions. Where appropriate for the role, consider a police check, working-with-children check, bankruptcy search or other sector‑specific screening. Obtain the candidate’s consent and only collect information that is reasonably necessary for your decision‑making.

4) Verify Qualifications, Licences And Registrations

If a role requires specific credentials (for example, nursing registration, an electrical licence, or industry membership), verify them directly with the issuing body where possible. Record issue dates and any conditions.

5) Assess Health/Fitness Lawfully

For inherently physical or safety‑critical roles, a fitness‑for‑work assessment may be appropriate. Keep it targeted to the role’s inherent requirements, respect privacy, and avoid collecting unnecessary or excessive health data.

6) Keep It Fair And Consistent

Use a consistent set of criteria for candidates applying for the same role. Ask job‑related questions, avoid unlawful discrimination, and document how you reached your decision. Consistency helps show your process was fair if it’s ever questioned.

7) Secure Handling Of Candidate Data

Minimise what you collect, store it securely, and restrict access to those who need to know. Have an internal process for handling personal and sensitive information and a plan for responding if something goes wrong, such as a data breach response plan.

Which Australian Laws Apply To Employee Due Diligence?

Due diligence overlaps with several legal frameworks. Here are the main areas to keep in mind in Australia.

Right To Work (Migration Law)

You must take reasonable steps to confirm the person is permitted to work in Australia. For citizens and permanent residents, identity evidence will usually suffice. For visa holders, a VEVO check is prudent. If ongoing employment depends on a time‑limited visa, set a reminder to re‑check close to expiry. There’s no general rule that you must monitor every employee’s status - focus on those where work rights are visa‑based.

Working With Children, Police And Industry Checks

• Working With Children Checks: Mandatory for child‑related work; requirements and names vary by state/territory.
• Police Checks: Common for roles in security, aged care, government or finance - use them when relevant to the duties.
• Professional Registration: Required for regulated professions (e.g. health, law, accounting, engineering). Verify currency and any conditions.

Privacy And Candidate Data

The Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) apply to most medium and large businesses. There is a small business exemption for many organisations with less than $3 million in annual turnover, but important exceptions can still bring you within scope (for example, some health service providers and credit reporting activities). Whether or not the APPs apply, it’s good practice to collect only what you need, secure it properly, and be transparent about how you handle it.

If you do fall within the APPs, publish a clear Privacy Policy explaining how you collect and handle personal information across recruitment and employment.

Discrimination And Fair Hiring

The Fair Work Act 2009 (Cth) prohibits adverse action on certain protected grounds, and each state/territory has anti‑discrimination legislation that also applies to recruitment. Keep your advertising, interview questions and selection criteria job‑related, and avoid decisions based on protected attributes (such as age, sex, disability, race, religion, pregnancy or family responsibilities).

Work Health And Safety (WHS)

You must provide a safe workplace and take reasonably practicable steps to prevent risks to health and safety. Due diligence in hiring supports this - for example, confirming a forklift licence for warehouse roles, or checking fatigue and fitness controls for night shift work.

Record‑Keeping

Keep recruitment records that show the checks you performed and the basis for your decision. Store them securely and for only as long as necessary, then dispose of them safely.

What Documents And Policies Support A Compliant Hiring Process?

Good documents make your due diligence process clear, consistent and defensible. Consider the following (tailored to your business and industry):

• Employment Contract: Sets out duties, pay, hours, IP and confidentiality, probation and termination. Use a clear, role‑appropriate Employment Contract for each hire.
• Workplace Policies / Staff Handbook: Document your expectations (e.g. anti‑bullying, discrimination, health and safety, social media, leave, discipline). A structured Workplace Policy suite helps managers apply rules consistently.
• Privacy Policy (where required): If the APPs apply to your business, maintain and publish a compliant Privacy Policy covering recruitment and employment data. If you’re a small business outside the APPs, it’s still wise to outline how you handle personal information.
• Reference/Background Check Consent: A simple consent form authorising referee contact and any role‑relevant checks.
• Confidentiality Agreement (NDA): For candidates or new starters who’ll access sensitive information, use a stand‑alone Non‑Disclosure Agreement or robust confidentiality clauses.
• Contractor Agreement (if not hiring as an employee): If you’re engaging independent contractors, use a proper contractor agreement and get advice on the employee vs contractor distinction; our employee–contractor advice service can help you stay compliant.
• WHS Policy And Procedures: Outline risks, controls, incident reporting and fitness for work, especially for higher‑risk roles.
• Data Handling And Breach Response: Internally document how you store candidate records and who can access them; include a practical data breach response plan.

Not every business needs every document, but most employers will need several of the above. The key is that your contracts and policies are current, job‑appropriate and consistently applied.

Staying Compliant As You Grow

It’s one thing to check your first hire - it’s another to embed due diligence across a growing team. Here’s how to keep things on track.

• Standardise your process: Use a checklist for each role type (what to verify, what to file, who signs off). Consistency reduces bias and errors.
• Document everything: Keep notes of referee calls, copies of licences and the dates you verified them. Record when visas, registrations or clearances are due to expire.
• Secure your records: Limit access to candidate and employee files, use secure systems, and set retention/destruction schedules.
• Refresh your policies: Review your Workplace Policy suite and contracts at least annually, or when laws change, new risks emerge, or you create new role types.
• Train your hiring managers: Provide short refreshers on lawful interviewing, anti‑discrimination and privacy basics. A little training prevents big problems.
• Escalate the complex stuff: For regulated roles, cross‑border hiring, or sensitive background findings, get legal guidance early to avoid missteps.
• Use the right contract every time: Ensure each worker has the correct agreement - an Employment Contract for employees or a tailored contractor agreement where appropriate.

The earlier you embed these habits, the easier it is to maintain compliance - and the stronger your reputation as a fair, professional employer.

Key Takeaways

• Employee due diligence means verifying identity, work rights, credentials and suitability before you hire, in a way that’s fair, lawful and proportionate to the role.
• It supports your duty of care and reduces risks like fraud, safety incidents and reputational harm.
• Australian laws to consider include work‑rights verification, working‑with‑children and police checks (where relevant), privacy obligations (noting the small business exemption’s limits), anti‑discrimination rules, and WHS.
• Back your process with clear documents: an Employment Contract, a practical Workplace Policy suite, a Privacy Policy where required, NDAs for sensitive information and the right contractor agreements.
• Standardise your checks, secure your records, review policies regularly and train hiring managers so compliance scales with your business.
• When roles are regulated, international or complex, getting early advice helps you make confident decisions and avoid costly mistakes.

If you’d like a consultation on employee due diligence or setting up legally sound hiring practices for your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.