Employee Surveillance: Legal Compliance Guide For Australian Employers

As work becomes more digital and distributed, many Australian employers are looking at employee surveillance to protect data, reduce risks and keep productivity on track. That’s understandable - but the legal rules are complex, and they differ by state and territory.

If you’re weighing up things like internet monitoring, call recording, GPS or CCTV, the key is to be transparent, reasonable and compliant. In this guide, we unpack the laws that apply in Australia, the practical steps to roll out monitoring the right way, and the core policies and contracts you’ll want in place.

What Counts As Employee Surveillance?

Employee surveillance means monitoring workers’ activity, communication or location using tools and systems. Common examples include:

• Monitoring work emails, web browsing and downloads on company networks or devices
• Application and activity tracking (e.g. log-ins, screen time, keystrokes)
• CCTV in offices, warehouses and storefronts
• GPS tracking in company vehicles or on fleet devices
• Call recording or logging of phone and video meetings

Not every type of monitoring is treated the same way in law. Rules can vary by state or territory, and additional requirements apply when personal information is collected or when audio is captured. A “one size fits all” approach usually creates risk - tailoring your approach is essential.

What Laws Apply To Employee Surveillance In Australia?

Several regimes intersect when you monitor staff. The main ones to consider are workplace surveillance laws, privacy law, employment law and state-based listening device rules.

Workplace Surveillance Laws (State/Territory)

Some jurisdictions have specific workplace surveillance laws that set clear notice and conduct rules for employers. For example:

• New South Wales: The Workplace Surveillance Act 2005 (NSW) generally requires at least 14 days’ written notice before commencing camera, computer or tracking surveillance. There are strict limits on covert monitoring.
• Australian Capital Territory: The Workplace Privacy Act 2011 (ACT) also requires advance written notice for workplace surveillance and sets limits on how it can be carried out.
• Other States/Territories: Surveillance devices legislation applies (rather than a workplace-specific Act). You still need to follow strict rules, particularly for audio recording and covert devices.

Across Australia, hidden or covert surveillance is tightly restricted and is usually unlawful for employers unless very specific criteria are met (often involving law enforcement authorities or a court order). In practice, open and well-notified surveillance is the safe path.

Privacy Act 1988 (Cth) And The Employee Records Exemption

The Privacy Act and the Australian Privacy Principles (APPs) apply to most private sector organisations with turnover of more than $3 million, and some smaller entities that handle sensitive information.

Many employers have heard about the “employee records exemption”. This exemption can apply to personal information about current or former employees if it is directly related to the employment relationship and held by the employer. However, there are important limits:

• The exemption does not apply before someone becomes an employee (e.g. applicants) or to contractors and labour hire workers.
• It does not override state/territory surveillance or listening device laws. You still need to follow notice and consent requirements where they apply.
• It may not cover all data captured by monitoring tools (for example, information about customers or third parties, or data used for other purposes).

Even where the exemption is available, many businesses still choose to adopt APP-style practices (clear notices, limited collection, access requests, secure storage) because it builds trust and reduces disputes. If you’re covered by the Privacy Act, a public-facing Privacy Policy that reflects your monitoring practices is a must.

Employment Law And The Fair Work Framework

Monitoring must not unreasonably intrude on employees’ dignity or be used in a way that compromises procedural fairness during disciplinary processes. How you collect, store and rely on surveillance data can be tested in unfair dismissal, adverse action or bullying complaints. Clear, upfront policies and consistent application are critical.

Listening Devices And Call Recording Rules

Audio is often treated more strictly than video. Each state and territory has its own listening device laws governing how private conversations can be recorded. Some jurisdictions require consent from all parties; others permit a person to record their own conversation in limited circumstances. The rules are nuanced and full of exceptions (e.g. public interest, protecting lawful interests), so avoid blanket assumptions.

If you plan to record calls in your business, make sure your approach aligns with your local law and consider the guidance in our overview of business call recording laws and our broader resource on recording laws in Australia.

How To Introduce Monitoring The Right Way

A careful rollout helps you stay compliant and maintain trust. Use this step-by-step approach if you’re introducing or updating monitoring in your workplace.

1) Identify Your Purpose And Scope

• Define the business reasons (e.g. information security, fraud prevention, WHS, asset tracking, productivity).
• List the systems and locations you’ll monitor (email, web, applications, vehicles, entrances).
• Choose the least intrusive method that will reasonably achieve your purpose.

2) Check Jurisdiction-Specific Rules

• Confirm which surveillance and listening device Acts apply in your state/territory.
• Note formal notice requirements (for example, NSW and ACT typically require at least 14 days’ written notice for workplace surveillance).
• Map any extra conditions for audio recording and tracking (location beacons, GPS).

3) Build Transparent Notices And Policies

• Draft clear notices that explain what will be monitored, how, when and why, and how the data will be used.
• Include limits (for example, no cameras in bathrooms or other private areas) and identify who can access surveillance information.
• Align your notices with your internal IT and Acceptable Use Policy, and ensure they’re consistent with your Privacy Policy if the APPs apply.

4) Update Contracts And Workplace Policies

• Reference surveillance and device use in each Employment Contract so expectations are clear from day one.
• Roll out a Workplace Surveillance or Technology Use Policy and include it in your broader workplace policy suite and onboarding.
• If audio recording is planned, factor in listening device consent requirements that apply in your location.

5) Train, Implement And Apply Proportionately

• Give advance written notice within required timeframes and offer Q&A sessions for staff.
• Apply monitoring consistently, limit collection to what’s necessary and secure the data you collect.
• Restrict access to surveillance data and keep audit trails of who accessed what, when and why.

6) Review, Retain And Respond

• Set retention periods that meet legal and business needs without keeping data longer than necessary.
• Review practices regularly to reflect technology changes and legal updates.
• Prepare for incidents with a documented data breach response plan.

Internet, CCTV, Call Recording And Remote Work: Practical Rules

Different monitoring methods carry different obligations. Here are the practical guardrails businesses often need to follow.

Internet And Device Monitoring

Monitoring employee use of company systems is generally permissible when it’s disclosed in advance and carried out in line with local surveillance laws. Best practice includes:

• Stating that use of email, internet, messaging apps and devices may be monitored for security, compliance and policy enforcement.
• Explaining the types of data captured (e.g. logs, traffic, downloads) and how it may be used.
• Setting clear rules in your Acceptable Use/IT policies, and linking any consequences to your disciplinary process.

If monitoring reveals sensitive personal information, treat it carefully under privacy principles and limit internal access to those who need to know.

CCTV And Video Surveillance

CCTV is common for premises security, stock protection and safety. Typical requirements include visible notice, reasonable placement and strict limits on covert use. Avoid cameras in private areas like bathrooms, change rooms and prayer rooms. For an overview of placement, signage and data handling considerations, see our guide to CCTV laws in Australia.

Call Recording And Audio

Audio capture (including call recording and meeting recordings) triggers listening device laws, which vary across states and territories. In some places, everyone in a private conversation must consent; in others, a participant may lawfully record their own conversation in limited circumstances. There are also exceptions and “lawful interests” provisions that need careful assessment.

To reduce risk, many employers use pre-call announcements and on-screen prompts so participants know a call is recorded and can opt out where appropriate. If your business records customer calls, align those practices with your staff monitoring approach and the rules summarised in our overview of business call recording laws.

If you operate in NSW or the ACT, also ensure your approach to workplace surveillance fits within the notice and conduct rules under the NSW Workplace Surveillance Act and the ACT Workplace Privacy Act. For broader audio recording issues, our articles on NSW recording laws and country-wide recording laws in Australia are helpful starting points.

GPS And Vehicle Tracking

Tracking vehicles and devices can be lawful with proper disclosure and clear business purposes (e.g. safety, routing, asset protection). In jurisdictions with workplace surveillance laws, written notice is usually required before tracking begins, and signage inside vehicles may be expected. Avoid monitoring private activity and limit use of data to the stated purposes.

Remote And Hybrid Work

The same rules apply to remote teams. If you deploy screen monitoring, webcams or productivity software, be transparent, stick to proportionate measures and apply the same notice and policy framework as you would in the office.

Consider practical boundaries too. For example, you might choose to disable webcam checks by default, focus on work systems rather than personal devices, and allow reasonable privacy at home when employees are off duty.

WHS And Safety Monitoring

Surveillance for safety (e.g. high-risk environments, lone-worker solutions) can be appropriate if proportionate and notified. WHS obligations do not give you carte blanche to monitor everything - you still need to minimise intrusiveness and comply with surveillance and listening device laws.

What Legal Documents Should You Have?

Good documentation is the foundation of compliant and trusted surveillance. At a minimum, consider rolling out or updating the following:

• Workplace Surveillance Policy: Explains what is monitored, how it works, when it applies, who can access the data, retention and escalation processes.
• Acceptable Use/IT Policy: Sets expectations for device, email, messaging and internet use, and ties usage rules to monitoring and security controls. An Acceptable Use Policy is a practical way to keep it clear.
• Privacy Policy: If the APPs apply, a public-facing Privacy Policy should describe what personal information you collect through monitoring, how you use it and how individuals can contact you about it.
• Employment Contract: Include clauses that address technology use, surveillance and confidentiality so expectations are clear from the outset, supported by a well-drafted Employment Contract.
• Workplace Policies Suite: Ensure your Code of Conduct, disciplinary procedure and broader workplace policy framework align with surveillance rules and notice requirements.
• Data Breach Response Plan: If monitoring data is compromised, you’ll want a documented playbook for containment, assessment and notification, such as a data breach response plan.

Depending on your industry and technology stack, you may also need specialist notices (e.g. for contact centres) and procedures for handling requests to access surveillance footage or logs.

Do You Need Consent Forms?

Whether consent forms are required depends on your location and the type of monitoring. For example, certain audio recordings may require express consent under listening device laws, while computer surveillance may only require advance notice under local workplace laws. Even when consent is not strictly required, capturing an acknowledgement of your surveillance policy can help demonstrate transparency and reduce disputes.

Data Security And Access Control

Surveillance data can be sensitive. Limit access to a need-to-know basis, encrypt where appropriate, and maintain audit logs. Keep retention periods reasonable and documented. If your systems store data offshore or rely on third-party vendors, ensure this is covered in your privacy disclosures and vendor agreements.

What If We Get It Wrong?

Non-compliance can lead to fines and penalties under state/territory laws, privacy complaints and damages, and challenges to disciplinary actions (for example, where surveillance evidence is collected or used unfairly). There’s also the reputational risk that comes with staff feeling “watched” without fair notice.

The best defence is a transparent program that is tightly aligned to legitimate business purposes, communicated clearly, and implemented consistently.

Key Takeaways

• Workplace surveillance is lawful in Australia when it’s transparent, proportionate and conducted in line with state/territory surveillance and listening device laws.
• Give advance written notice where required (e.g. NSW and ACT usually require at least 14 days) and avoid covert monitoring except in narrow, legally authorised scenarios.
• Audio is sensitive: call recording and other audio capture are governed by local listening device rules, which differ across Australia - don’t assume the same consent rule applies everywhere.
• The Privacy Act’s employee records exemption is limited; it doesn’t override surveillance laws and won’t cover every category of information captured by monitoring tools.
• Put strong foundations in place: a Workplace Surveillance Policy, Acceptable Use/IT rules, a compliant Privacy Policy and clear Employment Contracts help you set expectations and reduce disputes.
• Apply monitoring only to what you need, secure the data, define retention periods and review your approach regularly as laws and technology evolve.

If you’d like a consultation on legal compliance for employee surveillance in your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.