NSW Workplace Surveillance Act: Compliance Checklist For Employers

Note: This article is general information for NSW employers and doesn’t take into account your specific circumstances. It isn’t legal advice. If you’d like advice tailored to your business, get in touch with a lawyer.

If you’re running a small business or startup in NSW, it’s normal to want more visibility over what’s happening in your workplace. Maybe you’ve had stock go missing, you’re worried about data leaks, or you simply need to protect staff and customers in a public-facing space.

But workplace monitoring isn’t just a “set up CCTV and forget it” situation.

In NSW, surveillance at work is regulated by the Workplace Surveillance Act 2005 (NSW). If you get it wrong, you can expose your business to complaints, investigations and penalties - and it can also damage trust within your team.

This guide breaks down the NSW Workplace Surveillance Act in plain English, with a practical compliance approach for busy business owners.

What Is The NSW Workplace Surveillance Act And When Does It Apply?

The NSW Workplace Surveillance Act sets rules for when and how employers can carry out surveillance of workers at work.

It’s designed to balance legitimate business needs (like safety and security) with worker privacy.

In practical terms, the Act is most relevant if you do (or are planning to do) any of the following in NSW:

• Install CCTV or other cameras at a workplace
• Monitor computers (including internet usage, software, email systems, messaging platforms or keystrokes)
• Use tracking (like GPS) on vehicles, devices, or equipment used by workers
• Monitor employees while they work from home (including through company systems or devices)

Even if your intentions are reasonable - for example, “we just want to keep our staff safe” - you still need to meet the Act’s requirements.

It’s also worth remembering that workplace surveillance often overlaps with other legal areas like privacy, employment law, workplace policies, and (in some cases) recording laws. So it’s important to treat compliance as a system, not a one-off formality.

What Counts As “Workplace Surveillance” Under The Act?

The NSW workplace surveillance regime covers three key categories: camera surveillance, computer surveillance, and tracking surveillance.

Camera Surveillance

Camera surveillance generally means using cameras to observe or record people at work. This includes classic CCTV, but can also include more modern tools like smart cameras and video doorbells if they capture workers in the workplace.

Camera surveillance is often used for:

• site security (break-ins, vandalism)
• cash handling areas
• health and safety monitoring
• front-of-house coverage in retail and hospitality

However, placement and transparency matter. As a starting point, many businesses also align their approach with broader guidance on Workplace Camera Laws, especially if you operate across multiple states.

Computer Surveillance

Computer surveillance includes monitoring how workers use computers and related systems. This can include monitoring:

• internet browsing and website history
• emails sent or received using company systems
• usage of software and cloud tools (CRM, project platforms, helpdesk systems)
• file downloads and data transfers
• activity logs on company devices

This is particularly relevant for startups, because so much work happens through digital tools - and sensitive business information can be stored in systems employees access daily.

Tracking Surveillance

Tracking surveillance includes tracking the location of a worker (or things connected to their work), usually through GPS or similar technology.

Common examples include:

• GPS tracking in delivery vehicles
• tracking on company phones and tablets
• asset tracking in logistics and field services

Tracking can be a legitimate tool for operational efficiency and safety - but under workplace surveillance rules in NSW, you still need to do it properly (including notice requirements).

Notice Requirements: What You Must Do Before You Start Surveillance

One of the biggest compliance issues we see is businesses starting surveillance too quickly - especially when there’s been an incident and you want answers right away.

Under the NSW Workplace Surveillance Act, surveillance is generally only lawful if it is:

• overt (not hidden), and
• workers have received proper notice within the required timeframe, and
• any additional requirements are met (for example, signage for cameras)

The 14-Day Written Notice Rule (And What The Notice Should Include)

As a general rule, you must give workers at least 14 days’ written notice before surveillance starts.

The notice should clearly cover:

• What kind of surveillance will be carried out (camera, computer, tracking)
• How it will be carried out (for example, CCTV in certain areas, monitoring via company systems, GPS in vehicles)
• When it will start
• Whether the surveillance will be continuous or intermittent
• The purpose of the surveillance (for example, security, safety, system integrity)

In some circumstances, a shorter notice period may be possible if workers agree. If you plan to rely on agreement to shorten the notice period, it’s safest to ensure the agreement is clear, informed and properly documented (rather than relying on informal “everyone’s fine with it”).

Camera Signage Requirements

If you use camera surveillance, you generally need clear signage notifying people that camera surveillance is taking place.

This is one reason many businesses treat CCTV compliance as part of a broader approach to CCTV laws and internal privacy culture - not just a technical installation.

What About Remote Work And BYOD (Bring Your Own Device)?

Work from home arrangements and BYOD policies can make surveillance compliance more complex - especially where personal devices, personal accounts, or shared household spaces are involved.

For example:

• If your team uses company laptops, your computer surveillance approach (monitoring logs, security software, access records) should be disclosed clearly, and limited to what’s reasonably needed for your business.
• If your team uses personal devices, you should be especially careful about what you monitor, how you separate personal activity from work activity, and whether your tools could capture more information than intended (for example, personal browsing or location data outside work).

In most cases, the cleaner approach is to set expectations early through contracts and written policies (and then follow those policies consistently). If you’re unsure whether a particular remote-work or BYOD setup falls within the Act, it’s worth getting advice before rolling out monitoring.

What You Can’t Do: High-Risk Areas And Common Mistakes

The NSW Workplace Surveillance Act doesn’t just say “give notice and you’re fine”. There are also clear red lines - and these are where many employers accidentally overstep.

No Surveillance In Toilets, Change Rooms, And Similar Areas

As a practical rule, surveillance in areas like toilets, bathrooms, and change rooms is highly restricted and generally prohibited. Even if you’re dealing with theft concerns, these are not areas where you can “just install a camera for security”.

If you suspect misconduct is occurring in sensitive areas, it’s worth getting legal guidance on alternative steps (for example, improving stock controls, adjusting access permissions, increasing supervision, or using non-invasive security measures).

Don’t Confuse “Security” With “Monitoring Performance”

Surveillance can support safety and security - but using surveillance as a general performance management tool can create trust issues and may increase the risk of a complaint.

From a people perspective, it’s also worth thinking about how surveillance fits into your workplace culture. Overly aggressive monitoring can lead to:

• lower morale
• higher turnover
• staff refusing to use certain systems or working “around” processes

From a compliance perspective, the safest approach is to clearly connect surveillance to a legitimate purpose (and keep it proportionate).

Be Careful With Audio Recording

The NSW Workplace Surveillance Act is focused on surveillance types like cameras, computers, and tracking - but many modern CCTV systems also include audio.

Audio raises extra legal risk in NSW because separate listening devices/recording laws may apply. If your camera system captures sound, you should get advice before switching that function on.

For many businesses, it’s also helpful to align workplace training and policies with broader NSW recording laws, especially if staff sometimes record calls or meetings for quality assurance.

Covert Surveillance: When Is It Allowed (And How Do You Do It Lawfully)?

Covert surveillance is surveillance that is hidden or not obvious to the worker.

This is the area where businesses often get into trouble, especially when there’s suspected theft, fraud, bullying, or a serious policy breach.

You Generally Need A Magistrate’s Authority

In NSW, covert surveillance is not something you can simply decide to do internally.

Generally, covert surveillance is only allowed if you have a covert surveillance authority issued by a Magistrate.

That process exists because covert surveillance can be very intrusive, and the law treats it as exceptional - not routine.

Practical Tip: Build An Investigation Plan Before You Act

If you suspect misconduct, it’s tempting to jump straight to surveillance.

A more defensible approach is to:

• document the concern (what happened, when, who reported it)
• confirm what evidence already exists (access logs, system records, stock movements)
• consider whether overt surveillance (with notice) is enough
• get advice on whether covert surveillance is appropriate and what approvals are required

This is especially important if you’re contemplating disciplinary action or termination, because you may later need to justify that your process was fair and lawful.

How To Implement Workplace Surveillance The Right Way (Policies, Contracts, And Data Handling)

Compliance isn’t just about ticking the 14-day notice box. It’s about implementing surveillance in a way that supports your business goals, reduces risk, and stays consistent with your employment and privacy obligations.

Here’s a practical “business owner” approach we often recommend.

1) Put Your Rules In Writing (So Everyone Knows Where They Stand)

Your written documents should reflect the reality of how your workplace runs.

Depending on your business, this can include:

• An Acceptable Use Policy setting expectations about company devices, internet use, and workplace systems
• Workplace policies that cover privacy expectations, security, access control, investigations, and misconduct reporting

If you’re a startup moving fast, this might feel like extra admin. In practice, it’s often what prevents disputes later, because it creates clear boundaries and processes when something goes wrong.

2) Align Surveillance With Your Employment Contracts

It’s much easier to manage expectations when your contractual documents and your day-to-day processes match.

For example, your Employment Contract can support your right to monitor use of company systems (in a compliant way), protect confidential information, and set behavioural standards.

This won’t replace the notice requirements under the NSW workplace surveillance regime, but it helps create a consistent framework.

3) Be Clear About What Data You Collect, Who Can Access It, And How Long You Keep It

Surveillance usually creates records - footage, logs, location history, screenshots, access reports.

From a risk management perspective, you should decide (before something goes wrong):

• who can access surveillance records (for example, owner/director, operations manager, external IT provider)
• what the approval process is for viewing footage/logs
• how long records are retained
• how records are stored securely (especially if stored in the cloud)

If your business collects personal information (which many surveillance systems will), it’s also important to have the right external-facing documentation in place, such as a Privacy Policy (particularly if you have a website, customer database, mailing list, or online platform).

4) Train Your Managers (So Surveillance Doesn’t Get Misused)

In small businesses, a lot of risk comes from “informal” practices - for example, a supervisor deciding to check CCTV for non-security reasons, or looking through computer logs without any process.

Even basic manager training can help you avoid problems like:

• surveillance being used inconsistently (which can look unfair or targeted)
• privacy complaints because staff didn’t realise how monitoring worked
• over-collection of data (collecting more than you reasonably need)

Training doesn’t need to be complicated - it just needs to be clear and consistent with your policies.

5) Use Surveillance As One Tool In A Bigger Compliance System

Surveillance is only one part of protecting your business. You should also consider practical safeguards such as:

• IT access controls (permissions, MFA, audit logs)
• confidentiality clauses and IP protections
• clear procedures for handling misconduct allegations
• work health and safety incident reporting

If you take this “system” approach, you’re less likely to rely on surveillance as your only response - which usually makes compliance much easier.

Key Takeaways

• The NSW Workplace Surveillance Act regulates camera, computer, and tracking surveillance in NSW workplaces, and it’s relevant to most modern small businesses and startups.
• In most cases, surveillance must be overt and workers must receive at least 14 days’ written notice before surveillance starts (unless a shorter period is agreed to in line with the Act).
• Camera surveillance generally requires clear signage, and surveillance in sensitive areas like toilets and change rooms is highly restricted.
• Covert surveillance is not something you can simply decide to do - it generally requires a Magistrate’s authority, so get advice before taking steps.
• Strong written policies, aligned employment contracts, and good data handling practices make workplace surveillance compliance far easier (and help maintain workplace trust).
• If you’re unsure, it’s better to set up surveillance properly from the start than to “fix it later” after a complaint or incident.

If you’d like help putting the right surveillance notices, workplace policies and employment documents in place under the NSW Workplace Surveillance Act, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.