Understanding Vicarious Liability: What Australian Businesses Need To Know

Running a business in Australia is exciting, but it also means managing legal risk - especially if you have employees or people who act on your behalf. One risk that catches many owners off guard is vicarious liability. It’s the idea that you can be legally responsible for harm caused by someone else in your business, even if you personally did nothing wrong.

In this guide, we’ll explain what vicarious liability means in plain English, how it works in Australia, when it can arise in day‑to‑day operations, and the practical steps you can take to reduce your exposure. Our aim is to help you feel confident and prepared, so you can focus on growing your business while putting sensible protections in place.

If you need tailored documents or advice as you read, we’re here to help - from setting up watertight contracts to building workplace policies that actually work in practice.

What Is Vicarious Liability?

Vicarious liability is a legal principle that makes one party responsible for the wrongful acts of another, when there’s a particular kind of relationship between them. In business, this most commonly means an employer can be legally liable for a wrong committed by an employee in the course of their employment.

Think of it as “indirect liability.” If a staff member negligently injures a customer while doing their job, your business may have to pay compensation, even though you didn’t personally cause the harm. The policy behind this is simple: ensure injured people can be compensated and encourage businesses to take reasonable steps to prevent harm.

Two ideas sit at the core of vicarious liability in Australia:

• There must be the right kind of relationship (most often employer–employee).
• The conduct must be sufficiently connected to the person’s work - often described as “in the course of employment.”

Courts look at the real substance of the relationship and the connection to work tasks, not just job titles or labels.

How Does It Work In Australia (And Who Can It Cover)?

Vicarious liability is primarily a common law (court‑made) doctrine, and it can also appear in legislation. Australian courts will examine the facts closely - what the person was employed or engaged to do, how closely the wrongdoing relates to their duties, and whether it was fair and reasonable to hold the business responsible.

Employees

Employers are commonly vicariously liable for employees’ wrongful acts committed in the course of employment. This can include negligence (such as careless driving on a work errand) and statutory breaches committed during work activities (for example, misleading statements to customers). The focus is on whether the conduct was part of, or closely connected to, the person’s work.

Independent Contractors

Generally, businesses are not vicariously liable for genuinely independent contractors. However, there are important nuances:

• Court’s multifactor test: A person labelled “contractor” may still be an employee in substance if the business controls the work, supplies tools, integrates the person into the organisation, or restricts them from working elsewhere.
• Agents and authority: If a contractor is acting as your agent (with authority to bind or represent the business), you can be responsible for their acts in that role.
• Specific duties: In some contexts (for example, non‑delegable duties), a business can be directly responsible for ensuring reasonable care is taken, even when work is performed by contractors.

It’s wise to structure engagements clearly and use a tailored Contractor Agreement so expectations, scope and responsibilities are crystal clear.

Agents, Volunteers And Representatives

If someone is authorised to act on your behalf as an agent (expressly or by implication), you can be liable for what they do within that authority. Volunteers can also expose the business to risk if they carry out tasks in your name or under your direction. The more your business directs, controls or benefits from the person’s actions, the closer the connection - and the higher the risk of liability.

Common Scenarios For Australian Businesses

Here are typical ways vicarious liability can arise in day‑to‑day operations:

• Negligence by staff: An employee causes a road accident while driving between client sites. If they were on work business, your company may be liable for the resulting losses.
• Misleading statements to customers: A sales rep exaggerates product features or omits key information during a pitch. Your business can be responsible for misleading or deceptive conduct under the Australian Consumer Law (see section 18).
• Workplace harassment or discrimination: A manager harasses a team member at a work function. Anti‑discrimination laws can make employers liable unless they can show they took all reasonable steps to prevent the behaviour.
• Customer data mishandling: A staff member downloads customer lists to a personal device without authorisation. Even if privacy legislation doesn’t apply to your small business (more on that below), this can still cause real harm, complaints, and reputational damage.
• Security and safety breaches: A worker ignores safety procedures and injures a contractor on site. You may face enforcement action under work health and safety obligations, separate from vicarious liability for damages.

Each scenario turns on the facts. Courts ask: was there a sufficient connection between the conduct and the person’s work? Did the business take reasonable steps to prevent the harm? That’s where your policies, training and response processes matter.

Practical Ways To Reduce Your Risk

You can’t eliminate vicarious liability entirely if you rely on people - but you can reduce the likelihood of incidents and strengthen your position if something goes wrong. Australian courts and regulators often look at what “reasonable steps” you took to prevent harm.

Set Clear Standards From Day One

• Use a tailored Employment Contract for each role, setting expectations about conduct, confidentiality, customer communications and safety.
• Back it up with practical workplace policies (for example, anti‑bullying, discrimination and grievance procedures). A customised Workplace Policy suite helps you set rules, outline processes and show you’re serious about compliance.
• Clarify contractor relationships with a written Contractor Agreement, so scope, responsibility, insurance and reporting lines are understood.

Train, Supervise And Enforce

• Provide onboarding and refresher training covering customer communications, acceptable behaviour, privacy, WHS and escalation pathways.
• Make supervisors responsible for monitoring compliance and addressing issues early.
• Take complaints seriously, investigate quickly, and keep records. Your response can be a critical part of a “reasonable steps” defence in discrimination claims.

Protect Customer Information Proportionately

Many small businesses with annual turnover under $3 million are exempt from most parts of the Privacy Act 1988 (Cth). However, important exceptions apply (for example, health service providers, businesses that trade in personal information, or those that opt in to be bound). Even if you’re exempt, having a clear, accurate Privacy Policy and sensible data handling practices is good governance and builds customer trust. If you are covered by the Privacy Act, a Privacy Policy is one part of compliance - you’ll still need appropriate procedures, training and security controls.

Map Risks And Use Insurance Wisely

• Identify higher‑risk activities (for example, driving, site work, high‑pressure sales) and add extra safeguards where needed.
• Review your insurance program (public liability, professional indemnity, cyber) and check how it responds to acts by employees, contractors and agents.
• Refresh your risk assessment after near‑misses or complaints - and update policies and training accordingly.

Which Laws Could Be In Play?

Vicarious liability is mainly a common law concept, but several Australian laws make it highly relevant to everyday business operations. Depending on what happened, you may face claims for damages, regulator action, or both.

Australian Consumer Law (ACL)

Statements and conduct by your staff towards customers can expose the business to ACL issues - especially misleading or deceptive conduct under section 18. This is about what was said or implied, not intent, so training and supervision of sales and marketing is critical.

Anti‑Discrimination And Harassment

Federal and state anti‑discrimination laws can make employers liable for harassment or discrimination by employees unless you took all reasonable steps to prevent it. Effective policies, training, complaint handling and prompt interventions are central to that defence.

Work Health And Safety (WHS)

Businesses have a primary duty to ensure, so far as is reasonably practicable, the health and safety of workers and others affected by their operations. This is a direct duty, not just vicarious liability. Good systems, competent supervision and a strong safety culture are essential. For an overview of employer obligations, see your duty of care.

Privacy And Data Protection

If the Privacy Act applies to your business, you must handle personal information in line with the Australian Privacy Principles. This includes secure storage, limited use and disclosure, access and correction processes, and training staff on proper handling. A Privacy Policy is necessary when the Act applies, but you’ll also need procedures, access controls and incident response plans in practice.

Common Law Negligence

If someone is injured or suffers loss due to an employee’s negligence in the course of their work, your business can be sued for compensation. The classic examples are careless driving on a work errand or unsafe handling of equipment around customers.

Essential Documents That Help Manage Vicarious Liability Risk

The right contracts and policies won’t guarantee you’ll never face a claim, but they do three important things: prevent problems, guide behaviour day‑to‑day, and demonstrate the “reasonable steps” you took if something goes wrong.

• Employment Contract: Sets clear duties, standards of conduct, confidentiality, use of equipment, and compliance requirements for each role. A tailored Employment Contract makes expectations unambiguous.
• Workplace Policies: Practical rules for bullying, harassment, discrimination, social media, safety, complaints and investigations. A combined Workplace Policy suite helps staff understand what’s acceptable and what happens if standards aren’t met.
• Contractor Agreement: Clarifies scope, independence, insurances, confidentiality, IP and reporting. A well‑structured Contractor Agreement supports the intended relationship and reduces blurred lines.
• Customer Terms: Clear terms for products or services, disclaimers where appropriate, and ACL‑compliant guarantees and refunds.
• Privacy Policy: If you’re covered by the Privacy Act, a compliant Privacy Policy plus internal procedures, training and security measures help you manage personal information responsibly.
• Training And Induction Records: Evidence that you provided training and that staff acknowledged key policies and standards.
• Incident And Complaint Procedures: A simple, documented process that encourages early reporting and ensures timely, fair responses.

These documents work best when they’re tailored to your business and paired with real‑world training and enforcement. If you want a quick refresher on the underlying concept, Sprintlaw also has a plain‑English guide to vicarious liability.

Key Takeaways

• Vicarious liability makes your business legally responsible for certain wrongful acts by employees when they occur in the course of employment.
• Liability for contractors is narrower - but agency, control, and non‑delegable duties can still expose you, so structure and document engagements carefully.
• Common hot spots include negligent work, misleading customer statements, harassment and discrimination, safety breaches, and poor data handling.
• Courts and regulators look for “reasonable steps”: clear contracts, practical policies, training, supervision, complaint handling and proportionate data safeguards.
• Key laws you’ll encounter include the ACL, anti‑discrimination legislation, WHS duties and (where applicable) the Privacy Act; your obligations depend on your activities and size.
• Strong, tailored documents - like an Employment Contract, Workplace Policies, a Contractor Agreement and a Privacy Policy - help prevent issues and support your position if a claim arises.

If you would like a consultation on managing vicarious liability risks in your Australian business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.