Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
When you run a business in Australia, you carry responsibilities for your own actions - and sometimes for other people’s actions, too. That’s where vicarious liability comes in. It’s the legal principle that can make a business legally responsible for what an employee does in the course of their job.
Understanding when vicarious liability applies - and how to manage it - is essential risk management for any employer. The good news is, with the right structure, contracts, and day-to-day practices, you can significantly reduce your exposure.
In this guide, we’ll break down how vicarious liability works in Australia, common risk scenarios for small businesses, and a clear, step-by-step plan to protect your business.
What Is Vicarious Liability In Australia?
Vicarious liability means your business can be held legally responsible for certain wrongful acts committed by your employees while they’re doing their job. This typically covers negligence (e.g. causing harm through carelessness) and, in some cases, statutory breaches tied to workplace conduct.
Importantly, vicarious liability is not about whether you did something wrong personally. It’s about your legal responsibility as an employer for the actions of your staff within the scope of their employment.
Think of it as part of the cost of doing business with a team: the law expects employers to manage and supervise work in a way that minimises harm to customers, suppliers, and the public.
There are nuances to when it applies and when it doesn’t - especially around contractors versus employees and whether conduct was “in the course of employment.” We unpack those below. You can also explore a plain-English overview of vicarious liability as a refresher on the core concept.
When Can Your Business Be Vicariously Liable?
Vicarious liability generally requires three ingredients:
- There is an employer-employee relationship.
- The employee committed a wrongful act (often negligence or certain statutory breaches).
- The act was done “in the course of employment.”
Employees Versus Contractors
Vicarious liability generally applies to employees - not independent contractors. However, labels aren’t decisive. Courts look at the practical relationship (level of control, who supplies equipment, how the person is paid, and more).
If you rely on contractors, make sure the engagement is genuinely a contractor arrangement. If you’re unsure, get tailored guidance on employee vs contractor status before you scale your team.
When you do engage contractors, use a proper Contractors Agreement that sets clear expectations, allocates risk appropriately, and includes robust insurance and indemnity requirements.
What Does “In The Course Of Employment” Mean?
This is about whether the employee’s conduct was sufficiently connected to their job duties. It doesn’t have to be expressly authorised by you. Even unauthorised or prohibited acts can expose your business if they were closely related to the employee’s role.
For example, if a delivery driver negligently injures someone while making deliveries for your business, that risk is likely in the course of employment. But if the same driver detours for a personal errand far from their route and causes harm, that may fall outside the scope (depending on the facts).
Common Risk Scenarios For Small Businesses
- Customer-facing negligence: Staff giving unsafe instructions, mishandling products, or failing to follow safety procedures that cause injury or loss.
- Workplace harassment or discrimination: Unlawful conduct by employees that occurs at work or in connection with work (e.g. work events). Employers can be liable unless they took reasonable steps to prevent it.
- Misleading sales conduct: Staff representations to customers that could be misleading or deceptive, exposing you to claims under the Australian Consumer Law.
- Data handling missteps: Staff disclosing personal information insecurely or contrary to your policies, creating privacy risks.
- Use of equipment or vehicles: Improper training or supervision leading to property damage or injury in the course of work.
Across these scenarios, your best defence is proactive prevention: training, supervision, clear processes, and up-to-date contracts and policies.
How To Reduce The Risk Of Vicarious Liability
You can’t remove the risk entirely if you have staff - but you can dramatically reduce it with a strong framework.
1) Get Your Employment Foundations Right
Start with clear, well-drafted Employment Contracts. These should set out duties, expected standards of conduct, confidentiality, lawful directions, and compliance with policies. When expectations are documented, it’s much easier to enforce them.
Back this up with practical, tailored Workplace Policies that cover safety, anti-bullying and harassment, discrimination, social media, customer interactions, incident reporting, and complaints handling. Policies only reduce risk if they’re actively implemented and enforced - not just sitting in a handbook.
Where your industry has particular risks (e.g. manual handling, food safety, childcare, health services), build specific procedures and training around those risks. Regular refreshers and documented toolbox talks help show you took reasonable steps.
2) Clarify Roles: Employee Or Contractor?
As noted, vicarious liability primarily concerns employees, but misclassification risk can blur the lines. If someone looks like an employee in practice, a court may treat them as one, regardless of their title.
Before you bring people on, decide whether a genuine contractor engagement makes sense. If so, use a formal Contractors Agreement and ensure they have their own insurance, equipment, and control over how work is done (within deliverable parameters). If not, hire them as an employee with the right contract and protections.
3) Train, Supervise, And Document
Courts often look at whether you took “reasonable steps” to prevent wrongdoing. Training and supervision are your frontline evidence.
- Induction: Train new starters on safety, customer care, anti-harassment, privacy, and your core processes.
- Ongoing: Run regular refreshers, especially on high-risk tasks. Keep attendance records and content outlines.
- Supervision: Ensure managers know how to coach, monitor compliance, and escalate issues early.
- Incident response: Have a clear reporting pathway and investigate complaints promptly and fairly.
If you receive a complaint about workplace behaviour, it can help to review your approach to workplace harassment and discrimination claims so you respond lawfully and consistently.
4) Manage Consumer-Facing Risk
Customer interactions are a frequent source of claims. Make sure your sales processes and marketing comply with the Australian Consumer Law (ACL), and that staff avoid misleading statements or promises they can’t keep.
Give staff scripts and checklists where appropriate. Train them to escalate tricky customer issues rather than improvising solutions that could backfire.
5) Protect Data And Confidential Information
Personal information and confidential business data need careful handling. Provide practical training on access controls, sharing rules, and secure storage. If you collect personal data (most businesses do), publish and follow a clear Privacy Policy and ensure staff know what it means in their day-to-day work.
6) Consider Insurance As A Backstop
Insurance is not a substitute for compliance, but it can help when something goes wrong despite your best efforts. Talk to your broker about public liability, professional indemnity (if you provide advice/services), and management liability cover. Ensure your policy responds to the real risks in your operations.
Practical Steps To Put In Place Today
If you’re wondering where to start, here’s a simple, actionable plan:
- Map your risks: List where harm could occur (customer interactions, equipment use, deliveries, online data, workplace behaviour). Prioritise by likelihood and impact.
- Lock in contracts: Ensure every staff member has a current Employment Contract. For external specialists, use a Contractors Agreement with insurance and indemnity clauses.
- Update policies: Create or refresh your Workplace Policies to address safety, conduct, harassment, discrimination, privacy, social media, and complaint handling.
- Launch training: Run a short induction refresher for all staff on the updated policies and key risk procedures. Document attendance and key points covered.
- Set supervision rhythms: Put in place regular check-ins, shadowing, and spot checks for higher-risk tasks. Empower supervisors to coach and escalate early.
- Implement reporting pathways: Provide simple, confidential ways for staff to raise concerns. Encourage early reporting and ensure issues are investigated promptly.
- Review your insurance: Confirm your cover matches your risk profile and contract commitments (especially where you promise customers certain standards).
This plan not only helps prevent incidents, it also strengthens your position if something does happen - showing you took reasonable steps to avoid harm.
Handling An Incident Or Claim
Despite good systems, issues can arise. Acting quickly and fairly can reduce legal exposure and protect your reputation.
- Respond promptly: Make safety the first priority, then stabilise the situation and communicate clearly with affected people.
- Preserve evidence: Keep relevant documents, CCTV, emails, training logs, and incident notes. Ask staff to record what happened while it’s fresh.
- Investigate fairly: Interview involved parties, consider any prior related reports, and follow your policy. Avoid prejudging outcomes.
- Notify your insurer: Many policies require early notification. Your broker or insurer can advise on coverage and next steps.
- Address root causes: Remediate gaps in training, supervision, or procedures to prevent recurrence.
- Get legal support: If you anticipate a claim - or if regulators are involved - get advice early so you can manage risk and communications strategically.
If an incident relates to workplace conduct or safety, it’s also worth revisiting your broader duty of care as an employer and checking whether additional training or process changes are needed.
Key Legal Documents To Protect Your Business
Strong contracts and policies won’t eliminate vicarious liability, but they’re essential for preventing issues, setting standards, and showing you’ve taken reasonable steps.
- Employment Contract: Sets out duties, lawful directions, confidentiality, and policy compliance. Use a modern, tailored Employment Contract for each role type.
- Workplace Policies: A practical suite covering safety, conduct, anti-harassment, discrimination, privacy, social media, customer interactions, and complaints. Start with a comprehensive Workplace Policy framework and build industry-specific procedures.
- Contractors Agreement: Clarifies a genuine contracting relationship, allocates risk, and requires appropriate insurances for non-employees. Use a robust Contractors Agreement for each engagement.
- Privacy Policy: Explains how you handle personal information and sets rules your team must follow in practice. A clear, compliant Privacy Policy helps reduce privacy incident risk.
- Training Records And Induction Documents: While not a “contract,” these are vital evidence that you trained staff and took reasonable steps to prevent harm.
If your business involves higher risk activities (e.g. transport, construction, medical or disability services, childcare), speak with a lawyer about sector-specific documents and regulatory requirements, too.
Key Takeaways
- Vicarious liability can make your business responsible for wrongful acts by employees done in the course of their employment, even if you didn’t personally do anything wrong.
- Your best defence is prevention: clear Employment Contracts, practical Workplace Policies, targeted training, and active supervision.
- Be careful with classifications: if you use contractors, get employee vs contractor status right and use a proper Contractors Agreement that allocates risk and requires insurance.
- Consumer interactions and data handling are common risk areas - build scripts, checklists, and a live Privacy Policy into your workflows.
- If an incident occurs, act promptly, investigate fairly, preserve evidence, notify your insurer, and address root causes.
- Getting proactive legal support early will help you implement reasonable steps and reduce the likelihood and impact of claims tied to vicarious liability.
If you’d like a consultation about managing vicarious liability risks in your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
