Vicarious Liability in Australia: When Can Your Business Be Liable?

If you have a team, there’s always a chance someone on staff makes a mistake, cuts a corner, or says the wrong thing to a customer.

The big question for small business owners is this: could your business be legally responsible for what an employee did - even if you didn’t know about it?

That’s where vicarious liability comes in. In Australia, employers can be held “vicariously liable” for certain wrongful acts of their employees. Understanding where that line sits - and setting up the right systems to manage risk - can save you serious time, stress and money.

In this guide, we’ll explain what vicarious liability means in plain English, walk through common scenarios for small businesses, and share practical steps and documents to help protect your business.

What Is Vicarious Liability In Law?

Vicarious liability is a legal principle that can make one party responsible for the wrongful acts of another. In the small business context, it often means an employer can be liable for certain acts of an employee that happen “in the course of employment”.

It doesn’t require you to have done anything wrong personally. The law imposes responsibility because you control the work and benefit from it.

Key ideas to understand:

• Employee vs contractor: Vicarious liability generally applies to employees, not independent contractors. However, there are exceptions (we’ll cover these below).
• In the course of employment: The act must be sufficiently connected to the work the employee was engaged to do. Even unauthorised or prohibited acts can sometimes be “in the course” if they’re closely related to the employee’s duties.
• Types of wrongdoing: Common claims involve negligence (e.g. carelessness causing harm), misrepresentations to customers (e.g. misleading statements), and workplace harassment or discrimination.

For a deeper primer, many businesses find it helpful to read a simple overview of vicarious liability law before looking at their own risk controls.

Common Ways Small Businesses Become Vicariously Liable

1) Misleading or Deceptive Statements To Customers

If a staff member makes a false or misleading claim to a customer - for example, overstating what your product can do or promising a refund you don’t actually offer - your business can be responsible under the Australian Consumer Law (ACL).

“I didn’t authorise them to say that” won’t necessarily get you off the hook. Under the ACL, businesses must avoid conduct that is misleading or deceptive (or likely to mislead or deceive). You’ll want to ensure your marketing, scripts and sales processes are set up to comply with section 18 of the ACL.

2) Negligence During Service Delivery

Think of a technician who damages a client’s property while installing equipment, or a delivery driver who causes an accident while making deliveries. If they’re an employee and the incident occurs during their work, your business can be liable for the damage caused.

3) Harassment Or Discrimination At Work

Workplace bullying, sexual harassment or discrimination by an employee can expose your business to claims. Courts look at whether you took “all reasonable steps” to prevent this kind of behaviour - policies and training matter here (more on that shortly).

4) Privacy And Data Handling

If a staff member mishandles personal information (e.g. exports a customer list to a personal device, or emails sensitive information to the wrong person), your business may face regulatory scrutiny and compensation claims. Having a clear, enforced Privacy Policy and training employees on data handling are key risk controls.

5) “Apparent Authority” And Agency

Even if an employee isn’t formally authorised to make a promise or a deal, they might appear to a customer to have that authority (for example, a staff member wearing your uniform and serving customers). If a customer reasonably relies on that representation, your business could be bound by their statements.

Are You Vicariously Liable For Contractors?

As a rule of thumb, businesses are not vicariously liable for independent contractors. That’s one reason many businesses engage contractors for specialised work - you’re generally not on the hook for how they perform the work, beyond your own duties of care.

However, there are important exceptions and traps:

• Sham contracting risks: If a “contractor” is actually working like an employee (control, hours, integration into your business), a court might treat them as an employee. A proper Contractor Agreement and the right working arrangements help ensure the relationship is genuinely independent.
• Non-delegable duties: In some contexts, the law imposes duties that can’t be delegated (for example, certain safety obligations). You can still be liable if a contractor breaches those duties.
• Direct negligence by your business: If you’ve been negligent in selecting, instructing, or supervising a contractor, you could face liability for your own acts or omissions.

How Do You Reduce The Risk Of Being Vicariously Liable?

There’s no silver bullet - but a combination of clear contracts, practical policies, training, and supervision goes a long way. Here’s a practical, small-business-friendly roadmap.

1) Use Clear, Compliant Employment Contracts

Set expectations from day one. An up-to-date Employment Contract should define duties, authority limits, confidentiality obligations, and standards of conduct. This makes it easier to direct staff, correct behaviour quickly, and demonstrate that you took reasonable steps to prevent wrongdoing.

2) Put Practical Workplace Policies In Place

Policies are your playbook. At a minimum, consider anti-bullying and harassment, discrimination, WHS, social media, customer communications, and data handling. These should be tailored to your operations, easy to follow, and actually used (not just filed away). If you don’t have them yet, a core Workplace Policy suite is a strong starting point.

3) Train, Supervise, Refresh

Courts look at what you did in practice. That means regular training on customer communications, privacy, safety and conduct standards - not just onboarding once. Keep training short and relevant to roles, document completion, and do refreshers. Supervision matters too: spot-checks, coaching, and feedback loops help you catch issues early.

4) Set Customer-Facing Guardrails

If your team sells or supports customers, create simple scripts or checklists for claims, refunds and warranties. Your website, invoices and emails should align with your consumer law obligations. For sales and service businesses, well-drafted Terms of Trade can standardise promises and limit risk, while ensuring you still meet ACL requirements.

5) Protect Information And Confidentiality

Have a clear Privacy Policy, define who can access what data, and use role-based permissions. When collaborating or sharing sensitive information externally, use an NDA. Internally, cover confidentiality in your employment and contractor agreements.

6) Engage Contractors The Right Way

When hiring contractors, put scope, deliverables, insurances, safety expectations and compliance obligations in a robust Contractor Agreement. Make sure the working reality matches the contract to avoid reclassification risks. If they’ll interact with customers on your behalf, brief them carefully on what they can and can’t say or do.

7) Respond Fast To Incidents

If something goes wrong, a quick, documented response can reduce damage and demonstrate you acted reasonably. For privacy issues, a practical Data Breach Response Plan helps your team follow a clear process under pressure.

8) Document Your Efforts

Keep records of training, policy sign-offs, supervision, corrective action, and incident responses. If a claim arises, you can show the reasonable steps you took to prevent harm - which can be critical when a court assesses responsibility.

9) Understand Your Duty Of Care

Separate from vicarious liability, businesses also owe their own duty to take reasonable care for the safety of workers and others. Familiarising yourself with your duty of care as an employer is part of building a safer workplace and reducing legal exposure overall.

When Might You Not Be Vicariously Liable?

There are limits to vicarious liability. While the outcomes depend on the facts, here are common scenarios where liability may not attach:

• “Frolic of their own”: If an employee does something completely outside their role and not connected to their employment (for example, a personal detour unrelated to work), vicarious liability may not apply.
• Acts clearly contrary to instructions: If you’ve put in reasonable controls (policies, training, supervision) and the conduct was well outside what an employee is authorised or expected to do, that can weigh against liability.
• Independent contractors: As noted, you’re generally not vicariously liable for independent contractors - but watch for exceptions (misclassification, non-delegable duties, or your own negligence).

Even when you ultimately aren’t found vicariously liable, claims can still be costly to manage. Prevention and early advice are almost always cheaper than a dispute.

Practical Examples For Small Businesses

Retail And E‑Commerce

An employee promises a customer “lifetime repairs” that you don’t offer, or says a product is “waterproof” when it’s only water resistant. Your business could be liable for misleading or deceptive conduct under the ACL - even if the employee meant well. Clear product descriptions, training, and consistent website wording help, supported by compliant Terms of Trade.

Services And Trades

A technician damages a client’s fittings during an installation. If they’re an employee and were doing their job at the time, your business may be liable for the loss. Good training, checklists, and supervision help reduce incidents. Your customer contracts should also clearly set expectations around scope and limitations.

Professional Services

A junior staff member gives off‑the‑cuff advice beyond their competence. If a client relies on it and suffers loss, you could face a claim. Role clarity in your Employment Contract, supervision protocols, and approved advice templates help manage that risk.

Hospitality

At a work function, an employee harasses a colleague. If it’s sufficiently connected to employment (which work events often are), your business can be liable. Enforced conduct policies, pre‑event reminders, and follow‑up training show you took reasonable steps to prevent it.

Essential Legal Documents That Help Manage Vicarious Liability

Documents don’t solve everything - but the right ones turn expectations into enforceable rules and make training and enforcement far easier.

• Employment Contract: Sets duties, authority, confidentiality, IP ownership, conduct standards, and disciplinary processes. Start with an Employment Contract tailored to each role.
• Workplace Policies: Practical rules on bullying and harassment, discrimination, WHS, customer communications, social media, and data handling. A core Workplace Policy suite helps you set and enforce standards.
• Contractor Agreement: Clarifies the independent relationship, scope, compliance requirements, insurance and safety expectations, and IP/confidentiality. Use a robust Contractor Agreement for each engagement.
• Privacy Policy: Explains how your business collects, uses and protects personal information, and instructs staff on your privacy obligations. Publish and enforce a compliant Privacy Policy.
• Data Breach Response Plan: A step‑by‑step internal playbook for handling suspected breaches quickly and lawfully. A practical Data Breach Response Plan helps your team act under pressure.
• Non‑Disclosure Agreement (NDA): Protects confidential information when dealing with suppliers, partners or contractors. Use an NDA before sharing sensitive information.
• Customer Terms: Clear, compliant Terms of Trade standardise promises to customers and align your processes with the ACL.

Not every business will need every document from day one, but most will need several. The key is to make sure they fit how you actually operate - and that you use them consistently.

Key Takeaways

• Vicarious liability can make your business responsible for wrongful acts of employees if they occur “in the course of employment”.
• Common risk areas include misleading customer statements (ACL), negligence during service delivery, workplace harassment, and mishandling personal information.
• You’re generally not vicariously liable for independent contractors - but watch for misclassification, non‑delegable duties and your own negligence.
• Reduce risk with clear Employment Contracts, practical Workplace Policies, regular training and supervision, and fast incident response.
• Support your processes with a Privacy Policy, Data Breach Response Plan, NDA, and compliant customer terms.
• Documenting the reasonable steps you take (policies, training, supervision) can be crucial if a claim arises.

If you’d like a consultation on managing vicarious liability risks for your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.