Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
Workplace monitoring can be a huge help when you’re building (or scaling) a business. It can protect your stock, reduce safety incidents, help you meet customer expectations, and sometimes even save you from costly disputes.
But in Australia, workplace monitoring also comes with real legal risk. The problem isn’t usually that monitoring is “illegal” in itself - it’s that the way you do it (and how transparent you are with your team) can quickly put you on the wrong side of privacy rules, surveillance laws, and Fair Work obligations.
If you’re a small business owner or startup founder, you’re likely juggling a lot: hiring, cashflow, customer delivery, systems, and security. This guide breaks down workplace monitoring in plain English, with a practical framework you can apply to your business - whether you’re running a retail shop with CCTV, a remote team using company laptops, or a customer service team taking calls.
This article is general information only and does not constitute legal advice. Because the rules can vary by state/territory and by how your monitoring is set up, consider getting tailored advice for your business.
What Is Workplace Monitoring (And Why Do Businesses Use It)?
Workplace monitoring is any activity where you observe, record, track, or review what’s happening in your workplace or on your business systems.
In practice, workplace monitoring can include:
- security cameras in a shop, warehouse, or office
- monitoring internet usage and browser history on company devices
- tracking employee access to files or platforms
- GPS tracking for company vehicles and deliveries
- monitoring emails and internal messages on business systems
- recording phone calls (for training, quality assurance, or disputes)
Small businesses typically use workplace monitoring for a few key reasons:
- Security: preventing theft, protecting assets, and investigating incidents
- Safety: verifying work health and safety processes are being followed
- Productivity: managing performance and workflow (especially with remote work)
- Compliance: meeting regulatory obligations or contract requirements
- Customer service: improving training and handling complaints
The good news is that workplace monitoring can often be done lawfully in Australia. The key is to build your approach around transparency, necessity, and proper documentation.
When Is Workplace Monitoring Lawful In Australia?
Workplace monitoring in Australia isn’t governed by one single “workplace monitoring law” nationwide. Instead, legality depends on a mix of:
- state and territory surveillance and listening device laws
- privacy obligations (including the Privacy Act 1988 (Cth) in some cases)
- employment law principles (including the Fair Work Act and your contracts/policies)
- work health and safety duties
So, the “lawful” answer often depends on where your workplace is, what you’re monitoring, how you’re collecting and storing information, and what you told your team.
1) Be Clear On What You’re Monitoring (And Why)
A strong starting point is: can you clearly explain the business reason?
For example, monitoring might be easier to justify where it is:
- for safety (eg incidents in a warehouse)
- for security (eg theft in retail)
- to protect confidential information (eg limiting access to sensitive client files)
Monitoring that is excessive, unrelated to genuine business needs, or feels “secretive” tends to create the biggest legal and cultural problems.
2) Understand State/Territory Surveillance Rules (Including Notice Requirements)
Australia has state and territory laws regulating surveillance and recordings. These can cover things like:
- use of cameras in workplaces
- audio recordings and listening devices
- workplace surveillance notice requirements
This is why what works in one state can be risky in another. If you operate across multiple states (or have remote staff), you’ll want to be especially careful to set a consistent, legally compliant approach.
For example, in NSW, the Workplace Surveillance Act 2005 (NSW) regulates camera surveillance, computer surveillance and tracking surveillance in workplaces, and it has specific notice requirements (including timing and how notice must be given) in many cases. Other states and territories don’t have identical “workplace surveillance” legislation, but may regulate surveillance through listening device laws, surveillance device laws, privacy rules and other obligations.
If your monitoring involves cameras, it’s worth getting across the practical rules around CCTV laws and broader workplace camera laws.
3) Privacy Still Matters (Even If You’re Not “Big Enough” For the Privacy Act)
Many small businesses are not automatically covered by the Privacy Act 1988 (Cth) (there are thresholds and exceptions), but privacy expectations still matter because:
- some businesses are covered regardless of size (for example, certain health-related businesses)
- you may handle sensitive information or personal data in ways that create risk
- privacy complaints and reputational harm can impact a growing business quickly
Also, even if your business is covered by the Privacy Act, employee monitoring doesn’t always fall neatly into one set of rules. For example, the Privacy Act contains an “employee records exemption” that can apply to certain handling of employee records by a private sector employer, where it is directly related to the employment relationship. However, that exemption is limited and does not necessarily cover everything (for example, it may not apply to contractors, and it doesn’t remove your obligations under state surveillance/device laws or other legal duties).
Even where the Privacy Act doesn’t apply, a best-practice approach is to treat employee and customer data carefully, limit access, and only collect what you reasonably need.
As a practical step, if you collect personal information as part of your monitoring (for example, identity details, device identifiers, logs tied to a person, or CCTV footage), a Privacy Collection Notice can be a clean way to explain what you collect and why.
4) Employment Law: Policies, Contracts, And “Procedural Fairness”
Workplace monitoring often becomes an employment issue when you use monitoring results to manage performance or discipline a team member.
This is where businesses can get caught out: even if the monitoring itself is technically lawful, your process can still create risk if you:
- didn’t clearly tell staff what you monitor
- use monitoring inconsistently (eg only monitoring certain people)
- rely on monitoring to terminate without a fair process
In many cases, having the right Employment Contract and clear workplace policies is what turns workplace monitoring from a “grey area” into a structured, defensible process.
Common Types Of Workplace Monitoring (And The Legal Watch-Outs)
Most businesses don’t just choose “monitoring” or “no monitoring”. You choose tools, and each tool has its own legal pinch points.
CCTV And Video Surveillance
CCTV is one of the most common workplace monitoring tools, especially for retail, hospitality, warehouses, and medical practices.
Common lawful uses include:
- preventing theft and vandalism
- investigating incidents
- supporting workplace safety (for example, reviewing a safety incident)
Key watch-outs:
- Notice and signage: people should generally be made aware cameras are in use (and in some jurisdictions, specific forms of notice may be required).
- High privacy areas: bathrooms, change rooms, and other highly private spaces are high-risk (and often prohibited).
- Audio recording: cameras with audio are a different category of risk because listening device laws may apply, and consent requirements can differ across states/territories.
- Storage and access: CCTV footage is sensitive. Limit who can access it, and set clear retention rules.
Even a straightforward setup can become problematic if your CCTV quietly captures audio, faces, screens, or private conversations you didn’t intend to record.
Computer, Internet, And App Monitoring
If your team uses company devices, you may monitor things like:
- web browsing and download activity
- system access logs
- company email activity
- use of collaboration tools
From a business perspective, this can protect confidential information, reduce cybersecurity risk, and help you understand productivity bottlenecks.
Key watch-outs:
- Set expectations clearly: staff should understand what devices/systems are monitored and the boundaries of personal use.
- Don’t over-collect: excessive monitoring creates legal and cultural risk (and can backfire on trust).
- Be careful with “private” communications: monitoring might capture personal information, private messages, or sensitive health details.
If you’re unsure what you can do with work emails and business systems, it helps to understand the baseline principles around employer access to employee emails.
GPS Tracking (Vehicles, Phones, And Equipment)
GPS tracking is increasingly common for:
- delivery and logistics businesses
- mobile trades and services
- startups managing field teams
Used properly, GPS tracking can:
- improve safety (knowing where your team is in emergencies)
- protect company assets
- support accurate timekeeping and scheduling
Key watch-outs:
- After-hours tracking: if a vehicle/phone is used outside work time, you need a clear policy position.
- BYOD (bring your own device): if employees use personal phones, tracking is much more sensitive.
- Transparency: it should never feel like “secret tracking”.
Call Recording And Audio Monitoring
Recording calls can be useful for:
- training and quality assurance
- handling complaints and chargebacks
- managing disputes about what was agreed
But audio recording is one of the most legally sensitive forms of workplace monitoring. Australia has different rules across states about when you can record conversations, when consent is required, and how recordings can be used. Depending on the state/territory and the circumstances, it may be unlawful to record a conversation you’re not a party to, and even where you are a party, consent and “lawful purpose” requirements can come into play.
If your business records customer calls, support calls, or internal calls, it’s worth being very careful with business call recording laws and the broader compliance principles around recording laws.
Biometrics And Facial Recognition
Some workplaces are now considering biometric monitoring - for example, fingerprint sign-in systems or facial recognition entry controls.
This area can be particularly high-risk because biometric data is sensitive and can raise serious privacy concerns. If you’re considering biometrics, it’s usually a strong sign you should get tailored legal advice before rollout, including around collection, consent, storage, and access controls.
How To Implement Workplace Monitoring Without Breaking Trust (Or The Law)
Even when workplace monitoring is legal, the way you implement it can determine whether it becomes a helpful protection tool - or a morale and compliance headache.
Here’s a practical rollout framework many small businesses and startups use.
Step 1: Start With A Monitoring Plan
Before you buy tools or turn on features, document a simple monitoring plan covering:
- What you want to monitor (eg CCTV, email logs, GPS)
- Why you need it (the business purpose)
- When monitoring happens (always-on, or only in specific situations)
- Who can access the data
- How long you keep the data (retention period)
- How you’ll handle requests, complaints, or disputes
This doesn’t need to be a 40-page document. The goal is to show you’ve thought about necessity and proportionality - not just convenience.
Step 2: Put It In Writing With A Clear Policy
A workplace policy is where you convert “what we do” into “what everyone understands”. It helps prevent misunderstandings and makes your approach consistent across managers and teams.
Your workplace monitoring policy often ties into other documents, like:
- IT and acceptable use rules
- privacy and confidentiality rules
- security procedures
- performance management processes
If you’re building out your employment systems, an Employee Privacy Handbook can also help set expectations about workplace information handling in a structured way.
Step 3: Give Proper Notice (And Make It Easy To Understand)
One of the simplest ways to reduce risk with workplace monitoring is to be upfront.
In practice, “notice” may involve:
- employment contract clauses referencing monitoring and acceptable use
- a standalone monitoring policy acknowledged by employees
- workplace signage for CCTV
- system prompts (eg “this call may be recorded”)
Notice isn’t just a legal checkbox. It helps protect trust. People are far more likely to accept monitoring when they understand the business reason and the boundaries.
Step 4: Apply Monitoring Consistently (And Avoid “Targeting”)
From both a culture and legal risk perspective, inconsistent monitoring is a common issue.
Examples include:
- only reviewing one employee’s activity without a clear reason
- turning monitoring “on” only when there’s conflict
- using monitoring to micromanage rather than manage genuine risk
Instead, set clear triggers and apply them consistently. If you need extra monitoring in a specific case (for example, a suspected breach), document the reasons and keep the monitoring limited to what’s necessary.
Step 5: Treat Monitoring Data Like Sensitive Business Information
CCTV footage, access logs, recordings, and tracking data can quickly become sensitive - especially if it reveals health information, family details, or private conduct.
As a practical baseline, you should consider:
- restricted access (only those who truly need it)
- secure storage (including encryption where appropriate)
- clear retention/deletion rules
- a process for responding to requests and complaints
For startups, this is also good governance. If you ever go through fundraising, due diligence, or an acquisition, sloppy monitoring and data practices can become an unexpected red flag.
Common Mistakes Small Businesses Make With Workplace Monitoring
Workplace monitoring problems often happen because business owners are moving quickly - not because they’re trying to do the wrong thing.
Here are some of the most common pitfalls we see.
Assuming “It’s Our Equipment, So We Can Monitor Anything”
Using company devices does give you more control, but it doesn’t automatically remove privacy and surveillance risks. Monitoring can still capture personal information, and employees may still have expectations of privacy depending on the context and what you’ve communicated.
Recording Audio Without Understanding Consent Rules
Audio recordings can be legally complex across Australia. “This call may be recorded” messaging is common, but it isn’t always the full solution - particularly for internal conversations, where different state/territory rules may apply, and where recordings are later used beyond the original purpose.
Using Monitoring As A Shortcut For Performance Management
Monitoring may identify issues, but it shouldn’t replace good management processes. If you rely heavily on monitoring to discipline or terminate without clear expectations and a fair process, you can increase the risk of disputes.
Installing Cameras In High-Privacy Areas
Bathrooms and change rooms are the obvious examples, but also consider:
- break rooms
- quiet rooms or wellbeing rooms
- areas used for private calls or sensitive discussions
If in doubt, get advice before installation - it’s much easier than dealing with complaints after rollout.
Failing To Update Policies As The Business Scales
Startups often begin with informal systems. Then you hire quickly, go remote, adopt new tools, and suddenly monitoring happens by default (for example, platform audit logs or location features you didn’t actively “choose”).
A good checkpoint is whenever you:
- hire your first employee
- start using a new time-tracking, CRM, or helpdesk tool
- open a new location or warehouse
- start recording calls or customer interactions
When your tech stack changes, your workplace monitoring position often changes too.
Key Takeaways
- Workplace monitoring can protect your business, but it needs to be planned and implemented carefully to reduce legal and cultural risk.
- In Australia, workplace monitoring is regulated through a mix of surveillance and listening device laws, privacy obligations (including the Privacy Act in some cases and the employee records exemption in limited circumstances), and employment law - and the rules can differ by state and territory.
- Common forms of workplace monitoring include CCTV, computer and internet monitoring, GPS tracking, and call recording, and each comes with its own compliance watch-outs.
- The safest approach is to be transparent: use clear policies, give proper notice (including any state/territory-specific notice requirements), and only monitor what you reasonably need for genuine business purposes.
- Monitoring data (like footage, recordings, and access logs) should be secured, access-controlled, and kept only as long as necessary.
- If you plan to use monitoring outcomes for performance or disciplinary action, make sure your contracts and processes support a fair and consistent approach.
If you’d like help setting up workplace monitoring the right way - including reviewing your policies, contracts, and compliance approach - you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
