Workplace Surveillance Act 2005 (NSW) Explained

Thinking about installing cameras in your premises, monitoring staff emails, or using GPS to track company vehicles? In New South Wales, the Workplace Surveillance Act 2005 (NSW) sets strict rules for how you can monitor workers and what you must tell them.

If you get it right, workplace surveillance can improve safety, protect assets and reduce risk. If you get it wrong, you could face penalties, disputes and reputational damage.

In this guide, we’ll break down what the Act requires in plain English and walk you through a compliant, business-friendly approach to surveillance that respects your team and protects your business.

What Is The Workplace Surveillance Act 2005 (NSW)?

The Workplace Surveillance Act 2005 (NSW) regulates how employers in NSW can carry out surveillance of employees at work. It covers three main types of surveillance:

• Camera surveillance (e.g. CCTV in your office, shop, warehouse or worksite)
• Computer surveillance (e.g. monitoring emails, internet usage, software activity, keystrokes)
• Tracking surveillance (e.g. GPS in vehicles, devices, or equipment)

The Act applies to current employees and often also to contractors and other workers who perform work at your workplace using your systems or equipment. It’s designed to balance your legitimate business interests with your workers’ privacy and dignity at work.

Other laws can also apply alongside the Act, such as privacy laws, the Surveillance Devices Act 2007 (NSW) for certain audio recordings, and workplace safety obligations. For instance, if you’re using cameras, you should be across the broader security camera laws that apply to businesses.

When Can You Monitor Employees In NSW?

In most cases, workplace surveillance in NSW must be “notified” and carried out in accordance with strict procedural rules. Covert surveillance is only allowed in very limited circumstances with a court order. Here’s how the main categories work.

Camera Surveillance (CCTV)

You can use cameras in the workplace, but you must give employees advance notice and put up clear signs in areas under surveillance.

• Provide written notice at least 14 days before surveillance starts (or a shorter period if the worker agrees).
• Ensure signage is clearly visible at every entrance to the area under surveillance.
• Never install cameras in toilets, change rooms, or shower areas (these are prohibited areas).

Think about what you’ll capture. Video without audio is common. If you plan to record sound, additional rules apply under NSW listening device laws. It’s important to understand the NSW recording laws before enabling audio on cameras or devices.

Computer Surveillance (Emails, Internet & Systems)

Computer surveillance is allowed if you notify workers in writing that it is happening and outline how it will occur. This usually means a clear, accessible policy that states:

• What systems are monitored (email, internet, apps, devices, network traffic, etc.)
• How monitoring is done (automated logs, filters, periodic reviews, content scans)
• When it occurs (at all times, at random, or only in specific circumstances)
• How you’ll use and store the information

If your business needs to review inboxes or attachments for security or compliance reasons, make sure your policy addresses access to employee emails in a transparent way.

Tracking Surveillance (GPS & Location)

If you track vehicles, phones or equipment via GPS, you must tell workers about the tracking device, what data it collects and when tracking can occur. Label tracked assets clearly (e.g. a dash sticker in vehicles) and include tracking expectations in your policy and contracts.

Covert Surveillance (Only With a Magistrate’s Authority)

“Hidden” or covert surveillance is generally prohibited unless you obtain a court authority. Even then, it’s only available in limited circumstances (for example, to investigate suspected unlawful activity) and subject to strict conditions and time limits.

If you’re facing a serious issue that might warrant covert monitoring, get tailored legal advice before taking action.

What Notices And Policy Documents Do You Need?

The Act is prescriptive about notice. Before surveillance begins, you must give employees written notice of:

• The kind of surveillance (camera, computer, tracking)
• How the surveillance will be carried out
• When it will start and whether it will be continuous or periodic
• Whether it’s for a specified limited period or ongoing

In practice, most employers satisfy this by providing a comprehensive policy and ensuring every worker receives it at least 14 days before surveillance starts (or sooner with their consent).

Core Documents To Put In Place

• Workplace Surveillance Policy: Your primary document that explains the “what, how and when” of surveillance in your business.
• Acceptable Use & IT Policies: Rules for use of devices, email, internet and apps. These often sit alongside or within your broader Workplace Policy suite.
• Privacy Policy: If you collect personal information through surveillance or your systems, publish a clear, compliant Privacy Policy explaining collection, storage and disclosure in line with the Privacy Act 1988 (Cth).
• Employment Contracts: Reference your surveillance and acceptable use policies in your Employment Contract and ensure staff agree to follow them.
• Mobile/BYOD Rules: If staff use personal devices for work or carry work phones, set expectations via a clear mobile phone policy and BYOD terms.

Make policies easy to find (in your HR system or intranet), provide training, and keep records showing when each worker received notice and acknowledged the policies.

Are There Rules For Storage, Access And Use Of Surveillance Records?

Yes. It’s not just how you collect surveillance data that matters, but also how you store, access and use it.

• Purpose limitation: Only use surveillance data for legitimate business purposes that align with your policies (e.g. safety, security, compliance, investigating misconduct).
• Security: Securely store footage and logs, restrict access to authorised personnel and enable audit trails. Consider an information security framework and role-based access controls.
• Retention: Keep data only as long as reasonably necessary for the purpose collected and applicable limitation periods. Set a retention schedule and implement automated deletion where possible.
• Disclosure: Don’t share surveillance data outside your business unless it’s lawful and necessary (for example, to police, regulators or legal advisers). Ensure third-party providers (like security or cloud vendors) have robust protections in place.
• Worker requests: Be prepared to respond appropriately to employee queries about surveillance records. Your policies should explain how requests are handled.

These steps work alongside your privacy obligations. If surveillance may capture personal information, your public-facing Privacy Policy should reflect this, and internal procedures should match what you tell people externally.

What About Audio, Phone Calls And Remote Work?

This is where many businesses stumble. Audio recording and call monitoring are subject to additional rules beyond the Workplace Surveillance Act.

Audio Recording In The Workplace

Capturing audio on premises-whether via CCTV microphones, voice recorders or apps-can engage NSW listening device laws. In most cases, you cannot record a private conversation without consent. Before enabling audio, make sure your plan aligns with the NSW recording laws.

Recording Business Phone Calls

If you record customer or staff calls (for example, for quality assurance), you must comply with call recording rules, which usually require advising all parties that the call is recorded and offering alternatives. Review your scripts and systems against the relevant call recording laws to ensure the notice is timely and effective.

Remote And Hybrid Work

Monitoring remote workers is possible, but you must still comply with NSW notice requirements and respect privacy. Avoid overly intrusive measures like constant webcam streaming or keystroke logging unless they are strictly necessary and clearly notified. Focus on proportionate monitoring tied to genuine business needs.

For premises and customer-facing areas, align your CCTV setup and signage with broader security camera laws so customers and visitors also receive appropriate notice where required.

Common Compliance Pitfalls (And How To Avoid Them)

• Insufficient notice: Rolling out surveillance without the full 14 days’ written notice (unless staff consent to a shorter period). Avoid “overnight” changes where possible.
• Missing or vague policies: Relying on a brief email instead of a proper policy that clearly covers how, when and why monitoring occurs.
• Audio capture by accident: Turning on audio in CCTV systems without considering NSW listening device laws, or assuming signs alone are enough for audio.
• Monitoring outside scope: Using surveillance data for reasons not covered in your policy (for example, reviewing personal messages on a BYOD device without clear authority and necessity).
• Poor data governance: Storing recordings indefinitely or allowing broad internal access to footage/logs without a need-to-know basis.
• No training: Telling staff surveillance is in place but failing to explain what it means in practice, leading to confusion or distrust.

Simple improvements-like tightening your policy framework, clarifying BYOD and email access expectations, and aligning your systems to the rules-can dramatically reduce risk. If you need help formalising these settings, a tailored Workplace Policy suite and a compliant Privacy Policy are a strong foundation.

Step-By-Step: How To Roll Out Compliant Workplace Surveillance

1) Map Your Business Needs And Risks

Be clear about what you’re trying to achieve: safety, security, asset protection, quality assurance or regulatory compliance. Choose surveillance tools that are proportionate to those goals.

2) Draft Or Update Your Policies

Prepare a Workplace Surveillance Policy that covers camera, computer and tracking surveillance. Align it with your Acceptable Use, BYOD, email monitoring and data governance settings, and ensure your Privacy Policy reflects any collection of personal information.

3) Build It Into Contracts And Onboarding

Reference your surveillance and IT rules in your Employment Contract templates. For contractors and suppliers with access to your systems, mirror appropriate obligations in their agreements.

4) Provide Written Notice (At Least 14 Days)

Issue the policies to all affected workers with a covering notice that satisfies the Act, including the type of surveillance, how it occurs and when it commences. Obtain acknowledgements and keep records.

5) Configure Systems And Signage

Set up cameras, software and GPS in line with your policies. Display clear signs at entrances to areas under camera surveillance. Consider disabling audio unless you have a lawful, clearly notified basis for recording conversations.

6) Train Managers And Staff

Run short training so managers understand the boundaries (for example, when it is appropriate to review footage or mailboxes) and so staff know what to expect and how data is handled. Clear communication builds trust.

7) Establish Secure Storage And Retention

Configure access controls, retention periods and deletion processes. Limit who can access surveillance data and record the reasons for access (for example, an investigation or safety incident).

8) Audit And Review Regularly

Schedule reviews to check that your practices still match your policies and that your monitoring remains proportionate to current risks. If you change systems (say, new call recording software), revisit your call recording laws obligations and update staff notices.

How The Act Interacts With Other NSW And Australian Laws

The Workplace Surveillance Act is just one piece of the compliance puzzle. Depending on your setup, you may also need to consider:

• Listening device and conversation recording rules (particularly relevant to audio and phones) under NSW recording laws.
• National privacy obligations if surveillance captures personal information, reflected in your public-facing Privacy Policy and internal practices.
• Customer notice for call centres and service lines, aligning phone prompts and scripts with call recording laws.
• Transparency around camera coverage for both staff and customers, consistent with broader security camera laws.
• Clear, documented rules for company devices, email and internet use via your Workplace Policy suite and BYOD/mobility settings, including expectations about access to employee emails.

If you operate across multiple states, be aware that surveillance laws differ. This guide focuses on NSW. Build your framework to meet the strictest standard that applies to your locations, or tailor by site where necessary.

Key Takeaways

• The Workplace Surveillance Act 2005 (NSW) allows camera, computer and tracking surveillance, but only with proper written notice, clear policies and compliant practices.
• Give at least 14 days’ notice (unless agreed otherwise), display signage for camera surveillance, and never monitor prohibited areas like bathrooms or change rooms.
• Audio and phone recording raise separate legal issues-align your approach with NSW listening device rules and applicable call recording laws.
• Back up your surveillance practices with a strong policy framework, including a Workplace Surveillance Policy, Acceptable Use/BYOD rules, and a clear Privacy Policy.
• Secure storage, limited access and sensible retention periods are essential-only use surveillance data for legitimate business purposes and keep audit trails.
• Train managers and staff, keep records of notices and acknowledgements, and review your approach regularly to stay compliant as your business evolves.

If you’d like a consultation on designing or updating a compliant workplace surveillance framework for your NSW business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.