Workplace Surveillance Laws in Australia: What Employers Need to Know

Monitoring what happens in your workplace can feel essential - from discouraging theft to managing cyber risks and ensuring safety. But workplace surveillance laws in Australia are strict, and getting it wrong can lead to significant penalties and reputational harm.

In this guide, we break down how workplace surveillance works across Australia, what you can and can’t monitor, and the steps to roll out surveillance lawfully and respectfully. Our focus is on helping small businesses put clear, compliant systems and policies in place so you can protect your business without overstepping the law.

What Counts As Workplace Surveillance?

Workplace surveillance typically covers any monitoring of employees in the course of their work. Common types include:

• CCTV and other camera monitoring in the workplace (video without audio)
• Computer, internet and network monitoring (including keystrokes, browsing, email, file access, and system logs)
• Telephone or call recording for quality assurance or training
• GPS tracking (for vehicles or devices)
• Audio recording (generally far more restricted than video)

Many businesses use more than one method. The key is to understand how each method is regulated, give the right notices, and embed the rules in clear workplace policies.

Which Laws Apply To Workplace Surveillance?

Australia doesn’t have a single, uniform workplace surveillance law. Instead, a patchwork of state and territory laws and the federal Privacy Act can apply - plus employment law obligations. Here’s the big picture.

State And Territory Surveillance Laws

Most jurisdictions regulate “surveillance devices” (think listening, optical, tracking and data surveillance devices). NSW and the ACT go further with specific workplace surveillance legislation.

• NSW: The Workplace Surveillance Act 2005 sets strict rules for camera, computer and tracking surveillance in workplaces. Generally, you must provide at least 14 days’ written notice and clear signage for overt surveillance. Covert surveillance usually requires a magistrate’s authority and is only permitted in limited circumstances (e.g. suspected unlawful activity).
• ACT: The Workplace Privacy Act 2011 works similarly to NSW, with notice, signage and limits on covert monitoring.
• Other states/territories: Listening and optical surveillance is regulated under Surveillance Devices Acts. Audio recording of private conversations is typically prohibited without consent. Covert filming is usually restricted. The exact rules vary, so it’s important to check the local Act before implementing a new monitoring method.

If you use cameras, make sure your approach aligns with general security camera laws in Australia and specific obligations in the state or territory where you operate.

Privacy Act 1988 (Cth)

The Privacy Act applies to “APP entities.” Many small businesses with under $3 million annual turnover are exempt, but there are important exceptions (for example, if you provide health services or trade in personal information).

Even if you’re exempt, privacy best practice still matters, and some surveillance activities will capture personal information about staff, customers or visitors. A clear, compliant Privacy Policy helps you explain what you collect, why, how it’s stored, and who it’s shared with.

Remember, the “employee records” exemption for private sector employers is narrow. It only covers certain employee records once they exist and only for acts directly related to the employment relationship. It doesn’t cover job applicants, contractors, or broader surveillance of your premises and systems.

Employment Law Considerations

Surveillance sits within your broader duties as an employer - including work health and safety, consultation obligations (e.g. under an enterprise agreement or policy), and fair treatment.

It’s good practice to embed surveillance rules in your broader Workplace Policy suite and to communicate them consistently during onboarding and training.

What Can You Monitor - And What’s Off Limits?

The “can we do this?” question depends on the method, where it occurs, and whether you’ve followed the right process. Below are common scenarios for small businesses.

CCTV In The Workplace

CCTV is widely used for safety and security. Generally, it’s lawful if it’s overt (clear signage, reasonable placement), and you’ve provided required notice (e.g. in NSW/ACT). Avoid cameras in areas where people reasonably expect privacy (e.g. bathrooms, change rooms).

If you’re weighing up video monitoring, review the practical limits in are cameras legal in the workplace and mirror those principles in your policy and signage.

Computer, Network And Email Monitoring

Monitoring work devices and systems is generally permitted where it’s disclosed, reasonable and tied to a legitimate business purpose (security, compliance, productivity, IP protection). In NSW and the ACT, “computer surveillance” has specific notice and policy requirements.

Be especially careful with private or personal communications. If personal use of work systems is allowed, make the boundaries crystal clear. If you intend to monitor emails or usage logs, give staff upfront notice and provide a lawful basis for doing so. For further context, see guidance on employer access to employee emails.

Audio Recording (Listening Devices)

Audio recording attracts stricter controls across Australia. Recording a private conversation without consent is generally unlawful, and even with consent you may face limitations depending on location and circumstances.

In practice, avoid always-on audio recording. If you plan to record calls for training or compliance, follow call recording rules carefully (e.g. pre-call notice, consent where required) and consult the principles in business call recording laws.

GPS And Location Tracking

Tracking company vehicles and devices is common. It’s usually allowed where you’ve provided clear notice, the purpose is legitimate and proportionate, and you’ve complied with any state-specific requirements for “tracking surveillance.” Communicate how and when tracking occurs, and how data will be used.

BYOD And Remote Work

Monitoring personal devices used for work (Bring Your Own Device) is high risk. If you permit BYOD, set strict boundaries on what you will monitor, and consider mobile device management solutions that protect business data without intruding on the employee’s personal information.

When staff work from home, the same rules apply - but the privacy expectations can feel higher. Clear notice, limited scope and reasonable use are key.

How To Roll Out Workplace Surveillance Legally (Step By Step)

If you’re implementing surveillance or tightening your current approach, a structured process will help you stay compliant and build trust with your team.

1) Map Your Use Cases And Risks

• List the problems you’re trying to solve (e.g. shrinkage, cyber risk, safety incidents, quality control).
• Identify the surveillance tools that address those needs with the least intrusiveness.
• Record the legal basis and limits for each method (notice, consent, signage, restricted areas, retention periods).

2) Draft Or Update Your Policies And Notices

• Create or update a Workplace Surveillance or Monitoring Policy (often part of a broader Workplace Policy suite).
• Ensure your Privacy Policy explains relevant data collection, storage and disclosure.
• Add an Acceptable Use Policy to set expectations for devices, email, internet and apps.
• Embed security obligations in an Information Security Policy so technical controls and monitoring align with your legal approach.
• Prepare signage for CCTV and any other overt surveillance, and ensure it’s placed where it’s easily seen.

3) Give Proper Notice (And Get Consent Where Required)

In NSW and the ACT, provide written notice (often at least 14 days) before starting workplace surveillance. In other states, follow surveillance device laws and any consent requirements (for example, for call recording).

Roll out notices via multiple channels - email, intranet, staff meetings and onboarding packs - and keep records of what you provided and when.

4) Configure Systems To Minimise Intrusion

• Disable audio recording unless you have a very clear legal basis and consent.
• Limit monitoring to what’s necessary (e.g. categories of logs, metadata vs. content).
• Restrict access to surveillance data on a need-to-know basis.
• Set reasonable retention periods that match your risk and legal obligations. If you’re unsure, consider the principles in Australia’s data retention laws discussion.

5) Train Your Team And Managers

Policies only work if people understand them. Train managers on when and how they can access surveillance data, and train staff so they know what’s monitored and why. Keep the focus on safety, security and respect.

6) Review Regularly

Technology, laws and your business needs will change. Schedule regular reviews to check that your surveillance remains legal, proportionate and effective. Update policies, notices and signage as needed.

Common Pitfalls To Avoid

Most compliance issues arise from the same handful of mistakes. Here’s what to watch for.

Insufficient Notice Or Signage

Failing to provide proper notice (including the lead time in NSW/ACT) or clear signage for cameras is one of the fastest ways to fall foul of workplace surveillance laws. Keep templates ready for new locations and system changes.

Audio Recording Without Consent

Audio is risky. Don’t record private conversations without clear consent and a lawful basis. For call centres or customer service teams, standardise your pre-call notices and stick to them.

Monitoring Private Spaces Or Personal Content

Bathrooms, change rooms and prayer rooms are off limits. Be cautious about monitoring personal content on work systems. If you allow limited personal use, spell out how monitoring applies and avoid unnecessary review of purely personal content.

Unclear Data Governance

Surveillance generates personal information. Without a clear Privacy Policy, access controls and retention rules, you increase your legal and reputational risk - especially after an incident or data breach.

Using Surveillance For New Purposes

Don’t repurpose surveillance data for unrelated aims (e.g. tracking productivity minute-by-minute if you originally implemented it for safety). If your purpose changes, update your notices and policies first.

Essential Documents To Support Lawful Surveillance

Strong documents make surveillance transparent and defensible. Most small businesses will benefit from the following.

• Workplace Surveillance/Monitoring Policy: Explains what’s monitored (cameras, IT systems, GPS), why, where, and how data is handled. This can sit within your broader Workplace Policy framework.
• Privacy Policy: Tells staff, customers and visitors how you collect, use and store personal information captured through surveillance and other systems. Link to your Privacy Policy from onboarding materials and your website.
• Acceptable Use Policy: Sets the rules for business devices, email, internet, cloud apps and personal use boundaries so monitoring expectations are clear from day one. Consider a formal Acceptable Use Policy for all staff.
• Information Security Policy: Aligns technical monitoring with security controls (access management, logging, incident response and encryption). An Information Security Policy helps ensure surveillance data is protected.
• Onboarding And Acknowledgment Forms: Capture consent where required (e.g. call recording), and confirm staff have read and understood your policies.
• Signage And Notices: Standard templates for CCTV and monitoring notices that meet state/territory requirements and can be updated quickly.

If you operate in multiple states or have mixed environments (e.g. warehouses, retail storefronts and remote workers), tailor your documents and signage to each context.

Frequently Asked Questions

Can We Monitor Personal Devices (BYOD)?

You can set conditions for using personal devices for work, but be careful. Limit monitoring to business apps and data. Spell out exactly what’s monitored and why, and consider offering a company device if staff aren’t comfortable with BYOD terms.

Can We Read Employee Emails?

Access may be lawful in certain circumstances if you’ve given clear notice, have a legitimate purpose, and follow the rules in your state or territory. Build guardrails in your policies and see our overview of employer access to employee emails for practical considerations.

Is Covert Surveillance Ever Allowed?

Sometimes, but it’s tightly controlled. In NSW, covert workplace surveillance typically requires a magistrate’s authority and is limited to investigating suspected unlawful activity. If you suspect serious misconduct, seek legal advice before taking any steps.

How Long Should We Keep Surveillance Footage Or Logs?

Keep it only for as long as you reasonably need it for the stated purpose or to meet legal requirements. Set specific retention periods (e.g. 30, 60 or 90 days) and apply exceptions for incidents or investigations. Align your approach with principles discussed under Australian data retention laws.

Key Takeaways

• Workplace surveillance in Australia is regulated by state and territory surveillance laws, with NSW and ACT imposing specific workplace rules on notice, signage and covert monitoring.
• Audio recording is far more restricted than video - obtain consent where required and avoid blanket audio monitoring.
• If you monitor computers, networks, emails or GPS, give clear written notice, define lawful purposes, and configure systems to minimise intrusion.
• Support your program with clear documents: a Workplace Surveillance Policy, a public-facing Privacy Policy, an Acceptable Use Policy, and an Information Security Policy, plus appropriate signage.
• Place cameras only in appropriate areas and follow practical limits set out in guidance on cameras in the workplace and security camera laws.
• Review your surveillance regularly to ensure it remains proportionate, lawful and aligned with your business needs.

If you’d like a consultation on workplace surveillance laws for your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.