🇦🇺 Australian Workplace Privacy Laws for Employee Monitoring (2026)

Australian workplace surveillance law is more prescriptive than it looks at first glance. New South Wales, Victoria, and the Australian Capital Territory each have explicit workplace-surveillance acts. The remaining states default to the federal Privacy Act 1988 and the Australian Privacy Principles. The patchwork is workable, but only if you understand which rules apply to which of your employees.

This guide is intended for HR leaders and IT managers at Australian organizations rolling out employee monitoring software in 2026. It is not legal advice. Before relying on any of this, retain Australian employment counsel.

The state-by-state baseline

New South Wales: Workplace Surveillance Act 2005

The most prescriptive jurisdiction. The NSW Act covers camera, computer, and tracking surveillance of employees while they are at work. Three core obligations:

• Written notice. Employees must receive at least 14 days' written notice before surveillance begins, including the kind of surveillance, how it will be carried out, when it will start, whether it will be continuous or intermittent, and whether it will be ongoing or for a specified period.
• Computer surveillance policy. If you are monitoring computers, you need a published surveillance policy that employees have notice of. Posting it on the intranet on day one and not telling anyone is not sufficient.
• Restrictions on covert surveillance. Covert surveillance is restricted to specific circumstances and generally requires authorization from a magistrate.

Victoria: Surveillance Devices Act 1999

Less prescriptive than NSW but still significant. The Victorian Act focuses on tracking, listening, and optical surveillance devices. Computer screen monitoring sits in a slightly grayer area than in NSW, but employer best practice converges on the same disclosure requirements.

Australian Capital Territory: Workplace Privacy Act 2011

Similar in structure to NSW, with explicit attention to electronic surveillance. Disclosure and consultation obligations apply.

Queensland, Western Australia, South Australia, Tasmania, Northern Territory

No state-specific workplace surveillance act. Employers operate under the federal Privacy Act and the relevant Fair Work obligations. The Privacy Act still requires that personal information be collected for a clear purpose and that employees be informed of that purpose.

The federal floor: Australian Privacy Principles

The 13 Australian Privacy Principles (APPs) apply to most private-sector employers with more than $3M annual turnover. The relevant ones for monitoring:

• APP 1 requires an up-to-date privacy policy publicly available.
• APP 3 restricts collection to information that is reasonably necessary for your functions and activities.
• APP 5 requires you to notify individuals of collection.
• APP 11 requires reasonable security measures and timely destruction of information no longer needed.

The employee records exemption (the so-called "Employee Records Exemption") provides some flexibility for handling employee personal information in the context of employment, but it is narrower than employers often assume. Monitoring data that is used for purposes beyond direct employment management — for instance, sold to a third party or used to train an AI model — falls outside the exemption.

The practical checklist for AU employers

1. Map your workforce by state. If you have employees in NSW, Victoria, or the ACT, you need state-compliant disclosure. If everyone is in WA, you can rely on federal-only.
2. Publish a surveillance policy. Cover what data is collected, why, who has access, how long it is retained, and how an employee can request access to their own records.
3. Provide the notice period. 14 days minimum in NSW. Two-week notice is good practice everywhere.
4. Restrict access to the data. Treat monitoring data as confidential employee personal information. Audit who can view it.
5. Set retention windows. Indefinite retention is hard to justify under the APPs. 90 to 180 days is the typical defensible window for screenshots.
6. Document the lawful basis for any cross-border transfer. If your monitoring vendor stores data outside Australia, you need APP 8 compliance for the transfer.

What happens if you skip the disclosure step

In NSW the consequences are real. The Office of the Privacy Commissioner can investigate, and the Workplace Surveillance Act creates penalties for non-compliant surveillance. Employees can bring complaints, and unions are now well-versed in the surveillance-related provisions.

Outside NSW the enforcement risk is more diffuse but not zero. The Office of the Australian Information Commissioner takes complaints under the APPs, and the Fair Work Commission has taken adverse-action and unfair-dismissal positions where monitoring was used in a procedurally improper way.

Practical implementation tips

• Send the surveillance notice as a standalone document, not buried in the employee handbook.
• Repeat the disclosure at onboarding for every new hire.
• If you change the surveillance setup — for instance, add multi-screen capture where you previously did single-screen — re-notify.
• Make it easy for employees to opt out of optional features (location tracking outside work hours, for instance) where the lawful basis is consent rather than legitimate interest.

Closing thought

Australian workplace surveillance law is workable, but it rewards careful disclosure and clear policy. The companies that get this right find that compliance is mostly a matter of good documentation, not significant constraints on what they can monitor. DeskTrust ships AU-specific disclosure templates and gives admins the per-employee controls needed to comply with state-by-state variations.