Workplace Privacy and Surveillance

Last Updated: 16 Jan 2005


Australian laws regarding monitoring of employee Internet use

New South Wales

In NSW, the Workplace Surveillance Act 2005 came into effect on 7 October 2005. This Act regulates video surveillance, tracking and computer surveillance including the monitoring or recording of emails and access to internet websites. It requires employers to comply with rules for both overt and covert surveillance. For more information see:

Other States/Territories

In other Australian jurisdictions, as at 16 January 2006, there are no Australian laws preventing or regulating employer monitoring of employees' use of the Internet.

The Commonwealth Privacy Amendment (Private Sector) Act 2000 became effective on 21 December 2001. However, it contains an exemption for "employee records". At most, the Act may require employers to inform employees if their email and/or Net use is being monitored, although even this is questionable.

Regarding the employee records exemption, the Federal Privacy Commissioner's web site states:

"Employee Records Exemption
Employee records are exempt from the operation of the Act if the organisation is or has been an employer of the individual in question and the act or practice is directly related:
  • to a current or former employment relationship between the employer and the individual, and
  • an employee record held by the organisation and relating to the individual.

It is important to note that this exemption does not cover contractors and sub-contractors. Nor does it apply to prospective employees."

Regarding monitoring of employee email, the Sydney Morning Herald reported on 26 June 2001 that:

"One undecided issue is employees' private use of email and the rights of employers to monitor that use.

The Federal Privacy Commissioner, Mr Malcolm Crompton, recently acknowledged that the new law for workplace privacy required interpretation and 'could be difficult to work out'.

While employee records are one of the main exemptions from the Act, Mr Crompton said this only applied to 'records that were part of the employer relationship'. Outside that 'relationship' employers would have to comply with the Act. 'You have to tell staff what you're doing and get their permission,' he said.

Whether employees' private use of email is covered or exempt is open to interpretation, however. 'You could probably make a case that how much they use it and where they go is part of the employer relationship ... but it would be harder to argue that the content of email is part of the employee record'. ..."
(Emails at work a grey area under extended Privacy Act, Sue Lowe, Sydney Morning Herald, 26 June 2001)

EFA Model Acceptable Use Policy for Employee Use of the Internet

EFA has developed a model "Acceptable Use Policy for Employee Use of the Internet" (AUP) and makes it freely available to anyone to copy and adjust for their own workplace needs. The model AUP does not necessarily signify EFA's views about what ought to be "acceptable use" in workplaces; it simply addresses a range of aspects that should be considered in developing an AUP suitable for a particular workplace.