KEY TAKEAWAYS:
- the types of workplace surveillance – such as wearable cameras, fingerprint or eye scanners, employee activity or logging monitoring – has exploded since COVID and with rapid advances in technology
- employers have a responsibility to provide a safe workplace and safeguard their employees’ right to privacy
- it is helpful for workplace investigators to:
- be aware of the types of surveillance potentially in use in workplaces so they can request access and assess the evidence
- comply with relevant federal and state-based laws, on privacy and workplace surveillance, as well as enterprise agreements and workplace policies detailing how data can be collected, shared and used
- workplace surveillance and privacy are currently the subject of legislative reform, with the Victorian Parliament inquiring into workplace surveillance, while the Senate is considering a Bill to amend Australia’s Privacy Act 1998 to bring it “into the digital age” – both of which are likely to have significant implications for employers and workplace investigators.
“What the ancients knew as ‘eavesdropping’ we now call ‘electronic surveillance’; but to equate the two is to treat man’s first gunpowder on the same level as the nuclear bomb. Electronic surveillance is the greatest leveller [sic] of human privacy ever known1.”
Workplace surveillance is an effective way for employers to keep a watchful eye over what is happening in their workplaces, from safeguarding the health and safety of employees, to preventing fraud and monitoring performance.
However, in an age where technology is evolving faster than the law, striking an acceptable balance between surveillance and privacy is critical for employers, and by extension workplace investigators tasked with investigating workplace misconduct captured by surveillance.
This article looks at the types of surveillance technologies now available, legislation governing workplace surveillance, and new national privacy reforms.
Forms of surveillance
In recent times, fixed CCTV footage was arguably the most valuable form of direct, corroborative evidence available to employers and investigators when assessing workplace complaints. Now, there are many forms of electronic surveillance available to employers.
Below are some examples of other types of surveillance used in workplaces:
- vehicle cameras and log records
- mobile phones
- wearable cameras
- drones
- Open-Source Intelligence (OSINT) – the collection and analysis publicly accessible data, such as social media surveillance
- financial surveillance
- web or computer cameras
- GPS tracking or wiretapping, such as Cooperative Intelligent Transport Systems
- monitoring employee use of technology
- algorithmic management – the use of computer-programmed procedures to coordinate labour
- biometric surveillance such as facial recognition, fingerprint or eye scans
- employee activity or logging monitoring such as: monitoring keystrokes; email activity and content flags or warnings; building access such as swipe cards; work logs; and timesheet logs
- neurosurveillance – such as EEG headsets that monitor worker attention and fatigue – is a new frontier for workplace surveillance that poses significant ethical, human rights and legal questions.
It is useful for investigators to stay informed about the types of surveillance technologies used in workplaces, so they:
- know what questions to ask during an investigation to identify the application and existence of this evidence. For example, to determine what surveillance might be available investigators might wish to ask witnesses questions about their workplace environment such as:
- where are cameras located on site? how long before camera footage is wiped or overwritten?
- what materials or equipment were in use or being handled at the time of the incident?
- what type of transport was in use at the time of the incident?
- can request access to and secure a copy of the evidence as soon as possible.
Existing regulatory landscape
Prior to undertaking a workplace investigation, employers and investigators should familiarise themselves with the relevant laws applicable in their jurisdictions, as well as relevant enterprise awards and agreements, and company policies relating to employee surveillance.
Australia’s approach to workplace surveillance is neither simple, nor uniform. The current national Privacy Act 1988 does not specifically cover surveillance in the workplace. Instead it is primarily governed by an intricate and complicated web of state and territory-based legislation (see Table 1 below), enterprise awards and agreements, and employment contracts.
The general position at law is that unless an exception applies, an employer is only authorised to use a surveillance device with employee consent. Given the power dynamics in employer and employee contractual relationships, consent is generally achieved by the employer providing employees with a notice or policy informing them what surveillance measures are in use in the workplace. Any personal information obtained via surveillance must comply with Australian Privacy Principles. Where surveillance is used in prohibited circumstances, employers may be subject to civil or criminal liability.
New South Wales and the Australian Capital Territory already have specific workplace surveillance laws, while the Queensland Government, despite holding an inquiry into its existing surveillance regime, has not progressed recommended legislative reforms.
In response to significant technological advancements, the upsurge in working from home, as well as the heightened focus on human rights and individual privacy protections, some governments are starting to re-examine regulatory approaches to surveillance in the workplace.
A Victorian Parliamentary Committee is currently inquiring into “the extent to which surveillance data is being collected, shared, stored, disclosed, sold, disposed of and otherwise utilised in Victorian workplaces”. In addition to reporting on how surveillance impacts individuals, the Committee will also report on the impact of surveillance on workplace culture.
Professor John Howe from the Centre for Employment and Labour Relations Law, Melbourne Law School, University of Melbourne, told a public hearing hosted by the Economy and Infrastructure Standing Committee that “the explosion in collection of data, sharing of data, surveillance mechanisms enabled by technological changes and then algorithmic management techniques” had resulted in “extensive misuse of a lot of this data, in surveillance and in management techniques”.
Professor Howe went on to say that he had been involved in a recent study examining to what extent parties to enterprise agreements had introduced clauses “to allow the legitimate collection of data and use of surveillance and management with safeguards for the protection of employee interests”.
“We found in a study over the last two years in nine industries that less than five per cent of those agreements contain clauses addressing and managing workplace surveillance. I think that is another example of where there is a lag between the development of these mechanisms and regulatory responses, whether they are at the government level or at the level of the parties.”
The Committee is due to report its findings and recommendations to the Victorian Parliament no later than 31 March 2025.
National privacy law reforms
In September 2024, the Australian Government introduced the Privacy and Other Legislation Amendment Bill 2024 to amend Australia’s Privacy Act in line with recommendations from a 2023 review, to “bring it into the digital age”.
According to the Bill’s Explanatory Memorandum: “the Privacy Act has not kept pace with Australians’ widespread adoption and reliance on digital technologies, which increases the risks that personal data will be subject to misuse or mishandling, including through data breaches, fraud and identity theft, unauthorised surveillance and other significant online harms”.
The Bill, which is currently before the Senate, introduces a new statutory tort to allow an individual to take action against another person if that person invaded their privacy “by intruding upon their seclusion or misusing information relating to them”, and a series of measures to increase transparency and certainty regarding the handling of personal information for individuals and entities.
Employer concerns with reforms
National employer advocacy body, Ai Group, was one of 66 individuals and organisations to make a submission to the recent Senate Standing Committee on Legal and Constitutional Affairs inquiry into the Bill. In its submission the Ai Group, which represents about 60,000 employers, believes many of the changes will “unreasonably constrain employers…from the legitimate collection, use, disclosure and storage of workers’ information”.
“The introduction of the statutory tort is unnecessary given that an employer’s reasonable monitoring or use of employees’ information in connection with work, including in areas of ‘seclusion’ is already comprehensively regulated by state and territory surveillance legislation. Monitoring and surveillance has long been acknowledged by legal decision-makers as being a legitimate practice, particularly in the context of managing conduct and performance, as a pro-active step to prevent unlawful workplace behaviours in the virtual workplace environment and to ensure the health and safety of workers and the community.”
The Senate Committee that scrutinised the Bill recommended a number of changes related to children’s privacy provisions, media organisations and one specifically addressing concerns raised by employers about automated decision-making (ADM) systems. Specifically the Committee recommended that “the level of information required in privacy policies is not expected to compromise commercial-in-confidence information” related to ADM systems.
Subject to the Federal Government adopting the proposed amendments, the Committee recommended the Senate pass the Bill. As at 28 November 2024, the Bill remained before the Senate.
Table 1. Civil surveillance laws in Australian states and territories
Location | Relevant legislation |
Commonwealth | Surveillance Devices Act 2004 (Cth) Telecommunications (Interception and Access) Act 1979 (Cth) Privacy Act 1988 (Cth) (note: A Bill proposing major changes to the Privacy Act (Privacy and Other Legislation Amendment Bill 2024) is currently before the Australian Parliament |
Queensland | Invasion of Privacy Act 1971 (Qld) s 43(1). |
Victoria | Surveillance Devices Act 1999 (Vic) Surveillance Devices Regulations 2016 (Vic) |
New South Wales/ ACT | Workplace Surveillance Act 2005 (NSW) Surveillance Devices Act 2007 (NSW) Surveillance Devices Regulation 2014 (NSW) Listening Devices Act 1992 (ACT) Workplace Privacy Act 2011 (ACT) |
Northern Territory | Surveillance Devices Act 2007 (NT) Surveillance Devices Regulations 2008 (NT) |
South Australia | Surveillance Devices Act 2016 (SA) Surveillance Devices Regulations 2017 (SA) |
Western Australia | Surveillance Devices Act 1988 (WA) Surveillance Devices Regulations 1999 (WA) |
Tasmania | Listening Devices Act 1991 (Tas) Listening Devices Regulations 2014 (Tas) |
1 Douglas J of the Supreme Court (USA) Miller v TCN Channel Nine (1988) 36 Crim R 92, 94 (Finlay J).
More information
Q Workplace Solutions’ team of experienced and legally qualified investigators are trusted by public and private organisations, including ASX-listed companies and government departments, to investigate complex and often highly sensitive allegations of employee wrongdoing. They also undertake reviews of organisations, divisions or units, and provide training, coaching and external advisory support to internal investigators and teams.
