- within Employment and HR topic(s)
- with Senior Company Executives, HR and Finance and Tax Executives
- in United States
- with readers working within the Basic Industries, Business & Consumer Services and Consumer Industries industries
With the new year underway, employers with workplaces in Victoria should start considering the potential impact of the workplace surveillance reform on their business. This matter is firmly on the State Government's legislative agenda, following its announcement of support for stronger workplace privacy protections late last year.
After a State parliamentary inquiry into workplace surveillance, the Government has recently tabled its formal response, providing in principle support for 15 of the inquiry's 18 recommendations, with the remaining three recommendations still being considered.
The recommendations propose sweeping legislative changes including the introduction of obligations on employers to justify surveillance as reasonable and proportionate, provide advance notice and consultation, maintain dedicated workplace surveillance policies, and strengthen data security and privacy protections. They also call for restrictions on covert surveillance, mandatory human review of automated decisions, and enhanced oversight by a dedicated regulator.
In this Insight, we explore the key proposals the Victorian Government supports and discuss the implications for entities with a workplace in Victoria, encompassing both public and private entities, as well as international and domestic organisations, as they prepare for significant changes to the regulatory landscape in Victoria.
Background to the inquiry
The growing surveillance apparatus of the modern workplace, driven by rapid and unprecedented technological advancements and an increasing shift towards work-from-home/remote working environments – combined with the absence of dedicated workplace surveillance legislation in Victoria - prompted the Victorian Government last year to commission an inquiry to review current workplace surveillance practices and recommend reforms.
The inquiry culminated in the Legislative Assembly's Economy and Infrastructure Committee (Committee) tabling a report (Report) to the Parliament of Victoria in May 2025. The Report made 29 findings and 18 recommendations, concluding that workers are increasingly being subjected to surveillance and that Victorian laws were failing to keep pace with modern surveillance practices.
While the Committee recognised that there might be legitimate reasons for employers to undertake workplace surveillance - including where it relates to improving workplace safety, recording workplace injuries or incidents, monitoring the use of resources and property, and detecting fraud and theft - it also found that many employers were improperly deploying surveillance in an opaque fashion or for collateral purposes (such as performance management).
In this regard, the Report identified significant regulatory gaps compared to other jurisdictions. Presently, Victorian employers are generally not legally mandated to notify employees that they are subject to workplace monitoring, which - according to the Committee - has resulted in a problematic lack of transparency about how employers obtain and use workers' personal data.
The Committee observed that the growing prevalence of novel, intrusive and/or surreptitious surveillance techniques - such as keystroke tracking, collection of biometric data, computer usage monitoring software, wearable trackers, neurotechnology and artificial intelligence - posed risks to privacy and potentially undermined workers' trust in their relationships with employers.
Accordingly, the Committee proposed addressing these identified gaps under a "principles-based, technology-neutral framework" to regulate surveillance "wherever work occurs".
Government response
In response to the Report, the Victorian Government declared its "in-principle" support for 15 of the 18 recommendations but stopped short of giving its "full support". This means that while the Government "generally supports the intent or merit of the policy underlining the recommendation", it "does not necessarily support the method for achieving it". The remaining three recommendations still under review are that the Victorian Government amend the Privacy and Data Protection Act 2014 (Vic) to:
- introduce a new Information Privacy Principle, modelled on
Australian Privacy Principle 1.2, that places a positive obligation
on organisations and employers to ensure they comply with the
Information Privacy Principles;
- introduce a mandatory incident notification scheme that
requires organisations to inform affected individuals and the
Office of the Victorian Information Commissioner of a data breach;
and
- extend the privacy protections embedded in the Act to employees in all sectors by requiring employers operating in Victoria who engage in a workplace surveillance activity to comply with the Information Privacy Principles.
The Government will undertake further stakeholder consultation before finalising its approach.
A preliminary issue is what form the changes will take and how they will interact with existing laws. The Response indicated the Government is working to determine the most effective way to implement the Inquiry's recommendations, including whether reforms should be achieved through amendments to existing laws or by introducing a new standalone act. This process will also examine overlaps with current privacy and occupational health and safety legislation to ensure consistency and avoid duplication. The Government has noted that similar obligations already exist in some areas, such as requirements for employers to consult employees in relation to health and safety measures, and these will be factored into the design of the new framework.
Setting that issue aside, the Government outlined its in-principle support for the following key reforms.
| Government support for key proposals |
||
|---|---|---|
|
Reform proposal |
Description |
Government response |
| Positive obligation to ensure reasonable,necessary
and proportionatesurveillance |
A positive obligation on employers to prove, through a documented risk assessment, that any surveillance they conduct is reasonable, necessary and proportionate to achieve a stated legitimate objective. |
The Government will consider legislative options to place an obligation on employers to justify the use of workplace surveillance as reasonable, necessary and proportionate to achieve a legitimate purpose. However, the Response does not necessarily indicate support for a "positive obligation" to prove through a risk assessment that surveillance measures satisfy these requirements. |
| Notification anddisclosure | Requirement for 14 days' written notice before surveillance begins specifying the methods, scope, timing and purpose of surveillance. |
Given the Government supports the principle of notification and disclosure, it seems highly likely that some form of advance notice obligation will be introduced. It is noteworthy that NSW and ACT workplace surveillance legislation mandates 14 days' notice of surveillance, including as to the type, frequency and duration of the surveillance. We expect a similar obligation will feature in the proposed legislation. |
| Consultation | Mandatory employee consultation before workplace surveillance practices are introduced or changed. | While the Government "supports the intent" of this recommendation, it will assess legislative options for implementation, especially given that there are existing consultation requirements under other laws (e.g. OHS laws). |
| Workplace surveillancepolicy | Employers using workplace surveillance must have a dedicated written policy. | The Government agrees it is reasonable to expect that employers should have a written policy addressing workplace surveillance if they use it. This may be achieved through requiring employers to maintain a specific workplace surveillance policy as recommended by the Report, or by incorporating into existing policies. |
| Covert surveillance | No covert surveillance unless the employee is suspected of unlawful activity, the employer has obtained a court order, and an independent surveillance supervisor has been appointed to the case. | While the Victorian Government supports the intent of this recommendation, it also acknowledges that there may be legitimate reasons for surveillance, in certain circumstances such as where there is suspected unlawful behaviour or serious misconduct. Careful consideration will be given to the effectiveness of covert surveillance laws in NSW and the ACT. |
| Third party surveillance | Employers must take all reasonable steps to prevent surveillance of employees by third parties without employee consent. | The Government has flagged further consultation will be undertaken to understand the current nature, extent and purpose of third-party surveillance and reasonable steps that may be taken by employers to prevent this. |
| Data preservation |
Employers must provide employees the following information about workplace surveillance data:
Selling personal or surveillance data to third parties should be prohibited. |
The Government will explore legislative options to implement these measures, and consider how they may interact with other recommendations such as those relating to consultation and policies. The Government will otherwise consider how to prohibit the sale of employees' personal or surveillance data. |
| Biometric data controls | Biometric data should only be used in circumstances where it serves a legitimate purpose, and no less intrusive alternative exists. Biometric data should be included in the definition of "sensitive information" in the Privacy and Data Protection Act 2014 (Vic). | The Government supports stronger regulatory protections for biometric information, noting the sensitivity of this information and the serious individual and societal harms that can arise from its misuse, and will consider this recommendation in consultation with Office of the Victorian Information Commissioner (OVIC) and other impacted stakeholders. |
| Review of decisions | Employers must have a person with delegated authority review any automated decision made using workplace surveillance data that could significantly affect a worker. | The Government considers it to be imperative that automated technologies be used fairly, responsibly, safely and ethically, and recognises the need for workers to have access to a person when decisions are made that affect their rights or work status. This obligation would be especially relevant to the "employee-like" gig economy workers, who have been identified as the cohort most frequently subjected to automated decision making. |
| Appointment of regulator | A regulatory body (potentially OVIC and/or WorkSafe Victoria) should be appointed, with the power to inspect workplaces, investigate and resolve complaints, and prosecute offences | The Government will consider options to enforce compliance with new workplace surveillance laws. The capacity and expertise of existing Victorian agencies to exercise regulatory functions in this space - such as OVIC and WorkSafe Victoria - will be assessed. However, it remains to be seen exactly what powers will be bestowed upon the regulator, or how the regulator will be resourced. |
Implications
While the Government's in-principle support signals a clear direction for reform, the content, form and timing of any changes remain uncertain. Significant work is still required to balance the legitimate needs of employers with the rights of employees and to assess how existing laws already address some of the policy objectives. It appears that further consultation and review will occur before draft legislation or amendments are developed, meaning clarity on next steps may take time.
It is unclear whether the current Government will legislate before or after the Victorian election scheduled for November 2026, and the Opposition has not yet outlined its position.
As such, employers should not assume the recommendations will be adopted in full. However, they should begin considering the following key implications of increased regulation on the digital transformation of the workplace:
- Need to monitor changes. Any business engaging
(or contemplating engagement) in workplace surveillance practices
must actively track developments as the reform process continues.
Legislative consultation periods may open shortly, providing
opportunities to influence the design of new obligations. Staying
informed will help businesses respond quickly and participate
effectively in consultation before a Bill is introduced.
- Transparency will increase. The Government has
committed to strengthening transparency around workplace
surveillance and the use of employee data. Employers should be
prepared to disclose details of their surveillance practices and
explain why surveillance measures have been adopted, what
safeguards are in place, what data is collected, how it is used,
and how employees can access relevant information.
- Risks of continuing certain practices: Some
monitoring methods are likely to attract significant scrutiny as
the debate on workplace surveillance laws progresses. Practices
such as keystroke tracking, activating microphones or cameras on
work devices for remote employees, and collecting biometric data
are expected to be focal points, particularly as remote working
arrangements and more sophisticated digital technologies become
embedded in everyday business operations. Employers should weigh
the operational benefits of these measures against potential
regulatory and reputational risks and consider whether they could
be justified under a future legal framework - especially one that
demands transparency around the surveillance methods used.
- Compliance and Cost Planning. As more onerous
obligations will almost certainly be introduced as part of any
reform, employers will face additional compliance costs, including
updating policies, implementing new systems for data handling, and
training staff. Early consideration of potential resource impacts
and budgeting for compliance measures will help businesses adapt
efficiently as and when reforms take effect.
- Industrial Relations and Disputation Risk. New
surveillance obligations could become a focal point in workplace
disputes and enterprise bargaining. Unions may leverage these
reforms as bargaining tools, seeking stronger protections or
additional commitments beyond legislative requirements. Employers
should anticipate the potential for increased disputation and
consider proactive engagement strategies to manage industrial
relations risks.
- Procurement ramifications. The proposed
changes may necessitate the review and renegotiation of commercial
terms with suppliers and/or customers, particularly in sectors such
as IT and software. The proposed obligation to take reasonable
steps to minimise third party surveillance may warrant
considerations of potential contractual obligations on service
providers to refrain from or limit the use of surveillance
technologies. To the extent that external firms are relied upon for
the storage of employee data and records (such as payroll providers
warehousing time and attendance data), considerations may need to
be given to whether existing measures would be sufficient or
whether additional measures would be required to ensure the
security of that data. These considerations should be made in
tandem with other obligations an organisation may have regarding
data security under other legislation.
- Impacts on existing compliance measures. As noted in the Report, workplace surveillance has legitimate purposes, including ensuring compliance. Indeed, employers are subject to a range of legal obligations the discharge of which may warrant the surveillance of employees: duties to ensure occupational health and safety as far as reasonably practicable (including monitoring the health of employees), the positive duty to take reasonable and proportionate measures to eliminate sexual harassment, and obligations to correctly pay employees for their hours worked in accordance with their minimum entitlements. To the extent surveillance is deployed to facilitate compliance with these obligations (noting that surveillance is defined broadly to cover all purposeful monitoring of a person, place or object to obtain information and/or influence the behaviour of the person being monitored, whether it is overt or covert), a balanced approach will need to be taken to ensure that employee privacy protections are also respected.
Overall, it remains to be seen what regulatory approach the Victorian Government ultimately adopts. However, what is clear is the Government is now committed to implementing significant legislative changes which we expect to have far-reaching consequences across all businesses with a workplace in Victoria.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
 |
 |
| Lawyers Weekly Law firm of the year
2021 |
Employer of Choice for Gender Equality
(WGEA) |
