Internet and Email Acceptable Use Policy (Australia)

A Social Media Policy is a formal workplace policy document that sets out the rules, responsibilities and standards governing the use of social media by employees and other workers engaged by an organisation, both in a professional capacity (on company accounts) and on personal accounts during and outside work hours. An Australian Social Media Policy must be consistent with the Fair Work Act 2009 (Cth), Privacy Act 1988 (Cth), and applicable anti-discrimination and defamation laws. What Is a Social Media Policy? A Social Media Policy (also referred to as a social networking policy, digital media policy, or online conduct policy) is a written workplace document that defines an organisation's expectations and requirements for how its employees use social media in connection with their employment. The policy applies to all social media platforms — including LinkedIn, Facebook, Instagram, X (formerly Twitter), TikTok, YouTube, Reddit, personal blogs, online forums, review sites and messaging platforms — and covers both authorised professional use of the organisation's social media channels and the personal social media activity of employees to the extent it connects to the employment relationship. In Australia, the relationship between social media and employment law has developed significantly through Fair Work Commission decisions. The Commission has consistently held that social media posts made outside of work hours can provide a valid reason for disciplinary action — including termination — if the content has a sufficient connection to the employment relationship, damages the employer's reputation, disrupts workplace harmony, undermines trust and confidence, or constitutes workplace bullying or harassment. When Is a Social Media Policy Needed? An Australian Social Media Policy is needed in the following circumstances: - For any organisation with employees who use social media in connection with their work, whether on company accounts or in ways that reference the organisation, colleagues, or clients; - When the organisation's operations involve employees who have access to confidential business or client information that could potentially be shared on social media; - When the organisation is required to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles in relation to the handling of personal information about clients, customers or employees; - When the organisation wants to establish clear standards for professional use of company social media accounts, including who is authorised to post and what approval processes apply; - When the organisation wants to address the risk of employees making defamatory, discriminatory or harassing statements on social media that could expose the organisation to legal liability; - As part of a broader suite of workplace policies addressing conduct, confidentiality, and the use of company resources. Key Elements of an Australian Social Media Policy A comprehensive and legally sound Australian Social Media Policy should include the following elements: 1. Organisation identification: The full legal name, ABN, and principal address of the organisation, together with the name of the policy owner and the effective and review dates. 2. Scope and application: A clear statement of who the policy applies to (including employees, contractors, volunteers and other engaged workers) and the social media platforms and channels covered. 3. Professional use rules: Standards governing the use of official company social media accounts, including who is authorised to post, what content approval processes apply, how client or customer complaints are to be managed online, and how the organisation's brand and intellectual property are to be used. 4. Personal use rules: Standards governing employees' personal social media use, both during and outside work hours. Under Fair Work Commission decisions including O'Keefe v Williams Muir's Pty Ltd [2011], Linfox Australia Pty Ltd v Glen Stutsel [2012], and subsequent decisions, out-of-hours social media conduct can constitute a valid reason for dismissal where it has a sufficient nexus to the workplace. 5. Confidentiality obligations: A clear definition of what constitutes confidential information and an express prohibition on disclosing any such information through social media channels, consistent with the employee's contractual confidentiality obligations and the Privacy Act 1988 (Cth). 6. Privacy obligations: Requirements consistent with the Australian Privacy Principles under the Privacy Act 1988 (Cth), including prohibitions on posting personal information about colleagues, clients or third parties without their consent. 7. Adverse action protections: The policy should acknowledge that it does not seek to prohibit the exercise of any workplace right under the Fair Work Act 2009 (Cth), including the right to make a complaint (s 340) or to participate in industrial activities. 8. Breach and consequences: Examples of prohibited conduct and a clear statement of the range of disciplinary consequences, up to and including termination for serious breaches. 9. Reporting procedure: A mechanism for employees to report concerns about social media conduct by others, with confidentiality protections. 10. Employee acknowledgement: A signed acknowledgement confirming the employee has read and understood the policy. This template is designed for use across all Australian states and territories, including New South Wales, Victoria, Queensland, Western Australia, South Australia, Tasmania, the Australian Capital Territory, and the Northern Territory.

A Working from Home Policy is a formal workplace document that sets out the rules, responsibilities, and standards governing remote work arrangements for employees of an Australian organisation. The policy must address the employer's obligations under the Fair Work Act 2009 (Cth) — including the right to request flexible working arrangements under s 65 — as well as the Work Health and Safety Act 2011 (Cth) duty of care that extends to home-based workplaces, the Privacy Act 1988 (Cth), and applicable state workers' compensation legislation. What Is a Working from Home Policy? A Working from Home Policy (also referred to as a remote work policy, WFH policy, or flexible working policy) is a written workplace document that defines an organisation's approach to working from home arrangements, including who is eligible, how arrangements are requested and approved, what obligations apply to employees working from home, and the circumstances in which arrangements can be varied or terminated. In Australia, the policy must address three distinct legal dimensions: the employee's right to request flexible working arrangements under the Fair Work Act 2009 (Cth); the employer's ongoing duty of care for the safety of the home workplace under the Work Health and Safety Act 2011 (Cth); and data security and privacy obligations that apply to remote work under the Privacy Act 1988 (Cth). When Is a Working from Home Policy Needed? An Australian Working from Home Policy is needed in the following circumstances: - For any organisation that permits or is considering permitting employees to work from home, whether on a regular basis or in emergency situations; - When employees have exercised or intend to exercise the right to request flexible working arrangements under the Fair Work Act 2009 (Cth) s 65; - When the organisation has obligations under the Work Health and Safety Act 2011 (Cth) to ensure the safety of employees working from home, including the need to conduct workspace risk assessments; - When employees are working from home and accessing the organisation's IT systems, making data security and privacy obligations under the Privacy Act 1988 (Cth) relevant; - When the organisation needs clear guidance on expense reimbursement, equipment provision, working hours, and performance expectations for remote workers; - When the organisation needs to address workers' compensation coverage for injuries sustained in the home workplace. Key Elements of an Australian Working from Home Policy A comprehensive and legally sound Australian Working from Home Policy should include the following elements: 1. Eligibility: Clear criteria for which employees and roles are eligible for WFH arrangements, and any exclusions (such as employees on probation or in roles that require on-site presence). 2. Application process: The process for requesting, approving, and documenting WFH arrangements, consistent with the Fair Work Act 2009 (Cth) s 65A requirement to respond within 21 days. 3. WHS obligations: The employer's duty of care under the Work Health and Safety Act 2011 (Cth) s 19 as it applies to home workplaces, including workspace assessment requirements, hazard identification, and incident reporting. 4. Equipment and IT provision: What the organisation will provide versus what the employee is responsible for, and the rules for using organisation-provided equipment at home. 5. Working hours and communication: Expected working hours, availability requirements, communication protocols, and core hours. 6. Expense reimbursement: What additional expenses the organisation will and will not reimburse, and reference to ATO guidance on home office deductions. 7. Data security: Obligations for protecting confidential information and personal data when working from home, consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. 8. Workers' compensation: Clarification of coverage for work-related injuries occurring at the approved home workplace. 9. Performance management: How performance will be managed and measured for remote workers. 10. Termination of WFH: The circumstances in which the organisation or the employee may bring the WFH arrangement to an end. This template is designed for use across all Australian states and territories, including New South Wales, Victoria, Queensland, Western Australia, South Australia, Tasmania, the Australian Capital Territory, and the Northern Territory.

An Employee Confidentiality Agreement is a written contract between an employer and an employee that defines the employee's obligations to protect the employer's confidential information — including trade secrets, client lists, proprietary technology, and business strategies — both during and after their employment. In Australia, the legal framework governing employee confidentiality obligations is multi-layered, drawing on equity, contract law, statutory duties, and intellectual property legislation. The foundational basis for employee confidentiality in Australian law is the equitable duty of confidence. Under this doctrine — developed through cases such as Coco v A N Clark (Engineers) Ltd [1969] RPC 41 (applied extensively in Australian courts) and Moorgate Tobacco Co Ltd v Philip Morris Ltd (No 2) (1984) 156 CLR 414 (High Court of Australia) — information is protected in equity if it is of a confidential nature, was imparted in circumstances giving rise to an obligation of confidence, and unauthorised use would be detrimental to the party who communicated it. During employment, this equitable duty applies alongside contractual confidentiality obligations. The Corporations Act 2001 (Cth) section 183 imposes a statutory duty on company officers and employees not to improperly use information obtained in that capacity to gain an advantage for themselves or anyone else, or to cause detriment to the corporation. This provision applies to all officers and employees of corporations and supplements both equitable and contractual duties. The Fair Work Act 2009 (Cth) also shapes the employment relationship within which confidentiality obligations operate. Confidentiality clauses in employment contracts must not be so broad or oppressive as to constitute a harsh, unjust, or unreasonable term, nor should they prevent employees from exercising their National Employment Standards (NES) entitlements or rights under applicable Modern Awards or Enterprise Agreements. The Fair Work Act's unfair dismissal and general protections provisions (Part 3-1) also limit the circumstances in which an employer can discipline an employee for alleged breach of confidentiality. Post-employment confidentiality obligations — sometimes called restraints or non-disclosure obligations in the post-employment period — are enforceable in Australia provided they are reasonable in scope and duration, limited to genuinely confidential information (not general skills or knowledge acquired during employment), and serve a legitimate business interest of the employer. Australian courts and tribunals regularly scrutinise post-employment confidentiality clauses, and an obligation that is too broad in scope, covers too long a period, or purports to protect information that is not genuinely confidential may be reduced or declared void as an unreasonable restraint of trade. Intellectual property created by employees in the course of their employment is addressed by specific Australian legislation. Under the Copyright Act 1968 (Cth) section 35(6), copyright in a work made by an author in pursuance of the terms of their employment under a contract of service or apprenticeship vests in the employer unless the contract of service otherwise provides. Under the Patents Act 1990 (Cth), an employee's invention made in the course of their employment will generally be owned by the employer where the invention is made in the course of the employee's normal duties. An Employee Confidentiality Agreement often includes an express IP assignment clause to make these obligations clear and to extend them where the legislation may not automatically apply. The whistleblower protection regime in Australia is critically important. Under Part 9.4AAA of the Corporations Act 2001 (Cth) and the Public Interest Disclosure Act 2013 (Cth), employees who make protected disclosures about suspected misconduct, breaches of law, or other specified matters are entitled to legal protection and cannot be subject to detriment for making such disclosures. A confidentiality agreement cannot prevent or penalise an employee from making a protected whistleblower disclosure — any attempt to do so would be void and may expose the employer to penalties. The remedies available to employers for breach of employee confidentiality obligations include injunctive relief (to prevent ongoing or threatened disclosure), an account of profits (to recover gains made by the employee from the unauthorised use of confidential information), compensatory damages (to recover quantified losses), and, where expressly provided for in the agreement, liquidated damages (a pre-agreed sum per breach, provided it is a genuine pre-estimate of loss and not a penalty). An Employee Confidentiality Agreement is most effective when it is signed at the commencement of employment, is clearly worded, is reasonable in scope and duration, and is part of a broader employment framework that includes training on confidentiality obligations and appropriate data security procedures.

An Australian Workplace Bullying and Harassment Prevention Policy is a formal policy document in which an employer commits to preventing bullying, harassment, and related psychosocial hazards in the workplace. It sets out the legal obligations of the organisation under Australian law, defines the conduct expected of all workers, establishes a clear reporting and investigation procedure, and ensures that workers affected by bullying or harassment receive appropriate support and access to a fair resolution process. The primary legislative framework governing workplace bullying in Australia comprises the Fair Work Act 2009 (Cth) anti-bullying provisions and the Work Health and Safety Act 2011 (Cth) (WHS Act) psychosocial hazard obligations. Under ss 789FC to 789FI of the Fair Work Act 2009 (Cth), a worker who reasonably believes they have been bullied at work may apply to the Fair Work Commission (FWC) for an order to stop the bullying. Section 789FD defines bullying at work as repeated unreasonable behaviour by an individual or group of individuals towards a worker that creates a risk to health and safety. The definition expressly excludes reasonable management action carried out in a reasonable manner. The WHS Act 2011 (Cth) provides an additional layer of obligation. Under s 19, a person conducting a business or undertaking (PCBU) must ensure, so far as is reasonably practicable, the health and safety of workers. Safe Work Australia has published the model Code of Practice: Managing Psychosocial Hazards at Work (2022) which identifies workplace bullying and harassment as recognised psychosocial hazards that employers must systematically identify, assess, and control. Psychosocial hazards can cause psychological harm, which the WHS Act recognises as a form of harm just as serious as physical injury. A further dimension was added by the Anti-Discrimination and Human Rights Legislation Amendment (Respect@Work) Act 2022 (Cth), which inserted s 47C into the Sex Discrimination Act 1984 (Cth) with effect from 12 December 2022. This provision imposes a positive duty on employers to take reasonable and proportionate measures to eliminate, as far as possible, sexual harassment, sex-based harassment, and conduct that creates a hostile workplace environment on the ground of sex. The Australian Human Rights Commission (AHRC) has been given enforcement powers in relation to this positive duty and has published a compliance framework across seven standards: leadership, culture, knowledge, risk management, support, reporting and response, and monitoring, evaluation, and transparency. Vicarious liability is a significant risk for employers who fail to take preventive steps. Under the Sex Discrimination Act 1984 (Cth) s 106 and equivalent provisions in other discrimination legislation, an employer is liable for the harassing conduct of its employees unless it can demonstrate that it took all reasonable steps to prevent the conduct from occurring. A well-drafted and actively enforced Bullying and Harassment Prevention Policy, supported by regular training and an accessible complaint procedure, is the primary mechanism for establishing this defence. State and territory WHS legislation — including the Occupational Health and Safety Act 2004 (Vic), the Work Health and Safety Act 2020 (WA), and the WHS Acts in other jurisdictions — impose equivalent or additional obligations in relation to psychosocial hazards. State anti-discrimination Acts also apply to harassment conduct and may provide additional complaint avenues. This policy is suitable for all Australian employers, regardless of size or industry, and should be reviewed at least annually, supported by regular worker training, and actively communicated to all employees and contractors.

An Australian Workplace Health and Safety (WHS) Policy is a formal document in which an employer commits to providing and maintaining a safe and healthy work environment for all workers and others affected by its activities. It sets out the organisation's WHS obligations under Australian law, defines the responsibilities of officers, managers, and workers, and establishes the systems and procedures the organisation will use to identify hazards, assess risks, and implement controls. The primary legislative framework governing WHS in Australia is the Work Health and Safety Act 2011 (Cth) (the WHS Act) and the Work Health and Safety Regulation 2017 (Cth) (the WHS Regulation), developed by Safe Work Australia as model legislation. As of 2026, the model WHS Act has been adopted by the Commonwealth, New South Wales, Queensland, South Australia, the Australian Capital Territory, the Northern Territory, and Tasmania. Victoria and Western Australia have separate but substantially similar legislation (the Occupational Health and Safety Act 2004 (Vic) and the Work Health and Safety Act 2020 (WA)). The central obligation on employers is found in s 19 of the WHS Act. A person conducting a business or undertaking (PCBU) must ensure, so far as is reasonably practicable, the health and safety of workers engaged by or caused to be engaged by the PCBU, and the health and safety of workers whose activities in carrying out work are influenced or directed by the PCBU. The 'so far as is reasonably practicable' qualifier requires the PCBU to weigh the likelihood and severity of a risk against the availability and cost of measures to eliminate or minimise it. Under s 27 of the WHS Act, officers of a PCBU (including directors and senior managers) have a positive duty to exercise due diligence to ensure the organisation complies with its WHS obligations. This includes acquiring and keeping up-to-date knowledge of WHS matters, understanding the operations and associated risks of the business, ensuring the PCBU has appropriate resources and processes to eliminate or minimise WHS risks, and verifying that those resources and processes are being used effectively. Workers also have duties under s 28 of the WHS Act. They must take reasonable care for their own health and safety, ensure their acts or omissions do not adversely affect the safety of others, comply with any reasonable WHS instruction given by the PCBU, and cooperate with any reasonable WHS policy or procedure. The WHS Regulation 2017 (Cth) supplements the WHS Act by providing detailed requirements for managing risks, including the hierarchy of controls: elimination, substitution, isolation, engineering controls, administrative controls, and personal protective equipment (PPE) as a last resort. Employers are required to consult with workers when identifying hazards, assessing risks, and making decisions about controls under Part 5 of the WHS Act. Notifiable incidents — including workplace fatalities, serious injuries or illnesses, and dangerous incidents as defined in ss 35 to 37 of the WHS Act — must be reported immediately to the relevant state or territory WHS regulator. The incident scene must be preserved until an inspector attends or authorises disturbance under s 39 of the WHS Act. Having a documented WHS Policy is a fundamental element of any effective WHS management system. It demonstrates the organisation's commitment to health and safety at the highest level, provides a framework for establishing WHS objectives and responsibilities, and supports compliance with the WHS Act and WHS Regulation. Employers with five or more employees are required to record significant findings of risk assessments in writing under the WHS Regulation. This WHS Policy is suitable for businesses of all sizes across all industries operating in Australia and should be reviewed at least annually, or whenever there is a significant change to operations, personnel, or legislation.