Working from Home Policy (Australia)

An Internet and Email Acceptable Use Policy is a formal workplace document that sets out the rules, standards, and obligations governing the use of an organisation's information technology systems, internet connections, and email accounts by employees and other engaged persons. In Australia, such a policy must be consistent with a complex framework of federal and state/territory legislation, including the Telecommunications (Interception and Access) Act 1979 (Cth), the Privacy Act 1988 (Cth), applicable Surveillance Devices Acts, the Spam Act 2003 (Cth), and the Fair Work Act 2009 (Cth). What Is an Internet and Email Acceptable Use Policy? An Internet and Email Acceptable Use Policy (also referred to as an IT acceptable use policy, computer use policy, or electronic communications policy) is a written workplace document that defines an organisation's expectations and requirements regarding how its IT systems, internet access, and email accounts are to be used. The policy sets out what constitutes acceptable and prohibited use, informs employees of the organisation's monitoring activities, and specifies the consequences of misuse. In Australia, prior written notice of monitoring is required under the NSW Workplace Surveillance Act 2005 and similar legislation, making an acknowledged policy document a critical compliance tool. When Is an Internet and Email Acceptable Use Policy Needed? An Australian Internet and Email Acceptable Use Policy is needed in the following circumstances: - For any organisation that provides employees, contractors, or other workers with access to its IT systems, internet connections, or email accounts; - When the organisation's operations involve employees who handle confidential business information, client data, or personal information that could be disclosed or misused through IT systems; - When the organisation is subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles, and needs to manage data security risks associated with employee internet and email use; - When the organisation wishes to monitor employee internet and email activity for security or compliance purposes, as prior written notice is required under applicable state workplace surveillance legislation; - When the organisation operates in a regulated industry such as financial services, healthcare, or legal services, where IT security and data confidentiality are critical obligations; - As part of a broader suite of workplace policies addressing conduct, data security, and the use of company resources. Key Elements of an Australian Internet and Email Acceptable Use Policy A comprehensive and legally sound Australian Internet and Email Acceptable Use Policy should include the following elements: 1. Organisational details: The full legal name, ABN, and principal address of the organisation, together with the name of the policy owner and the effective and review dates. 2. Scope: A clear statement of who the policy applies to and what IT systems, devices, and services are covered, including company-owned devices, the organisation's network, email accounts, cloud services, and remote access systems. 3. Acceptable use: A clear definition of what constitutes acceptable use of the organisation's IT systems, primarily for business purposes, with any permitted incidental personal use clearly specified. 4. Prohibited use: A specific and comprehensive list of prohibited activities, including accessing illegal or offensive content, downloading unauthorised software, disclosing confidential information, breaching the Spam Act 2003 (Cth), and committing offences under the Criminal Code Act 1995 (Cth). 5. Monitoring disclosure: A prior written notice of the organisation's monitoring activities, including what is monitored, how monitoring data is used, and the data retention period. This satisfies disclosure obligations under the NSW Workplace Surveillance Act 2005 (s 10) and similar legislation. 6. Email standards: Professional communication standards for business email, including obligations under the Spam Act 2003 (Cth) for commercial electronic messages. 7. IT security obligations: Employee security responsibilities including password management, incident reporting, and compliance with security controls. 8. BYOD provisions: If applicable, rules governing personal devices used to access company systems. 9. Consequences: The disciplinary consequences of breaching the policy, including the range of action from warning through to summary dismissal for serious breaches. 10. Employee acknowledgement: A signed acknowledgement confirming the employee has read and understood the policy and consents to monitoring. This template is designed for use across all Australian states and territories, including New South Wales, Victoria, Queensland, Western Australia, South Australia, Tasmania, the Australian Capital Territory, and the Northern Territory.

An Australian Workplace Health and Safety (WHS) Policy is a formal document in which an employer commits to providing and maintaining a safe and healthy work environment for all workers and others affected by its activities. It sets out the organisation's WHS obligations under Australian law, defines the responsibilities of officers, managers, and workers, and establishes the systems and procedures the organisation will use to identify hazards, assess risks, and implement controls. The primary legislative framework governing WHS in Australia is the Work Health and Safety Act 2011 (Cth) (the WHS Act) and the Work Health and Safety Regulation 2017 (Cth) (the WHS Regulation), developed by Safe Work Australia as model legislation. As of 2026, the model WHS Act has been adopted by the Commonwealth, New South Wales, Queensland, South Australia, the Australian Capital Territory, the Northern Territory, and Tasmania. Victoria and Western Australia have separate but substantially similar legislation (the Occupational Health and Safety Act 2004 (Vic) and the Work Health and Safety Act 2020 (WA)). The central obligation on employers is found in s 19 of the WHS Act. A person conducting a business or undertaking (PCBU) must ensure, so far as is reasonably practicable, the health and safety of workers engaged by or caused to be engaged by the PCBU, and the health and safety of workers whose activities in carrying out work are influenced or directed by the PCBU. The 'so far as is reasonably practicable' qualifier requires the PCBU to weigh the likelihood and severity of a risk against the availability and cost of measures to eliminate or minimise it. Under s 27 of the WHS Act, officers of a PCBU (including directors and senior managers) have a positive duty to exercise due diligence to ensure the organisation complies with its WHS obligations. This includes acquiring and keeping up-to-date knowledge of WHS matters, understanding the operations and associated risks of the business, ensuring the PCBU has appropriate resources and processes to eliminate or minimise WHS risks, and verifying that those resources and processes are being used effectively. Workers also have duties under s 28 of the WHS Act. They must take reasonable care for their own health and safety, ensure their acts or omissions do not adversely affect the safety of others, comply with any reasonable WHS instruction given by the PCBU, and cooperate with any reasonable WHS policy or procedure. The WHS Regulation 2017 (Cth) supplements the WHS Act by providing detailed requirements for managing risks, including the hierarchy of controls: elimination, substitution, isolation, engineering controls, administrative controls, and personal protective equipment (PPE) as a last resort. Employers are required to consult with workers when identifying hazards, assessing risks, and making decisions about controls under Part 5 of the WHS Act. Notifiable incidents — including workplace fatalities, serious injuries or illnesses, and dangerous incidents as defined in ss 35 to 37 of the WHS Act — must be reported immediately to the relevant state or territory WHS regulator. The incident scene must be preserved until an inspector attends or authorises disturbance under s 39 of the WHS Act. Having a documented WHS Policy is a fundamental element of any effective WHS management system. It demonstrates the organisation's commitment to health and safety at the highest level, provides a framework for establishing WHS objectives and responsibilities, and supports compliance with the WHS Act and WHS Regulation. Employers with five or more employees are required to record significant findings of risk assessments in writing under the WHS Regulation. This WHS Policy is suitable for businesses of all sizes across all industries operating in Australia and should be reviewed at least annually, or whenever there is a significant change to operations, personnel, or legislation.

Create a legally compliant Full-Time Employment Agreement for Australia. Drafted in accordance with the Fair Work Act 2009 (Cth), the National Employment Standards (NES), and Superannuation Guarantee requirements. Covers position, duties, salary, superannuation at 11.5%, 38-hour week, annual leave (4 weeks), personal/carer's leave (10 days), long service leave, notice periods, probation, confidentiality, and intellectual property assignment.

An Employee Confidentiality Agreement is a written contract between an employer and an employee that defines the employee's obligations to protect the employer's confidential information — including trade secrets, client lists, proprietary technology, and business strategies — both during and after their employment. In Australia, the legal framework governing employee confidentiality obligations is multi-layered, drawing on equity, contract law, statutory duties, and intellectual property legislation. The foundational basis for employee confidentiality in Australian law is the equitable duty of confidence. Under this doctrine — developed through cases such as Coco v A N Clark (Engineers) Ltd [1969] RPC 41 (applied extensively in Australian courts) and Moorgate Tobacco Co Ltd v Philip Morris Ltd (No 2) (1984) 156 CLR 414 (High Court of Australia) — information is protected in equity if it is of a confidential nature, was imparted in circumstances giving rise to an obligation of confidence, and unauthorised use would be detrimental to the party who communicated it. During employment, this equitable duty applies alongside contractual confidentiality obligations. The Corporations Act 2001 (Cth) section 183 imposes a statutory duty on company officers and employees not to improperly use information obtained in that capacity to gain an advantage for themselves or anyone else, or to cause detriment to the corporation. This provision applies to all officers and employees of corporations and supplements both equitable and contractual duties. The Fair Work Act 2009 (Cth) also shapes the employment relationship within which confidentiality obligations operate. Confidentiality clauses in employment contracts must not be so broad or oppressive as to constitute a harsh, unjust, or unreasonable term, nor should they prevent employees from exercising their National Employment Standards (NES) entitlements or rights under applicable Modern Awards or Enterprise Agreements. The Fair Work Act's unfair dismissal and general protections provisions (Part 3-1) also limit the circumstances in which an employer can discipline an employee for alleged breach of confidentiality. Post-employment confidentiality obligations — sometimes called restraints or non-disclosure obligations in the post-employment period — are enforceable in Australia provided they are reasonable in scope and duration, limited to genuinely confidential information (not general skills or knowledge acquired during employment), and serve a legitimate business interest of the employer. Australian courts and tribunals regularly scrutinise post-employment confidentiality clauses, and an obligation that is too broad in scope, covers too long a period, or purports to protect information that is not genuinely confidential may be reduced or declared void as an unreasonable restraint of trade. Intellectual property created by employees in the course of their employment is addressed by specific Australian legislation. Under the Copyright Act 1968 (Cth) section 35(6), copyright in a work made by an author in pursuance of the terms of their employment under a contract of service or apprenticeship vests in the employer unless the contract of service otherwise provides. Under the Patents Act 1990 (Cth), an employee's invention made in the course of their employment will generally be owned by the employer where the invention is made in the course of the employee's normal duties. An Employee Confidentiality Agreement often includes an express IP assignment clause to make these obligations clear and to extend them where the legislation may not automatically apply. The whistleblower protection regime in Australia is critically important. Under Part 9.4AAA of the Corporations Act 2001 (Cth) and the Public Interest Disclosure Act 2013 (Cth), employees who make protected disclosures about suspected misconduct, breaches of law, or other specified matters are entitled to legal protection and cannot be subject to detriment for making such disclosures. A confidentiality agreement cannot prevent or penalise an employee from making a protected whistleblower disclosure — any attempt to do so would be void and may expose the employer to penalties. The remedies available to employers for breach of employee confidentiality obligations include injunctive relief (to prevent ongoing or threatened disclosure), an account of profits (to recover gains made by the employee from the unauthorised use of confidential information), compensatory damages (to recover quantified losses), and, where expressly provided for in the agreement, liquidated damages (a pre-agreed sum per breach, provided it is a genuine pre-estimate of loss and not a penalty). An Employee Confidentiality Agreement is most effective when it is signed at the commencement of employment, is clearly worded, is reasonable in scope and duration, and is part of a broader employment framework that includes training on confidentiality obligations and appropriate data security procedures.

A Social Media Policy is a formal workplace policy document that sets out the rules, responsibilities and standards governing the use of social media by employees and other workers engaged by an organisation, both in a professional capacity (on company accounts) and on personal accounts during and outside work hours. An Australian Social Media Policy must be consistent with the Fair Work Act 2009 (Cth), Privacy Act 1988 (Cth), and applicable anti-discrimination and defamation laws. What Is a Social Media Policy? A Social Media Policy (also referred to as a social networking policy, digital media policy, or online conduct policy) is a written workplace document that defines an organisation's expectations and requirements for how its employees use social media in connection with their employment. The policy applies to all social media platforms — including LinkedIn, Facebook, Instagram, X (formerly Twitter), TikTok, YouTube, Reddit, personal blogs, online forums, review sites and messaging platforms — and covers both authorised professional use of the organisation's social media channels and the personal social media activity of employees to the extent it connects to the employment relationship. In Australia, the relationship between social media and employment law has developed significantly through Fair Work Commission decisions. The Commission has consistently held that social media posts made outside of work hours can provide a valid reason for disciplinary action — including termination — if the content has a sufficient connection to the employment relationship, damages the employer's reputation, disrupts workplace harmony, undermines trust and confidence, or constitutes workplace bullying or harassment. When Is a Social Media Policy Needed? An Australian Social Media Policy is needed in the following circumstances: - For any organisation with employees who use social media in connection with their work, whether on company accounts or in ways that reference the organisation, colleagues, or clients; - When the organisation's operations involve employees who have access to confidential business or client information that could potentially be shared on social media; - When the organisation is required to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles in relation to the handling of personal information about clients, customers or employees; - When the organisation wants to establish clear standards for professional use of company social media accounts, including who is authorised to post and what approval processes apply; - When the organisation wants to address the risk of employees making defamatory, discriminatory or harassing statements on social media that could expose the organisation to legal liability; - As part of a broader suite of workplace policies addressing conduct, confidentiality, and the use of company resources. Key Elements of an Australian Social Media Policy A comprehensive and legally sound Australian Social Media Policy should include the following elements: 1. Organisation identification: The full legal name, ABN, and principal address of the organisation, together with the name of the policy owner and the effective and review dates. 2. Scope and application: A clear statement of who the policy applies to (including employees, contractors, volunteers and other engaged workers) and the social media platforms and channels covered. 3. Professional use rules: Standards governing the use of official company social media accounts, including who is authorised to post, what content approval processes apply, how client or customer complaints are to be managed online, and how the organisation's brand and intellectual property are to be used. 4. Personal use rules: Standards governing employees' personal social media use, both during and outside work hours. Under Fair Work Commission decisions including O'Keefe v Williams Muir's Pty Ltd [2011], Linfox Australia Pty Ltd v Glen Stutsel [2012], and subsequent decisions, out-of-hours social media conduct can constitute a valid reason for dismissal where it has a sufficient nexus to the workplace. 5. Confidentiality obligations: A clear definition of what constitutes confidential information and an express prohibition on disclosing any such information through social media channels, consistent with the employee's contractual confidentiality obligations and the Privacy Act 1988 (Cth). 6. Privacy obligations: Requirements consistent with the Australian Privacy Principles under the Privacy Act 1988 (Cth), including prohibitions on posting personal information about colleagues, clients or third parties without their consent. 7. Adverse action protections: The policy should acknowledge that it does not seek to prohibit the exercise of any workplace right under the Fair Work Act 2009 (Cth), including the right to make a complaint (s 340) or to participate in industrial activities. 8. Breach and consequences: Examples of prohibited conduct and a clear statement of the range of disciplinary consequences, up to and including termination for serious breaches. 9. Reporting procedure: A mechanism for employees to report concerns about social media conduct by others, with confidentiality protections. 10. Employee acknowledgement: A signed acknowledgement confirming the employee has read and understood the policy. This template is designed for use across all Australian states and territories, including New South Wales, Victoria, Queensland, Western Australia, South Australia, Tasmania, the Australian Capital Territory, and the Northern Territory.