top of page
Search

Surveillance, Privacy, and Governance: The New Operating Reality for Australian Workplaces

Light Years Agency Perspective


Workplace and retail surveillance is undergoing a structural shift. Facial recognition in stores, AI-driven monitoring on laptops, automated performance analytics; these tools are no longer hypothetical. They are here, widely deployed, and increasingly scrutinised. For boards, executives, and governance professionals, the message is blunt: surveillance strategy is governance strategy, and the regulatory bar is rising fast.


This briefing distils the major developments shaping Australia’s surveillance environment and outlines a pragmatic governance response.


Retail Surveillance: The Compliance Fault Lines Exposed

The recent Privacy Commissioner decisions involving Kmart and Bunnings mark a watershed moment for biometric governance. Both organisations deployed facial recognition technology (FRT) across multiple stores. Both were found to have materially failed the requirements of the Privacy Act.


Where Kmart fell short

  • Consent was inadequate. Sensitive biometric data was collected without clear, explicit consent. Store notices were inconsistent and incomplete.

  • Transparency obligations were breached. Privacy policies did not accurately describe the types of information collected or how it would be used, stored, or shared.

  • Notification was insufficient. Entry signage was not enough. Purpose, implications, and access rights must be explained plainly.

  • Security exemptions were misapplied. Preventing refund fraud was not a broad justification to bypass consent or skip less intrusive options.


Governance implications

The decision effectively publishes a compliance checklist:

  • Conduct privacy risk assessments for all new technologies.

  • Use prominent, detailed collection notices.

  • Obtain explicit consent for biometric data.

  • Disclose all forms of data, including metadata and secondary outputs.

  • Assess proportionality—whether the level of surveillance is justified by the risk.


For boards, the takeaway is simple: technology cannot outrun governance. If surveillance is being used to address a business risk, the privacy risks must be assessed with the same rigour.


Workplace Surveillance: Regulation Behind the Technology Curve

AI-powered monitoring, keystroke analytics, webcam activation, geolocation tracking—these practices are now routine in parts of the Australian workforce. Yet legislation remains patchy and outdated.

The Victorian Government’s inquiry into workplace surveillance provides the clearest signal of where reform is heading, and it is a model likely to influence national policy.


Key findings

  • Surveillance is increasingly automated, opaque, and capable of profiling employees.

  • Workers often do not know the scale of monitoring or how analysis is used.

  • There is limited evidence that intrusive surveillance improves productivity.

  • Monitoring can damage psychological safety—now a core WHS duty.

  • Power imbalances and impacts on vulnerable workers are significant.


Key recommendations

  • Mandatory surveillance risk assessments.

  • Clear written notice before surveillance begins.

  • Employee consultation for any new or changed monitoring.

  • Independent oversight for intrusive or covert surveillance.

  • Stronger protections around automated decision-making and third-party data use.

Even without legislative change, these recommendations outline what “good governance” increasingly looks like.


Legal, Regulatory, and Reputational Exposure

Australia’s regulatory system has gaps—particularly regarding employee records—but that does not offer protection from consequences. Boards should assume increasing oversight, aligned with international trends.


What we’re seeing globally

  • Amazon fined €32 million (France, 2023) for excessive employee monitoring.

  • A French real estate firm fined for tracking computer activity and inactivity at home.

  • Psychosocial risks from surveillance recognised as WHS hazards.


The direction of travel is clear: governance frameworks must consider privacy, WHS, ethics, and organisational culture simultaneously.


A Governance Model for Responsible Surveillance

Light Years Agency recommends that organisations treat surveillance as a multi-disciplinary risk domain, requiring structured oversight—not simply an IT or HR decision.


A robust implementation framework includes:

  • Consultation with employees and representatives, aligned with WHS requirements.

  • Informed, voluntary, time-limited consent where required.

  • Privacy Impact Assessments (PIAs) and WHS assessments prior to deployment.

  • Proportionality controls—surveillance must be necessary and measured.

  • Clear governance artefacts: policies, procedures, training, escalation pathways.

  • Ongoing transparency on what is collected, why, and for how long.

  • Regular review of data usage, retention, and third-party arrangements.

  • Board oversight embedded into KPIs for relevant executives.


Surveillance without governance is no longer defensible.


Principles for a Forward-Looking Surveillance Strategy

Proportionality

Only deploy surveillance that is justified by a demonstrable business need, and limit scope to what is strictly necessary.


Transparency

Disclose data collection and use in plain language. Ambiguity is an invitation for regulatory and reputational harm.


Accountability

Boards must ensure compliance, ethical alignment, and stakeholder trust. The community expectation standard is rising.


The Shift Ahead

Regulatory reform is accelerating. Public tolerance for opaque monitoring is declining. The risks; legal, ethical, reputational; are converging.


Governance professionals should now:

  • Review and uplift privacy and surveillance policies.

  • Train staff to recognise and manage surveillance risks.

  • Monitor regulatory updates and engage with industry forums.

  • Evaluate ethical implications, not just legal minimums.


Conclusion

Surveillance in Australia is entering a new phase. The compliance failures of major retailers, inquiries into workplace monitoring, and global enforcement actions send a consistent message: organisations must lead with principles, not technology.


For boards and executives, this is a governance moment. A disciplined, transparent, and proportionate approach will not only reduce risk but also strengthen trust—across the workforce, customers, and the broader community.


Light Years Agency partners with organisations to build surveillance, privacy, and governance frameworks that are future-proof, legally sound, and ethically grounded. If your organisation is navigating this space, now is the time to modernise your approach.

 
 
 

Comments

LYAG.png

We acknowledge the Traditional owners of the land where we work and live. We pay our respects to Elders past and present. We celebrate the stories, culture and traditions of Aboriginal and Torres Strait Islander Elders of all communities who also work and live on this land.

Light Years Agency Group Pty Ltd

81-83 Campbell Street, Surry Hills, NSW, 2010
ABN: 97 347 270 174

©2019 by Light Years Agency

bottom of page