A number of legal and policy changes are coming into effect over the next few months. To help you stay informed and ahead of the curve, we’ve summarised key developments below.
For all employers, three important reminders are right to disconnect is rolling out to smaller employers, privacy law reform affecting businesses and it may be time for reissue your Casual Employment Information Statements.
Right to Disconnect – Now Relevant for Small Employers
We previously shared updates with large employers on the introduction of the Right to Disconnect under the Fair Work Act, which came into effect for them on 26 August 2024. Now, it’s time for small employers to prepare, with the provisions applying to them from 26 August 2025.
As a reminder, a large employer is any business that employs 15 or more employees, while a small employer has fewer than 15 employees. Employee numbers are assessed on a headcount basis and include casuals who are employed on a regular and systematic basis.
The Right to Disconnect gives employees the legal ability to refuse to monitor, read, or respond to work-related communications, such as emails, messages, or calls, outside of their ordinary working hours, unless that refusal is unreasonable. What’s considered “unreasonable” will depend on factors like the urgency and nature of the contact, the employee’s role and pay conditions, and whether they receive compensation (such as overtime or allowances) for being available after hours.
Here’s a simple example to illustrate. The employee finishes work at 5 pm and turns off their work phone. The employer sends an email at 10 pm asking the employee to reply immediately. Under the right to disconnect, the employee has the legal right not to check or respond to work messages outside their normal working hours, unless the situation is reasonable or urgent, or the employee has agreed to be contactable outside those hours. The employee is not required to respond to work contact when off the clock, and the employer cannot discipline or punish the employee for choosing not to respond, unless the refusal to respond is clearly unreasonable in the circumstances.
This new entitlement is part of a broader shift to support work-life balance, manage burnout risk, and reduce the expectation of unpaid out-of-hours work, particularly for remote or hybrid teams.
If you’re a small employer, now is a good time to review your internal communication culture. You may wish to update policies or employment contracts to set clear expectations around availability, particularly for managers or client-facing roles. You might also consider leadership guidance or templates to help teams manage urgent matters respectfully and transparently.
Disputes over the right to disconnect should be resolved at the workplace level wherever possible, but can be escalated to the Fair Work Commission if needed. While penalties don’t automatically apply, ongoing non-compliance or disregard for the new entitlement may increase exposure to broader workplace risks.
Privacy Law Reform – Now in Effect
Recent updates to the Privacy Act introduce a new legal avenue for individuals, including employees, to seek redress for serious invasions of privacy, even in cases not covered by existing Privacy Act protections. This includes a newly recognised tort (a type of civil legal claim) that can apply when someone’s privacy has been seriously breached, either through intrusive behaviour or mishandling of their personal information.
This means that individuals now have the right to take direct legal action, and businesses can be held liable even where existing privacy laws did not previously apply.
There are two broad categories of breaches that can trigger this new liability:
- Intrusion into seclusion, such as unauthorised surveillance (e.g. installing hidden cameras, monitoring personal emails or webcams without consent), or excessive location tracking through work devices.
- Misuse of personal information, including sharing an employee’s medical history with a colleague, mishandling payroll or ID data, or posting something about an employee on social media without their knowledge.
These are not theoretical risks. For example, a manager checking an employee’s location via a tracking app outside work hours, without a clear, lawful reason, could be seen as an invasion of seclusion. Or, emailing sensitive HR information to the wrong person and failing to act quickly to correct it may fall under misuse of personal information.
In these cases, the employer can be held vicariously liable, meaning the business may be responsible even if it was an individual staff member who breached privacy.
Consequences can include:
- Significant damages (up to $478,550 for a single claim)
- Court orders, including formal apologies, corrections to records, or requiring changed behaviour
- Legal costs, stress, and reputational damage, especially if media or social media coverage is involved
While the employee records exemption under the Privacy Act still exists, it only applies to certain data collected in the direct context of employment. This new tort has a wider reach and applies even to conduct not covered by that exemption, such as storing sensitive information without consent, failing to secure private messages, or casually discussing personal matters in open forums.
To reduce your risk and build trust in your organisation, we recommend:
- Reviewing internal privacy and IT practices, particularly in relation to monitoring, data storage, and access rights
- Training staff, especially managers, on appropriate data handling, boundaries, and digital etiquette, what may seem like a harmless shortcut could be a serious legal risk.
- Remind staff and managers on the importance of not discussing other employee’s personal information with other people without their consent.
- Reassessing your use of surveillance tools, phone trackers, email scanning, or camera footage, ensure they are clearly explained, consented to where appropriate, and only used for lawful, proportionate purposes
This is not just a compliance issue, it’s also a cultural one. Staff increasingly expect that their privacy will be respected in both digital and physical environments. Transparency and restraint around surveillance, messaging, and information sharing are now critical workplace norms.
We can help you audit current practices, update your documentation, and run awareness sessions with staff or leaders as needed. Let us know if you’d like support.
Casual Employment Information Statement (CEIS) – Rolling Obligations Increase in August
It has now been a full year since the changes to the Fair Work Act introduced updated requirements around the Casual Employment Information Statement (CEIS). For many employers, this means it’s time to revisit those obligations and reissue the CEIS to eligible casual employees.
The CEIS must be provided to every new casual employee when they commence employment. For small businesses with fewer than 15 employees, this initial provision is all that’s required. However, for larger employers with 15 or more employees, the CEIS must also be reissued at six months, at twelve months, and every year thereafter while the employee remains casual.
If your casual employees commenced with you in August or September 2024, you may now be due to issue the CEIS again. This annual reminder is an important part of ensuring compliance with workplace law and maintaining transparency with your team. The CEIS helps casual workers understand their rights and the nature of their engagement, including whether and when they might be eligible to request conversion to permanent employment.
Need Advice?
ER Strategies are experts in employment compliance and can assist you in managing your employment compliance responsibilities. To discuss your obligations and assistance we can provide, get in touch with us at 1300 55 66 37, or click the button below.
