The so-called “cloud era” has seen rapid changes to the way we interact and, given we spend a considerable chunk of our life at work, it is unsurprising that the growth of cloud technology, social media and other online platforms has pervaded the employment space creating a labyrinth of new risks employers need to carefully navigate.

If risks are considered and well managed, technology can complement the workplace and increase productivity, efficiency, and employee and client satisfaction.

Unique risks

There are an array of (manageable) risks that you may not have considered in the changing technology environment.

Misuse of social media

For starters, misuse of social media during work hours and/or outside of work hours has the potential to cause reputational damage to your business or may constitute bullying behaviour.

By way of example, in the 2015 Fair Work Commission (‘FWC’) decision of Ms Rachael Roberts v VIEW Launceston Pty Ltd as trustee for the VIEW Launceston Unit Trust T/A View Launceston [2015] FWC 7244, the FWC held that an employee “unfriending” another employee on Facebook (when considered in conjunction with other conduct) constituted bullying behaviour. The mere act of “unfriending” was not the only factor taken into consideration by the FWC, the employee had been subjected to repeated unreasonable behaviour in the workplace. The FWC stated that the act of “unfriending” was indicative of further unreasonable and bullying behaviour.

In a 2016 FWC decision of Starr v Department of Human Services [2016] FWC 1460, an employer was ordered to reinstate an employee it initially dismissed because of inappropriate posts the employee had uploaded online outside of work hours. The employee, a Centrelink Officer for the Department of Human Services (‘the Department’) made several comments online over a period of almost three years that could have been injurious to the Department including that he was, “embarrassed to work there” and labelling customers “junkies”.

Vice President Hatcher of the FWC held that the dismissal was harsh for reasons including: the employee’s previously clear employment record over 21 years; the unlikelihood that the employee would successfully find alternative employment; and the failure to show that the Department was, in fact, exposed to reputational damage.

In light of these decisions, it is important for employers to carefully scrutinise an employee’s conduct on social media to determine whether the conduct is sufficiently connected to the workplace and likely to cause reputational harm to the employer’s business prior to taking any disciplinary action.

Of course, prevention is always better than reaction and it is crucial to have a suite of well-drafted and clearly communicated workplace policies that establish the expected standard for social media (and similar) use. Employers should periodically assess conduct against those standards and ensure any social media conduct that falls short is addressed as it arises. In particular, employers should consider updating their code of conduct, bullying and harassment, and any email and internet use policies to expressly address social media use.

This also extends to the increasingly popular use of internal communication software within the workplace such as Slack messenger and even email chat/messenger. These platforms encourage less formal communication that may fall short of expected standards and the acceptable standard of use is best communicated in a policy.


Closely linked to the issue of social media use, is the obligation on employers to notify employees regarding any workplace surveillance. Employers need to be aware of their obligations pursuant to any relevant workplace surveillance legislation in the state within which they operate their business. In NSW and ACT in particular, the Workplace Surveillance Act 2005 (NSW) and the Workplace Privacy Act 2011 (Act) (collectively, ‘Workplace Surveillance Legislation’), impose strict obligations on employers to notify employees and, in some circumstances, consult with employees prior to conducting surveillance in the workplace.

The Workplace Surveillance legislation imposes different obligations depending on the type of surveillance, including but not limited to, optical surveillance (such as camera surveillance); computer surveillance (such as email surveillance); and tracking surveillance (such as GPS surveillance).

If employers want to access, monitor, and/or log email communications and internet use they are required to notify employees in accordance with the prescriptive Workplace Surveillance legislation. It is also important that employers appraise their suite of technology to consider whether they may be inadvertently monitoring their employees (invoking an obligation to notify employees) for example, where HR software automatically logs information.

Importantly, in NSW, employers can only carry out computer surveillance (including blocking emails/internet access) if it is conducted in accordance with a workplace policy.

Employers must also be aware of specific obligations attaching to the use of tracking surveillance (such as GPS) and the use of camera surveillance. For example, in both NSW and the ACT there is an obligation to use signage (for example, in the workplace or in a company car) to alert employees to camera and tracking surveillance.

Given the increasing mobility of the workforce, with employers working remotely, and the rise of employees using personal devices for work (subject to any “bring your own device” policies), employers may also need to consider whether any surveillance (intentional or inadvertent) of an employee’s personal device accords with Workplace Surveillance legislation and is also expressly canvassed in a workplace policy.

Of course, the reach of Workplace Surveillance legislation is not yet known and will likely grow to keep up to speed with new and emerging technologies – watch this space.

Post-employment restraints

With the increase of “bring your own device” policies and cloud-based storage, businesses now have confidential information and intellectual property scattered all over the place, rendering it difficult to sufficiently protect that information/property and to manage its whereabouts after an employee leaves employment. This makes it easier than ever for employees to misuse a former employer’s information/property and/or to poach clients and connections made during their employment.

As a result, businesses may need to review post-employment clauses in their employment contracts and relevant policy provisions to ensure the scope of confidential information and intellectual property (including its location) is clearly defined to capture, for instance, information stored on cloud based software and LinkedIn connections.

For example, in some industries it may be prudent to implement a policy that details how LinkedIn connections made during (and in connection) with the employment are to be dealt with post-employment. It may also be helpful to include an express contractual clause regarding employees using personal devices for work and a corresponding provision in a “bring your own device” policy that requires irretrievable deletion of intellectual property and confidential information from all devices (personal or work issued) at termination of employment.

Takeaway points

These issues are a timely reminder that businesses need to assess their practices against emerging technologies and seek necessary legal advice to ensure the introduction of new processes, policies and technologies are seamlessly introduced without creating new and unique risks.