AustraliaMy company's IT department reads employees' personal emails on work devices. Is this lawful?
It may be unlawful for your company to read personal emails on work devices without consent, as it could breach privacy laws and workplace surveillance rules.
What the Law Says
In Australia, reading employees’ personal emails on work devices is tightly regulated by federal privacy law and state-based workplace surveillance laws. The key issue is whether the employee had a reasonable expectation of privacy, and whether proper notice or consent was given.
The Privacy Act 1988 (Cth) applies to how organisations handle 'personal information', which includes emails that identify an individual. If your company collects, uses or discloses personal emails without consent — and where those emails are not part of legitimate business operations — it may breach Australian Privacy Principle (APP) 3 (collection) or APP 6 (use or disclosure).
In New South Wales, the Workplace Surveillance Act 2005 (NSW) specifically regulates monitoring of employees using tracking devices, computer surveillance, and listening devices. It requires employers to give employees written notice at least 14 days before starting surveillance — including email monitoring — and prohibits covert surveillance without consent.
Other states (e.g., Victoria, WA) do not have specific workplace surveillance laws, but general privacy obligations and common law expectations of privacy still apply. Employers must also comply with their own internal policies and employment contracts.
Statutory TextAn employer must not carry out computer surveillance of an employee unless the employer has given the employee written notice of the surveillance at least 14 days before it begins.
— Workplace Surveillance Act 2005 (NSW), s. 18 — Notice of computer surveillance
Statutory TextAn employer must not carry out computer surveillance of an employee in relation to the employee's private activities.
— Workplace Surveillance Act 2005 (NSW), s. 16 — Prohibition on surveillance of private activities
Statutory TextAn organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection…
— Privacy Act 1988 (Cth), s. 6(1) — Australian Privacy Principle 6
What to Do
Check if your employer provided written notice at least 14 days before monitoring began (required in NSW).
Review your employment contract and company IT policy — does it clearly state that personal emails may be monitored?
Raise concerns with HR or your manager, citing the Privacy Act and, if in NSW, the Workplace Surveillance Act.
If unresolved, contact the Office of the Australian Information Commissioner (OAIC) to make a privacy complaint.
If in NSW and surveillance was covert or lacked notice, you may report it to NSW Police or the NSW Civil and Administrative Tribunal (NCAT).
Sources
Same Question, Other Jurisdictions
Germany
Canada
Ireland
Singapore
European Union
India
South Korea
UK
US Federal
US-California
US-New York
JapanNot legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.