Work from home (WFH) is no longer a “nice-to-have” for many teams - it’s a normal part of running a modern small business.
But if you’re allowing staff to work remotely (even occasionally), you’ll quickly run into practical questions that can turn into legal and operational headaches if they’re not clearly addressed. Things like: Who is eligible? What hours do you expect people to be available? Who pays for equipment? How do you protect confidential information on home Wi-Fi? What happens if someone gets injured at home during work hours?
This is where a clear WFH policy becomes one of your most useful tools. It sets expectations, protects your business, and helps your team stay productive and safe - without you needing to negotiate the “rules” from scratch every time someone asks to work remotely.
Below, we’ll walk you through how to create a WFH policy that makes sense for your business and your people, and the key legal issues to keep in mind in Australia.
What Is A WFH Policy (And Do You Need One)?
A WFH policy is a written workplace policy that explains how working from home operates in your business.
It’s usually designed to answer:
- when WFH is available (eg full-time remote, hybrid, ad hoc days)
- who can approve it and how requests are handled
- what your expectations are around hours, communication and performance
- how you’ll manage safety, security, and business equipment
- what happens if things go wrong (eg incidents, data breaches, performance issues)
Do you need one? If you have staff working from home (or you’re planning to allow it), a WFH policy is strongly recommended because it helps you:
- reduce confusion across the team (consistent rules, fewer disputes)
- protect confidential information and business systems
- manage work health and safety (WHS) responsibilities in a remote environment
- set boundaries around availability and performance, especially for hybrid roles
It’s also important to remember: a WFH policy doesn’t replace your contracts. It should work alongside your core employment documents (like your Employment Contract) and your broader workplace policies.
Step-By-Step: How To Create A WFH Policy That Works
There’s no one-size-fits-all WFH policy. A great policy is one your team can actually follow, and one that fits the reality of your operations.
Here’s a step-by-step process you can use to build one.
1. Decide What “WFH” Means In Your Business
Start with the basics: what remote work model are you offering?
- Fully remote (no office attendance required)
- Hybrid (some office days, some home days)
- Occasional/ad hoc (case-by-case approvals)
Be specific. If you say “hybrid,” do you mean two days per week from home? Do teams choose their own days? Are there “core office days” for meetings?
Clarity here reduces friction later.
2. Set Eligibility Rules And A Clear Approval Process
Not every role can be performed remotely, and not every employee will be suitable for WFH at all times.
Your WFH policy should explain:
- which roles are eligible (and why)
- whether WFH is a right, a benefit, or a discretionary arrangement
- who approves WFH (eg direct manager, director, HR)
- how requests must be made (eg in writing, using a form, in advance)
- when you can refuse or revoke WFH arrangements (eg performance concerns, operational needs)
It’s also worth factoring in that some employees have a legal right to request flexible working arrangements under the Fair Work Act (for example, certain carers, parents, people with disability, employees aged 55+, and employees experiencing family and domestic violence). You don’t always have to approve a request, but you do need to respond properly and can generally only refuse on reasonable business grounds.
If you want WFH to be a standard part of employment for certain roles, consider whether you should reflect that in the employment contract too (rather than relying on a policy alone).
3. Define Working Hours, Availability And Communication Standards
WFH often fails when expectations are vague. It’s worth spelling out your practical rules, such as:
- hours of work (including any “core hours” where everyone must be contactable)
- breaks and time management expectations
- where communication happens (eg email, internal chat, project management tools)
- meeting expectations (eg camera on/off, response times, daily stand-ups)
- how performance is measured (deliverables, KPIs, outcomes, quality)
If you have employees covered by a Modern Award or enterprise agreement, make sure your approach to hours, breaks and overtime doesn’t accidentally create compliance issues.
4. Decide Who Provides Equipment (And Who Pays For What)
WFH arrangements usually involve business equipment and business information leaving your premises - so you’ll want to control that carefully.
Your policy can cover:
- what equipment you provide (laptop, monitor, phone, headset)
- whether personal devices are allowed (and if yes, on what terms)
- who pays for internet, phone data, stationery, printing, software subscriptions
- maintenance, repairs, and returning equipment when employment ends
Even if you decide not to reimburse certain expenses, it’s still worth stating your position clearly so expectations don’t drift. Just keep in mind that some Modern Awards, enterprise agreements, or employment contracts may require you to cover certain “tools of trade” or work-related expenses (or provide an allowance) where the employee is required to use them for work.
5. Include Data Security And Confidentiality Rules
From a risk perspective, this is one of the most important sections of any WFH policy.
Working from home can increase your exposure to:
- confidential information being overheard by housemates or visitors
- devices being lost or stolen
- unsecured home Wi-Fi
- printing documents at home and improper disposal
Many businesses also tie WFH security rules into an acceptable use policy (eg rules for devices, software, passwords, and accessing systems).
If your business collects personal information (customer data, employee records, client files), make sure your internal practices align with your external Privacy Policy and your legal obligations.
6. Build In A WHS Process For Remote Work
WFH isn’t a “WHS-free zone.” In Australia, you can still have work health and safety obligations even if work is being performed from an employee’s home.
In practice, your WFH policy should include a sensible and proportionate approach to remote WHS, such as:
- requirements for a safe workstation setup (chair, desk height, screen position)
- guidance on ergonomics and breaks
- a process for reporting hazards and incidents while working from home
- expectations around pets, children, distractions, and a suitable workspace
You’re not expected to control everything in someone’s home - but you are expected to take reasonable steps to provide a safe system of work. A clear policy helps you show those steps are in place.
Key Legal Issues To Cover In An Australian WFH Policy
A WFH policy is not just an operations document. It can also be a practical risk-management tool, particularly in employment, privacy, and WHS.
These are the legal areas most small businesses should think about when drafting or updating a WFH policy.
Employment Terms And Contract Consistency
If your policy says one thing but your employment contracts say another, that can create confusion and disputes.
For example:
- a contract says the employee’s workplace is your office, but your policy implies they can work anywhere
- your policy says WFH is discretionary, but an offer email promised “fully remote”
- your policy introduces new rules that effectively change employment terms without consultation
It’s a good idea to treat your WFH policy as part of your broader workplace policy framework, and make sure it aligns with what’s in your contracts and onboarding documents.
Work Health And Safety (WHS) Duties
Your obligations won’t necessarily look the same as they do in a controlled office environment, but you should still take reasonable steps to ensure:
- staff have a safe setup and understand ergonomic basics
- they know how to report hazards or injuries
- you have a process to respond (eg reassess tasks, adjust workload, provide equipment)
If an injury occurs while an employee is working from home, there may also be workers’ compensation considerations. Your policy should make reporting processes very clear.
Privacy, Surveillance And Monitoring
Many business owners worry about productivity when staff work remotely. It’s common to consider monitoring tools, time tracking, or recording meetings.
This is an area where you need to be careful. Depending on how monitoring is done (and the state/territory you’re in), there may be privacy and surveillance laws to consider - as well as employee relations risks if you don’t communicate clearly.
If your team uses calls heavily (sales, customer support, internal meetings), it’s also worth understanding the rules around recordings and notification - the practical starting point for many businesses is having clear guidance in your WFH policy and referring to a dedicated business call recording laws approach for your operations.
For businesses that use video meetings, software monitoring, CCTV at premises, or device tracking, it may also make sense to align your WFH policy with an internal privacy framework such as an Employee Privacy Handbook.
Confidentiality, IP And Client Obligations
WFH can increase the risk of confidentiality breaches, especially if your team works with:
- client files (professional services, health, NDIS, finance)
- commercially sensitive information (pricing, supplier terms, product roadmaps)
- trade secrets or internal processes
Your policy should reinforce that confidentiality applies regardless of location, and include practical controls (screen locks, private rooms for calls, no sharing devices, no printing unless approved, secure storage and disposal).
Anti-Discrimination And Flexible Work Considerations
WFH decisions can also intersect with flexible work arrangements, carers’ responsibilities, and discrimination risk. If decisions appear inconsistent (eg approving WFH for one person but refusing another without clear reasons), it may cause disputes.
A good WFH policy helps by setting clear eligibility criteria and a fair process. You still need to assess requests reasonably and document decisions in case issues arise later.
What To Include In Your WFH Policy (A Practical Checklist)
Once you’ve decided your approach, the next step is turning it into a document your team can actually use.
Here’s a checklist of clauses and sections many Australian small businesses include in a WFH policy.
Core Policy Settings
- Purpose and scope: why the policy exists and who it applies to (employees, contractors, casuals, etc.).
- Definitions: what “WFH” means in your business (remote, hybrid, ad hoc).
- Eligibility: which roles can WFH, and any minimum requirements (eg probation completion, performance standards).
- Approval process: how to request WFH, who approves, how far in advance, and what happens if it’s refused.
- Review and change: your right to amend, suspend or revoke WFH arrangements (with appropriate notice where possible).
- Hours and availability: start/finish times, core hours, timesheets (if relevant), and overtime approval.
- Communication: response time expectations, meeting attendance, and how to notify if unavailable.
- Professional conduct: maintaining professional standards even at home (including background noise, appropriate environment for calls, etc.).
- Conflicts of interest: rules around secondary employment or competing activities while working from home.
Equipment, Expenses And IT Rules
- Business equipment: what you provide and what’s permitted to be used personally.
- Personal devices (BYOD): whether personal laptops/phones can be used and what security controls apply.
- Expenses: internet, phone, electricity, and any reimbursement rules (including pre-approval requirements). (Note: Awards/agreements or contracts may require you to reimburse certain work-related expenses or provide allowances in some cases.)
- Security requirements: passwords, MFA, VPN, locked screens, secure Wi-Fi, no public computers.
- Data handling: rules about downloading, storing, printing and disposing of documents.
WHS And Incident Reporting
- Workstation requirements: minimum safety/ergonomic expectations.
- Self-assessment: a checklist process for employees to confirm their setup is safe.
- Reporting: how to report hazards, incidents, and injuries while WFH (and who to notify immediately).
- Visitors and distractions: expectations around maintaining a safe workspace and limiting hazards.
Privacy, Monitoring And Recordings
- Use of monitoring tools: what you monitor (if anything), why, and how it’s used.
- Recordings: when calls/meetings may be recorded, notification requirements, and storage/security expectations.
- Confidentiality in shared spaces: guidance for preventing others from overhearing sensitive information.
Even if you keep your WFH policy short, including these core points will put you in a much stronger position than relying on informal “common sense” expectations.
How To Roll Out And Enforce Your WFH Policy
Writing the policy is only half the job. To get real value from your WFH policy, you need to implement it properly and ensure it stays up to date.
Get Buy-In And Communicate It Clearly
When you introduce your WFH policy, explain the “why.” Most employees respond well when they understand it’s about fairness, security, and safety - not control for the sake of it.
Consider running a short rollout session where you cover:
- how to request WFH and who approves it
- the key do’s and don’ts (security, confidentiality, WHS)
- what happens if the policy isn’t followed
Have Staff Acknowledge The Policy
A practical step many small businesses take is requiring staff to acknowledge that they’ve read and understood the policy.
This can be done:
- as part of onboarding
- when rolling out a new policy
- when you update the policy (especially if changes are significant)
Be Careful With “Contract Changes”
If WFH is becoming a permanent arrangement for a particular role (eg moving from office-based to fully remote), you may need to update the employment contract or issue a formal variation. Policies can support this, but they don’t always replace the need for contract clarity.
This is particularly important if location affects supervision, equipment, confidentiality, travel requirements, or allowances.
Review Your Policy Regularly
WFH arrangements tend to evolve over time. Your policy should be reviewed periodically, especially if you:
- introduce new software or monitoring tools
- hire into new states/territories
- expand your client base (and take on higher confidentiality obligations)
- experience a data incident or workplace injury
A short annual review can prevent you from being stuck with a policy that no longer matches how your business operates.
Key Takeaways
- A clear WFH policy helps your small business set expectations, protect confidential information, and manage risks when staff work remotely.
- Your WFH policy should be practical and specific - including eligibility, approval processes, hours and availability, equipment, expenses, and communication standards.
- Australian businesses should pay close attention to WHS duties, privacy and monitoring considerations, and confidentiality requirements when drafting a WFH policy.
- Your WFH policy should align with your existing employment documents (including your Employment Contracts and broader workplace policies) to reduce disputes and confusion.
- A policy only works if it’s rolled out properly - communicate it clearly, get acknowledgements, and review it regularly as your business changes.
If you’d like a consultation on creating or updating your WFH policy and employment documents, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
