Is It Legal To Monitor Employees’ Computers In New Zealand?

Alex Solo
byAlex Solo10 min read
Employment Law
Contents

If you run a small business, monitoring how staff use work computers can feel like a practical necessity. Maybe you’re worried about data leaks, time-wasting, phishing emails, or sensitive client information being mishandled.

At the same time, monitoring can quickly become a privacy and trust issue if it’s done without a clear reason, without telling staff, or using tools that go further than you actually need.

The good news is: workplace monitoring can be lawful in New Zealand, but it depends on how and why it’s done. In practice, you need to think about both privacy law (especially the Privacy Act 2020 and its information privacy principles) and employment law (including fair process and good faith obligations).

Why Do Employers Use Employee Computer Monitoring?

Most employers don’t set out to “spy” on staff. Usually, monitoring is about managing genuine business risks, such as:

  • Cybersecurity threats (phishing emails, malware, suspicious downloads)
  • Confidentiality and client privacy (protecting customer data and commercially sensitive information)
  • Preventing misuse of business systems (illegal downloads, inappropriate browsing, unsafe websites)
  • Protecting intellectual property (preventing unauthorised sharing of files)
  • Investigating misconduct (e.g. suspected fraud or serious policy breaches)
  • Productivity and performance management (making sure paid time is being used appropriately)

In a small business, even one incident can have a big impact - losing a key client, triggering a privacy complaint, or suffering a cyber incident can be expensive and stressful.

That’s why it’s worth setting up a clear, lawful monitoring approach from day one, rather than scrambling to react after something goes wrong.

Employee computer monitoring can be lawful in New Zealand, but there isn’t one single rule that says “yes” or “no”. Instead, it usually comes down to whether your monitoring is:

  • for a legitimate purpose
  • clearly communicated to employees
  • proportionate (not more intrusive than necessary)
  • handled fairly under employment law
  • compliant with the Privacy Act 2020 (how you collect, store, use, disclose, retain and give access to personal information)

Privacy Act 2020: The Big Picture

Monitoring often involves collecting personal information. For example, logs of websites visited, emails sent, screen recordings, or chat messages can all relate to an identifiable individual.

Under the Privacy Act 2020, employers generally need to follow the information privacy principles. Practically, that often means ensuring:

  • You’re collecting information for a lawful purpose connected with your business (and only collecting what’s necessary for that purpose).
  • You collect it in a way that’s fair and not unreasonably intrusive - and, in most cases, you collect it directly from the employee rather than indirectly.
  • You take reasonable steps to tell employees what you’re collecting, why, how it will be used, who it might be shared with, and what their rights are (this is often done via a Privacy Policy and internal policies).
  • You take reasonable steps to protect the information (security safeguards) and don’t keep it longer than you need.
  • You can respond appropriately if an employee asks to access (and potentially correct) information you hold about them.

Practically, privacy compliance often comes down to transparency, necessity, and being able to justify what you collect and how you use it.

Employment Law: Good Faith And Fair Process Still Apply

Even if a monitoring method is technically “possible”, employment law still expects you to act fairly. Under the Employment Relations Act 2000, you and your employee must deal with each other in good faith.

This matters because monitoring can impact:

  • trust and confidence in the employment relationship
  • disciplinary outcomes if monitoring is used as evidence
  • how performance issues are managed

If monitoring is introduced without consultation, is overly invasive, or is used in a “gotcha” way, it can create legal risk - especially if you later rely on that information in a disciplinary process.

What Counts As Employee Computer Monitoring (And What’s Riskier)?

“Employee computer monitoring” can cover a wide range of tools and practices. Some are standard and relatively low-risk when disclosed, while others are high-risk and need extra care.

1. Internet And Network Monitoring

This includes tracking:

  • websites visited
  • bandwidth usage
  • downloads and uploads
  • connections to risky or blocked sites

This type of monitoring is often easiest to justify as part of cybersecurity and IT system management - as long as employees are told it happens and the data isn’t used in an unfair way.

2. Email And Messaging Monitoring

If staff use a work email address or company messaging platform, you may have legitimate reasons to monitor or review communications (for example, responding to a customer complaint, investigating harassment, or protecting confidential information).

However, it’s still personal information, and employees may have a reasonable expectation that monitoring won’t be constant, secret, or used beyond its stated purpose.

If your monitoring includes recording calls (including online calls), you should be especially careful. Even where recording is technically permitted in some contexts, you should still think about privacy and good faith: clearly explain when/why calls may be recorded, limit access, and avoid using recordings for unrelated purposes. The issues are similar to those covered in call recording compliance.

3. Productivity Tools (Time Tracking, Activity Logs)

Many businesses use tools that track:

  • log-in/log-out times
  • time on certain apps
  • idle time
  • work completed in task systems

Used properly, these tools can support fair workload management (particularly for remote teams). But they can also become intrusive if they track too much detail or are used as a substitute for proper performance management.

4. Screenshots, Screen Recording, Webcam Monitoring, Or Keystroke Logging

This is where the legal risk often increases.

Screen recording, random screenshots, webcam “presence checks”, or keystroke logging can capture highly personal information (for example, private messages, passwords, or health information displayed on screen). Even if an employee is on a work device, this level of monitoring can be seen as excessive unless you have a very strong reason and a very clear process.

Covert monitoring is particularly risky, and should generally be treated as an exception (for example, a targeted investigation with strong justification). If you’re considering anything close to this, it’s worth getting advice first and ensuring it’s covered by clear policies like an Employee privacy handbook.

5. CCTV In The Workplace (That Incidentally Captures Computer Use)

Some workplaces use CCTV for security and safety reasons, and it may incidentally capture staff using computers.

That can still raise privacy issues if cameras are positioned in a way that unnecessarily monitors staff activities, or if footage is used for reasons that weren’t explained up front. If CCTV is part of your wider monitoring approach, make sure it’s consistent with your workplace privacy messaging (including signage and policy). The same principles are discussed in Are Cameras Legal In The Workplace.

6. Monitoring On Personal Devices (BYOD)

If employees use their own phones or laptops for work (a “bring your own device” setup), monitoring is significantly more complicated.

That’s because a personal device usually contains a mix of work and private content. Monitoring software could capture personal information well beyond what’s needed for your business.

If you allow BYOD, you’ll usually want clear rules around:

  • what work apps must be used
  • security requirements (passwords, encryption, MFA)
  • what you can and can’t access
  • what happens when employment ends (returning data, removing access)

How To Do Employee Computer Monitoring Lawfully: A Practical Checklist

If you’re planning to introduce employee computer monitoring (or you already do some monitoring informally), here’s a practical framework to reduce legal risk and protect the business.

1. Be Clear About The Purpose (And Keep It Narrow)

Start with: what problem are we solving?

Examples of clearer, safer purposes include:

  • protecting customer data and preventing data breaches
  • detecting malware or suspicious activity
  • investigating specific suspected misconduct
  • meeting legal or contractual obligations (e.g. confidentiality requirements)

Vague purposes like “watching productivity” can be harder to justify unless you can show it’s reasonable and not excessive.

2. Choose The Least Intrusive Tool That Still Works

A good rule of thumb is: don’t collect more than you need.

For example, you may not need screen recordings if website filtering and security logging achieve the same outcome with less intrusion.

3. Tell Employees What You’re Doing (No Surprises)

One of the quickest ways to create risk is to monitor secretly (except in limited, well-justified investigation contexts where you’ve taken legal advice).

In most small business settings, you should communicate:

  • what is monitored (internet traffic, emails, device logs, etc.)
  • when monitoring occurs (always-on vs specific audits)
  • why monitoring occurs (security, compliance, performance, etc.)
  • who can access the information
  • how long you keep it
  • what it may be used for (including disciplinary investigations)

This is usually best documented in a Workplace policy and reinforced in onboarding.

4. Consult Before Making Major Changes

If you’re introducing new monitoring that materially affects employees (for example, rolling out tracking software across all laptops), you should consider consultation as part of acting in good faith.

This doesn’t mean employees have a veto, but it does mean you should:

  • explain the proposal
  • give employees a chance to ask questions and provide feedback
  • genuinely consider reasonable feedback
  • confirm the final approach in writing

5. Secure The Data You Collect

If you’re collecting monitoring data, you’re responsible for storing it safely.

In practice, that means considering:

  • access controls (who can view logs/recordings)
  • strong passwords and multi-factor authentication
  • encryption where appropriate
  • audit trails (so you can see who accessed what)
  • a retention policy (don’t keep it forever “just in case”)

If monitoring data is leaked, that can quickly become a privacy incident - and it can also seriously damage employee trust.

6. Use Monitoring Information Fairly (Especially In Discipline)

If monitoring reveals a possible policy breach or misconduct, treat it like any other employment issue: follow a fair process.

That usually includes:

  • putting the concerns to the employee clearly
  • giving them a chance to respond
  • considering their explanation with an open mind
  • documenting the process

If you rely on monitoring evidence that employees didn’t know existed, or that goes beyond what you said you would collect, the situation can get messy fast.

What Should You Put In Your Employment Documents And Policies?

Employee computer monitoring is much easier to manage when your paperwork is consistent and tailored to your business.

For many small businesses, a good “legals baseline” includes:

Employment Agreements

Your Employment Contract is a good place to set expectations about use of work systems and compliance with policies.

You usually wouldn’t cram all monitoring detail into the contract itself (because your IT systems may change), but the contract can:

  • require employees to comply with company policies
  • clarify that work systems are provided for business purposes
  • allow reasonable monitoring to protect the business and meet legal obligations

Computer, Internet, And Communications Policy

This is where you spell out the practical rules, such as:

  • acceptable and unacceptable use (e.g. illegal downloads, offensive content)
  • password and security requirements
  • rules for personal use (if any)
  • the types of monitoring in place and why
  • how monitoring information may be used

This can sit inside your broader Workplace policy suite.

Workplace Privacy Guidance

If you want to set clear expectations (and reduce misunderstandings), a dedicated document can help employees understand how privacy works at work, what information you collect, and how you manage it. This is often what an Employee privacy handbook is designed to cover.

Remote Work Considerations

Monitoring tends to ramp up when teams move remote, because you can’t “see” what’s happening in the office.

But working from home doesn’t automatically mean employees have no privacy rights - and overly invasive monitoring in someone’s home environment can create extra tension. If remote work is part of your setup, it’s worth aligning your monitoring approach with your broader approach to working from home.

Train Your Managers (So Monitoring Doesn’t Get Misused)

Even good monitoring systems can create risk if they’re accessed casually or used inconsistently.

Basic manager training should cover:

  • when it’s appropriate to access monitoring logs
  • who approves access
  • how to interpret data responsibly (context matters)
  • how to escalate concerns into a fair HR process

Key Takeaways

  • Employee computer monitoring can be lawful in New Zealand, but it needs to comply with both privacy law and employment law.
  • The Privacy Act 2020 (including the information privacy principles) is relevant whenever monitoring collects personal information, which can include browsing logs, emails, messages, screenshots, and recordings.
  • Monitoring should be purpose-driven and proportionate - collect what you need, and avoid overly intrusive tools unless you can strongly justify them.
  • You should generally tell employees about monitoring and document it in clear policies, rather than relying on informal “everyone knows we can check” assumptions.
  • If monitoring is used to manage misconduct or performance, you still need a fair process and you should be able to explain how the evidence was collected and why it’s relevant.
  • Strong foundations matter: align your approach across your Employment Contract, workplace policies, and privacy documents so expectations are clear from day one.

If you’d like help setting up a monitoring approach that protects your business without creating unnecessary privacy risk, we’re happy to help. You can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.

Alex Solo
Alex Solo

Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.

Need legal help?

Get in touch with our team

Tell us what you need and we'll come back with a fixed-fee quote - no obligation, no surprises.

Keep reading

Related Articles

Is It Legal To Pay Employees In Cash In New Zealand?

Is It Legal To Pay Employees In Cash In New Zealand?

When you’re running a small business, cash flow is everything. And sometimes, paying wages in cash can feel like the simplest option - especially if your business is cash-heavy (think hospitality, trades,...

9 May 2026
Read more
Is It Legal For Employees To Work Alone In New Zealand? Health & Safety Duties

Is It Legal For Employees To Work Alone In New Zealand? Health & Safety Duties

If you run a small business, it’s common to have times where one person is on site alone. Think early morning café openings, a retail worker closing up, a cleaner doing after-hours...

9 May 2026
Read more
Is It Illegal To Work Without A Written Employment Agreement In NZ?

Is It Illegal To Work Without A Written Employment Agreement In NZ?

If you’re hiring your first team member (or you’ve already got staff on board), it’s easy to think a “handshake deal” is enough - especially when you trust the person and you...

9 May 2026
Read more
Is It Illegal To Discuss Wages In New Zealand?

Is It Illegal To Discuss Wages In New Zealand?

If you run a small business, it’s completely normal to feel a bit uneasy when you hear employees are talking about pay at work. You might be thinking: “Is this going to...

9 May 2026
Read more
Pre-employment Drug Testing in New Zealand: What Employers Can Do If a Candidate Fails

Pre-employment Drug Testing in New Zealand: What Employers Can Do If a Candidate Fails

A failed pre-employment drug test does not always mean a New Zealand employer can simply reject a candidate. The key issues are consent, safety-sensitive

7 May 2026
Read more
Defining Inherent Job Requirements for NZ Employers

Defining Inherent Job Requirements for NZ Employers

Hiring (and managing) staff is one of the most important parts of growing a small business in New Zealand - but it can also be one of the most legally risky. One...

7 May 2026
Read more
Need support?

Need help with your business legals?

Speak with Sprintlaw to get practical legal support and fixed-fee options tailored to your business.

Get StartedBook A Call