Random Searches At Work In New Zealand: What Employers Can And Can’t Do

If you run a small business, you’ve probably had the “what if” moment: what if someone brings drugs or alcohol to work, turns up impaired, or has something dangerous in their bag or locker?

For many workplaces, the obvious response is to introduce random drug and alcohol testing at work and, sometimes, random searches (for example, checking bags, lockers or vehicles). But in New Zealand, these steps sit right at the intersection of health and safety, employment law and the Privacy Act 2020.

The good news is you can take proactive steps to keep your workplace safe. The catch is you need to do it in a way that’s lawful, reasonable, and properly documented - otherwise you risk grievances, privacy complaints, and evidence that may be challenged or given less weight in any disciplinary process.

Why Random Drug, Alcohol And “Search” Policies Matter For Small Businesses

From an employer’s perspective, these issues usually come down to three practical realities:

• Health and safety risk: impairment can create serious risks, especially around machinery, driving, heights, hazardous substances, customer-facing roles, and vulnerable people.
• Operational risk: incidents can shut down a site, trigger investigations, damage client relationships, and increase insurance issues.
• Employment risk: if you handle testing or searches incorrectly, you can end up with personal grievances (even where the underlying concern was valid).

It’s also worth remembering that “random” controls can feel intrusive to staff. So your legal goal isn’t just “can we do it?” - it’s “can we justify it as a proportionate and fair step, and have we set expectations clearly?”

That expectation-setting usually starts in your Employment Contract and your workplace policies, supported by a well-run process that aligns with NZ privacy and employment obligations.

What Laws Apply To Random Drug And Alcohol Testing And Workplace Searches?

In New Zealand, there isn’t one single “workplace search and testing” statute. Instead, you’re balancing several legal duties at once.

1) Health And Safety At Work Act 2015 (HSWA)

Under HSWA, you must take reasonably practicable steps to ensure health and safety at work (so far as reasonably practicable). If your people are working in higher-risk conditions, having an alcohol and drug risk management approach can be part of meeting that duty.

But HSWA doesn’t automatically give you a free pass to test or search. You still need a proper employment basis (for example, an agreed term/policy and a reasonable direction in the circumstances), and you must handle personal information properly.

2) Employment Relations Act 2000 (Good Faith + Fair Process)

Employment relationships must be managed in good faith. In practice, that means if you’re introducing random drug and alcohol testing at work or any “search” regime, you typically need to:

• consult with employees (and potentially their representatives, where applicable),
• explain the rationale (usually safety and risk),
• give staff a genuine opportunity to provide feedback, and
• implement the policy fairly and consistently.

If the policy is a significant change to terms/conditions, you’ll need to treat it like one - not as something you can just announce in a staff meeting and roll out the next day.

3) Privacy Act 2020 (Collection, Use, Storage And Disclosure)

Drug and alcohol test results are highly sensitive personal information. Searching bags or lockers can also involve collecting personal information (even incidentally).

That means the Privacy Act 2020 (and its privacy principles) can apply to:

• what information you collect (and whether it’s necessary),
• how you collect it (fairly, without being unreasonably intrusive),
• how you store it (securely, access controlled),
• how long you keep it (not longer than necessary), and
• who you share it with (only where you’re allowed to).

This is also why it’s smart to align your approach with an internal privacy framework (for example, a staff privacy guide like an Employee Privacy Handbook) and an external-facing Privacy Policy where relevant.

4) Human Rights Act 1993 (Discrimination Risks)

Testing and searches can create discrimination issues if they’re applied unevenly or target certain groups. You’ll want to ensure your approach is role-based and risk-based, not person-based.

For example, “we’re only testing casuals”, “we’re only testing younger workers”, or “we’re only searching workers who we think look suspicious” is exactly the kind of pattern that can cause legal problems.

When Is Random Drug And Alcohol Testing At Work Usually Lawful In NZ?

In simple terms, random drug and alcohol testing at work is usually most defensible when it is:

• genuinely linked to safety risk (not just curiosity or “culture”),
• clearly set out in writing (contract/policy),
• introduced with consultation,
• carried out consistently (no favourites), and
• done using a fair, reliable process (including confirmatory testing where appropriate).

Safety-Sensitive Roles Vs Low-Risk Roles

The biggest factor is usually whether the role is safety-sensitive.

If you operate forklifts, machinery, vehicles, tools, or you work in construction, logistics, manufacturing, healthcare, or any environment where impairment could realistically cause serious harm, random testing is more likely to be seen as reasonable.

In lower-risk office-based roles, random testing can be much harder to justify unless you can clearly show why it’s necessary and proportionate for your specific workplace.

“Random” Testing Vs “Reasonable Cause” Testing

Many small businesses mix these up. They’re different tools, and your documentation should address both.

• Random testing is done without specific suspicion, usually as a deterrent and risk control in safety-sensitive workplaces.
• Reasonable cause testing is done where there are observable signs (for example, smell of alcohol, slurred speech, unsafe behaviour, credible reports) that support a belief the person may be impaired.
• Post-incident testing (after an accident/near miss) can be appropriate in some industries, but still needs to be handled carefully and fairly.

Random testing is generally more intrusive than reasonable cause testing - so if you’re going to do random testing, your “why” needs to be strong and your process needs to be tight.

Testing Standards And Chain Of Custody

If you ever need to rely on a positive result in an employment process, you’ll want testing to be credible and defensible. Practically, that means:

• use trained collectors (often third-party providers),
• follow recognised standards (for example, AS/NZS 4308 for urine testing and AS 4760 for oral fluid testing),
• use confirmatory testing (especially where disciplinary action may follow), and
• maintain a clear chain of custody.

It’s also important to document consent and privacy notifications properly. Many employers use a signed consent form as part of the process (for example, a Drug Test Consent Form).

Tip: consent doesn’t fix everything (because employees can feel pressured to consent), but having clear written consent as part of a broader, fair policy framework is still a practical piece of risk management.

Can You Do Random Searches Of Bags, Lockers, Vehicles Or Phones At Work?

“Random searches” is a broad phrase. Legally, you should treat different kinds of searches differently, because the privacy impact (and the justification required) isn’t the same in every case.

Bag Checks And Personal Belongings

Checking bags is intrusive. If you want to introduce bag checks (random or otherwise), you should have:

• a clear policy that explains when checks may occur and why,
• a process that minimises intrusion (for example, allowing the employee to open and show items themselves),
• rules about who can conduct checks and where (privacy, safety, gender considerations), and
• consistent application (not ad hoc checks based on hunches).

Even with a policy, you still need to ask whether a bag check is reasonable in the circumstances. For example, a retail stock-loss context might justify some checks, but it still needs to be proportionate and carefully implemented.

Lockers, Desks And “Work Property”

If you provide lockers, desks, or storage, your rights will depend heavily on what you’ve told staff.

As a general rule, if you want to preserve the ability to inspect work lockers/desks, your policy should clearly state:

• the locker/desk is provided for work purposes,
• it may be inspected in specified circumstances (for example, safety concerns, suspected misconduct, or scheduled audits), and
• how inspections will be carried out (notice, presence of the employee where possible, recordkeeping).

If a locker is treated by everyone as “private” and you’ve never reserved inspection rights, a sudden random search can create real legal and trust problems.

Work Vehicles

If the vehicle belongs to the business, inspections can be easier to justify - particularly where there are safety obligations (for example, ensuring no alcohol or drugs are stored in the vehicle, checking for hazardous items, or ensuring compliance with client site rules).

Even then, a random search should still be reasonable, done under a policy, and limited to what’s needed.

Phones, Emails And Personal Devices

Searching someone’s personal phone is a very different situation (and usually hard to justify). For work devices (like a company phone or laptop), you may have more scope - but you should still tread carefully and set expectations upfront.

This is where having a written privacy approach for staff communications helps. If your business records communications (for example, customer service calls), you’ll also want to ensure you’re transparent about it and that your practices align with New Zealand rules around recording conversations, including what’s discussed in Call Recording compliance.

CCTV And Monitoring As An Alternative To “Searches”

Sometimes, what employers really want is not “search powers” but better visibility over safety or stock-loss risks.

CCTV can be part of the answer - but it’s also regulated by privacy expectations, and it needs to be used transparently and proportionately. If CCTV is on your radar, it’s worth sense-checking your approach against workplace surveillance norms like those covered in Cameras In The Workplace.

How Do You Implement Random Testing And Search Processes Without Creating Legal Risk?

If you want a policy that actually works in the real world (and stands up legally), think in terms of “set the foundations, then run a fair process”.

Step 1: Identify The Real Risk (And Document It)

Before you draft anything, get clear on:

• which roles are safety-sensitive and why,
• what incidents or near misses have occurred (if any),
• what client/site requirements apply, and
• what control measures you already have (training, supervision, EAP access, fatigue management, etc.).

This risk-based reasoning becomes the backbone of why random drug and alcohol testing at work may be a “reasonable” step in your business.

Step 2: Put It In Writing (Contracts + Policies)

Your documents should answer the questions employees (and a mediator) will ask later:

• What kinds of testing may occur (random, reasonable cause, post-incident)?
• Who conducts the test and how is it performed?
• What happens if someone refuses?
• What happens if the result is non-negative or positive?
• What support is available (especially where dependency may be involved)?
• How is information stored and who can access it?

As a starting point, your employment documentation should be consistent (your Employment Contract shouldn’t say one thing, while your policy does another). If you’re also dealing with broader workplace behaviour and privacy expectations, a tailored workplace policy suite can save you a lot of headaches later.

Step 3: Consult Properly (Don’t Skip This)

Even if your intentions are good, rolling out a random testing/search policy without consultation is where many employers come unstuck.

In practical terms, consultation often looks like:

• circulating a draft policy,
• explaining why you’re introducing it,
• inviting feedback and genuinely considering it, and
• confirming the final version, training, and start date.

If you change the policy later (for example, you expand random testing to more roles), you’ll usually need to consult again.

Step 4: Build A Fair Process For “Refusals” And “Non-Negatives”

One of the most sensitive parts is what happens next.

A refusal to test isn’t automatically “serious misconduct” in every case. Whether you can treat it that way depends on your policy wording, the role risk, whether the employee understood the consequences, and whether your direction to test was reasonable in the circumstances.

Similarly, an initial non-negative screening result shouldn’t automatically mean you jump straight to termination. A more defensible pathway usually includes:

• standing the employee down from safety-sensitive duties (where justified),
• confirmatory testing,
• giving the employee a chance to respond, and
• considering support options and medical explanations where relevant.

Done right, this protects safety and reduces the risk of a flawed disciplinary process.

Step 5: Treat Results As Sensitive Personal Information

Test results should be handled on a strict need-to-know basis. As a guide:

• limit internal access (usually HR/owner/manager only),
• store results securely (not in a shared drive or open folder),
• avoid casual discussion (“everyone knows John failed a test”) which can become a privacy and employment issue, and
• set retention periods (keep only as long as necessary).

If you’re unsure how to align your staff practices with the Privacy Act, an Employee Privacy Handbook can help you set clear internal rules around collection, use, and disclosure of employee information.

Key Takeaways

• Random drug and alcohol testing at work can be lawful in New Zealand, but it’s usually most defensible where roles are genuinely safety-sensitive and the approach is proportionate to the risk.
• Testing and searches engage multiple legal duties, including HSWA (safety), the Employment Relations Act (good faith and fair process), and the Privacy Act 2020 (handling sensitive personal information).
• “Random searches” are not one-size-fits-all - bag checks, locker inspections, vehicle checks, CCTV and device access each carry different privacy impacts and need different safeguards.
• Policies need to be introduced properly (including consultation), clearly documented, and applied consistently to avoid grievances and discrimination risk.
• Your process matters as much as your policy - refusals, non-negative results, confirmatory testing, and privacy handling should be planned upfront.
• Strong documentation is your safety net, including aligned contracts, clear privacy rules, and well-managed consent and recordkeeping.

If you’d like help putting the right testing and workplace search settings in place (including policies, employment documents and privacy safeguards), you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.