Facebook-f Twitter Linkedin
Anti Corruption Consultants Australia Logo

Workplace Compliance

Is Legal Professional Privilege Still Relevant for Workplace Investigations in 2026? Updated article

by

Is Legal Professional Privilege Still Relevant for Workplace Investigations in 2026?

Updated for 2026: New Case Law and Practical Lessons

This article has been updated to include recent Federal Court commentary, Fair Work Commission decisions and practical guidance for councils, government agencies and SMEs conducting workplace investigations where legal professional privilege may be in issue.  Original article can be read here

Many councils, government agencies, and employers still believe that hiring lawyers to carry out a workplace investigation automatically protects the process with legal professional privilege.

That idea is still risky.

Australian courts and tribunals keep confirming that simply having a law firm involved does not create privilege. The crucial question is whether the investigation is mainly to get legal advice or to get ready for a lawsuit.

By 2026, this problem has become more important because investigations now more often include:

  • psychological and social risks
  • accusations of bullying and harassment
  • complaints about unwanted sexual behaviour
  • reporting of wrongdoing by an insider
  • code of Conduct breaches
  • conflicts of interest
  • fraud and corruption allegations
  • unfair dismissal proceedings; and
  • workers’ compensation and workplace conflicts

Employers who do not understand privilege may accidentally reveal sensitive information during lawsuits, Commission hearings, court reviews, and investigations.

The Key Legal Principle

The High Court’s decision in Esso Australia Resources Ltd v Commissioner of Taxation (1999) 201 CLR 49 is still the fundamental rule. Privilege applies only when the main reason for the communication or document is to get or give legal advice, or to use it in current or expected legal cases.

Who the investigator is does not matter.

If the primary goal of the investigation is to find out if rules were broken, if bad behaviour happened, or if someone should be disciplined, then privilege might not protect the information.

The Fair Work Commission Warning Employers Still Ignore

One of the most important workplace investigation decisions is Gaynor King [2018] FWC 6006.

The City of Darwin hired Minter Ellison to look into bullying claims. The Council later said the report was confidential because lawyers carried out the investigation.

Commissioner Wilson did not accept that argument.

The Commission looked into the real reason for the investigation and found that the main goal was to see if workplace behaviour rules and Council policies were broken, not to get legal advice.

The Commission also looked at how the employer acted: employees were told about the investigation, the accusations, and the results. Sharing this information weakened the claim of privilege.

That decision is still very important in 2026 because many organisations still organise investigations in ways that do not protect privilege.

Why Some Investigation Reports Remain Protected

Privilege applies when the investigation is done mainly to get legal advice.

In the cases Bowker, Coombe and Zwarts v DP World Melbourne Ltd [2015] FWC 7312 and Kirkman v DP World Melbourne Ltd [2016] FWC 605, the Fair Work Commission agreed that certain information was protected because the investigators were hired specifically to help lawyers give legal advice.

The Commission examined:

  • the exact words used in the retainer
  • the role of the lawyers
  • the reason for the investigation
  • how documents were managed
  • whether findings were broadly disclosed; and
  • whether the employer kept things confidential as they should

Privilege is determined by how things are organised, their goals, and how people behave—not by job titles or guesses.

Recent Federal Court Commentary (2023–2026)

The Federal Court’s decision in Diawara v National Australia Bank Limited [2023] FCA 1048 provides one of the most important recent clarifications. (Australasian Lawyer)

The case was about a claim of privilege over a cultural review report created during a discrimination dispute. The Court confirmed that:

  • the dominant purpose test remains the central inquiry
  • the focus is on why the person made or obtained the document
  • the party claiming privilege must prove the necessary facts; and
  • privilege can apply even if the document is used for secondary or additional purposes

The Court looked at the agreement between Herbert Smith Freehills and Wise Workplace Solutions and agreed that the main reason for the report was to help the lawyers legally advise NAB.

This decision confirms that privilege can be kept, but only when the evidence clearly shows that the main reason was legal advice.

Recent Oversight Commentary

A 2022 external review by the South Australian Ombudsman highlighted the importance of the dominant purpose test when evaluating claims of privilege over investigation materials. The Ombudsman said that if investigations mainly focus on gathering facts about employee complaints or policy violations, claims of privilege might fail unless the evidence clearly shows the investigation was for obtaining legal advice.

The Ombudsman also emphasised that labelling a document “privileged and confidential” does not make it privileged. Courts and oversight agencies will focus on the true nature of the work and the actual reason for the investigation.

Why This Matters for Local Government

The problem is especially serious for councils.

Local government investigations often include:

  • councillor behaviour
  • allegations against a senior executive
  • code of Conduct matters
  • complaints about bullying
  • procurement concerns
  • allegations of corruption
  • protected disclosures; and
  • conflicts of interest

Many councils believe that hiring outside lawyers guarantees privacy.

That assumption becomes a problem when things get to:

  • The Fair Work Commission
  • NCAT
  • ICAC
  • The NSW Ombudsman
  • Legal process
  • Public interest disclosure investigations; or
  • Judicial review.

If privilege doesn’t apply, sensitive information might be exposed, including:

  • draft findings;
  • internal communications;
  • witness credibility assessments;
  • legal assumptions;
  • procedural weaknesses; and
  • governance failures.

 

The Practical Lessons for Employers in 2026

Organisations should not automatically assume they have special rights just because lawyers are investigating.

The safer approach is to separate:

  • factual investigations
  • disciplinary decision-making
  • witness evidence collection; and
  • legal advice.

Employers should get advice early on how to organise the investigation before choosing investigators.

  • Retainer documents are important.
  • How the investigation is carried out is important.
  • How findings are shared is important.
  • How reports are shared is important.
  • How the organisation uses the report later may decide if the privilege continues.

Often, the best protection isn’t a privilege.

The best way to protect yourself is by carrying out investigations that are:

  • procedurally fair
  • impartial
  • based on evidence
  • properly documented; and
  • capable of withstanding external scrutiny

The main lesson from the Commission, the Federal Court, and oversight authorities is still the same.

In 2026, organisations that still do not understand legal professional privilege may find out too late that their supposedly confidential investigation materials can be revealed during lawsuits or regulatory checks.

Are your policies putting you at risk?

by

Your Policies Might Be Putting You at Risk

Many organisations highlight their policy library as evidence of effective governance oversight. After reviewing thousands of investigations, audits, and compliance failures, one fact remains unequivocally clear:

An ignored policy can create greater risk than having no policy at all.

Across Australia, organisations are increasingly facing this challenge through employee complaints, regulatory scrutiny, Ombudsman inquiries, integrity investigations, and costly litigation. The pattern remains consistent: the policy is established, yet the practice is not implemented.

The discrepancy between documented policies and actual practices now constitutes one of the most significant governance risks confronting employers.

This is precisely where ACCA provides help.

The Hidden Risk Inside Your Policy Library

Most organisations cannot answer three basic questions:

  • When were your policies last reviewed?
  • Do your staff members understand these?
  • Could you provide evidence that they are being followed?

If the response to these questions is unclear, your organisation may be at risk.

Outdated Policies Create Legal and Regulatory Exposure

Legislation changes. Case law evolves. Regulators raise expectations.

However, many organisations continue to rely on policies that were written five, seven, or even ten years ago. A bullying policy developed before implementing psychosocial risk obligations, or a sexual harassment policy established before positive duty reforms, is outdated and is a potential liability.

Untrained staff Cannot comply with rules they do not understand

In investigations, employees regularly state:

  • “I think I saw it when I started.”
  • “I know we have one, but I’ve never read it.”
  • “I didn’t know that was required.”

Courts and regulators routinely assess whether employees received training, whether policies were readily accessible, and whether expectations were consistently reinforced. A policy that lacks clarity and understanding is indefensible.

Managers who ignore policies create evidence against the Organisation

This is the most severe failure.

When managers circumvent procurement regulations, disregard grievance procedures, neglect to get conflict of interest declarations, or delay investigations, they generate a paper trail that compromises the organisation’s defence.

Courts evaluate actions rather than assurances.

A carefully drafted policy that is not followed may strengthen a claim against your organisation.

Why Councils and Public Entities Face Even Greater Scrutiny?

Local government and public sector bodies uphold comprehensive policy frameworks, including codes of conduct, procurement protocols, conflicts of interest management, fraud control, public interest disclosures, delegations, and governance structures.

However, volume does not equate to compliance.

Integrity agencies, auditors, and investigators consistently identify discrepancies between documented requirements and actual practices. These gaps result in reputational harm, determinations of maladministration, and, in certain instances, an elevated corruption risk.

This is the point at which independent oversight becomes essential.

How ACCA Protects Your Organisation

ACCA specialises in identifying the specific risks outlined above before their development into legal, financial, or reputational issues.

We offer independent, expert compliance support through:

  1. Policy Health Checks

Thoroughly evaluate your current policies to confirm they accurately reflect:

  • current legislation
  • recent case law
  • regulator expectations
  • contemporary workplace risks

We identify gaps, inconsistencies, and outdated content and deliver clear, actionable recommendations.

  1. Compliance Audits

We assess the extent to which your policies are being implemented. This encompasses:

  • reviewing real‑world practices
  • interviewing staff
  • assessing training and awareness
  • examining documentation and decision-making
  • identifying where managers are bypassing requirements

This is the evidence that regulators seek — and the evidence that most organisations do not possess.

  1. Practical, Targeted Training

We provide training that staff effectively comprehend and retain. No jargon. No generic slides. Clear, practical guidance specifically tailored to your risk profile.

  1. Implementation Support

Policies only work when embedded. We help you:

  • communicate expectations
  • reinforce standards
  • establish monitoring processes
  • hold managers accountable

This transforms policies from static documents into dynamic controls.

If you have not tested your policies, you do not know your Risk

Most organisations can tell you how many policies they have. Few individuals can determine whether those policies are effective.

If your policies have not undergone independent review within the past two years, staff have not received training, or compliance has never been tested, it is important to act now.

When a regulator, investigator, or tribunal reviews your organisation, they will not be impressed by the volume of your policy library.

They will try to determine whether your staff adhere to it.

Strengthen your governance before someone else tests it

ACCA helps organisations to bridge the gap between policy and practice, thus safeguarding against preventable legal, financial, and reputational risks.

If you want to assess the effectiveness of your policies or require an independent compliance review, ACCA is available to help.

Contact ACCA today to schedule a confidential consultation regarding your policy framework and compliance risks.

 ([email protected])

 

Governance Matters — Especially When Nobody Is Watching

by

Governance Matters — Especially When Nobody Is Watching

Governance Looks Strong on Paper — But Is It?

Today, most organizations publicly champion governance, compliance, and accountability.

They publish policies, codes of conduct, procurement procedures, fraud control frameworks, workplace behaviour standards, and risk management plans. Boards and executive teams routinely tackle integrity, transparency, and compliance obligations.

Despite these efforts, governance failures persist across Australia.

By 2026, policies are rarely the problem. The problem is whether those policies are truly understood, consistently applied, properly enforced, and backed by leadership behaviour.

Many organizations seem compliant outwardly, while serious problems silently brew beneath.

This remains a top governance risk for councils, government agencies, and SMEs.

Why Governance Failures Still Occur in 2026

Modern organizations navigate ever-tougher environments.

Councils and government departments confront:

  • rising community expectations
  • tighter financial pressures
  • increasing regulatory obligations
  • workforce shortages
  • cyber security threats
  • procurement scrutiny
  • heightened public accountability

SMEs face these common challenges:

  • rising operating costs
  • staffing pressures
  • economic uncertainty
  • increasing compliance obligations
  • intense commercial competition

Under pressure, organizations can slowly normalize poor practices.

Shortcuts may replace proper processes. Oversight can weaken. Employees may avoid reporting concerns out of fear of conflict, reputational damage, or career repercussions.

Importantly, governance failures seldom start with major misconduct.

They often start with small rationalizations:

  • “we need to get this project finished.”
  • “everyone does it this way.”
  • “it’s only temporary.”
  • “the organization cannot afford delays.”

Repeated compromises eventually erode accountability, transparency, and organizational integrity.

Performance Pressure and Ethical Risk

A top governance risk in 2026 is performance pressure.

Many organizations intensely focus on:

  • financial performance
  • project delivery
  • operational targets
  • KPIs
  • political expectations
  • public image

While performance matters, problems arise when organizations prioritize outcomes over ethical decisions and proper oversight.

This can foster environments where employees feel pressured to:

  • manipulate reporting
  • ignore compliance failures
  • bypass procurement controls
  • avoid documenting concerns
  • conceal mistakes
  • protect reputations instead of addressing problems

In many investigations, warning signs appeared well before formal action.

The failure was not because of lack of information. The failure was the unwillingness to confront the problem early.

Why Councils and SMEs Remain Vulnerable

Local Government Risks

The failure was the unwillingness to confront the problem early.

  • public funds
  • procurement processes
  • development approvals
  • community services
  • infrastructure projects
  • regulatory functions

Even the perception of favoritism, poor transparency, weak procurement controls, or inconsistent decisions can erode community confidence.

Public trust is hard to earn and easy to lose.

Poor governance also exposes councils to:

  • reputational damage
  • regulatory scrutiny
  • legal disputes
  • workplace conflict
  • adverse media attention
  • loss of community confidence

SME Risks

SMEs face distinct yet equally serious governance challenges.

Smaller organizations often depend on trusted staff, informal systems, and minimal oversight.

Without strong internal controls, businesses risk becoming vulnerable to:

  • procurement manipulation
  • payroll irregularities
  • fraud
  • conflicts of interest
  • financial misconduct
  • cyber-related scams
  • poor record keeping

In many SMEs, governance weaknesses are not deliberate. They develop gradually because operational pressures take priority over oversight.

Warning Signs Leaders Often Ignore

They develop gradually as operational pressures overshadow oversight.

Common indicators include:

  • resistance to scrutiny
  • poor record keeping
  • inconsistent decision-making
  • weak procurement controls
  • lack of policy enforcement
  • repeated complaints about transparency
  • employees afraid to report concerns
  • senior staff avoiding accountability
  • excessive reliance on one employee controlling key functions
  • unexplained financial anomalies
  • informal approval processes
  • poor complaint handling

Organizations must take these indicators seriously.

Unaddressed small issues can escalate into major organizational, financial, and reputational risks.

Governance Is More Than Compliance

Strong governance isn’t about the number of policies an organization has.

It is measured by:

  • leadership behaviour
  • accountability
  • transparency
  • ethical decision-making
  • effective oversight
  • consistent policy enforcement
  • willingness to address misconduct
  • organizational culture

Policies alone don’t build integrity. Leadership behaviour does.

Leadership behaviour delivers.

When leaders dodge tough talks, skip consistent standards, or put reputation over accountability, organizational culture can quickly decay.

Building a Culture of Accountability

Organizations that manage governance risks effectively share key characteristics.

They:

  • encourage reporting of concerns
  • respond to complaints consistently
  • maintain strong procurement and financial controls
  • review policies regularly
  • provide ongoing staff training
  • support independent oversight
  • act early when warning signs emerge
  • prioritize transparency and accountability

Strong organizations know governance is not a onetime exercise.

Governance demands constant focus, regular review, and strong leadership commitment.

Final Thoughts

Governance failures continue to harm councils, government agencies, and SMEs across Australia.

The lesson is obvious.

A policy on a shelf offers little protection without a culture of integrity, accountability, transparency, and ethical leadership.

Real governance is not about appearances.

It is about what leaders, managers, and employees do when no one’s watching.

Contact [email protected] for help in these areas.

FREE Fraud Health Check for Small Businesses

Think you might be the Victim of Fraud? 

Fill out the form below to get sent our free survey that provides you with an indication of the potential vulnerability of your business to fraudulent activities.

    FREE Fraud Health Check for Businesses

    Think you might be the Victim of Fraud? 

    Fill out the form below to get sent our free survey that provides you with an indication of the potential vulnerability of your business to fraudulent activities.