Managing customer driven violence: A legal and WHS imperative for organisations

/ Leave a Comment / Injury, Laws, Mental Health, Safety

Customer‑driven violence is no longer confined to late‑night venues or emergency services. Across Australia, workers in retail, banking, healthcare, transport and service environments are increasingly subjected to abuse, threats and physical assault. What was once dismissed as “part of the job” is now firmly recognised as a serious work health and safety (WHS) risk, exposing organisations to regulatory, financial and reputational consequences if not properly managed.

Why is customer driven violence now a systemic risk?

Violence and aggression as a WHS hazard

Customer‑driven violence is no longer episodic. It reflects a sustained change in customer behaviour that has materially altered the risk profile of consumer‑facing work, particularly in retail, hospitality, logistics, deliveries and high‑volume service environments. Frontline workers are increasingly absorbing heightened public frustration, often with limited controls at the point of service.

Under the model WHS framework, organisations must eliminate, or otherwise minimise, risks to health and safety so far as reasonably practicable. This includes risks to both physical and psychological health. Psychosocial hazards expressly include violence and aggression, bullying, sexual and gender-based harassment, and conflict or poor workplace relationships.[1]

These duties operate alongside the national positive duty under the Sex Discrimination Act 1984 (Cth) to eliminate sexual harassment, sex-based harassment, hostile work environments on the ground of sex, and related victimisation.

The conduct workers experience often extends beyond raised voices to intimidation, threats, gendered abuse and sexual harassment. Lone workers and younger employees are particularly exposed. Where post‑incident support is inadequate, the risk of disengagement and psychological harm increases.

Hate crime and prohibited hate group developments

The Criminal Code Amendment Hate Crimes Act 2025 (Cth) strengthened offences for advocating force or violence against protected groups, created new offences for threatening force or violence against groups or members of groups, and expanded the prohibited symbols regime. Although these are criminal laws, they interact with workplace risk where public facing staff are targeted, or where online hostility spills into physical locations. Organisations should be aware of the potential for increased criminal exposure where threatening conduct or prohibited symbols appear in or around the workplace and ensure they have effective prevention, reporting and police referral protocols.

What the numbers are saying right now

The data highlights a persistent escalation in rates of workplace violence. Two in three workers report experiencing customer aggression, with one in four encountering it at least weekly.[2] From 2017 to 2022, serious claims for assault and exposure to workplace violence increased by 56%, with women making claims at materially higher rates than men.[3] Safe Work Australia’s data and sector survey reports indicate that serious workers’ compensation claims for assault and exposure to workplace violence have increased over the same amount of time, with customers and clients being the primary source of violence.[4]

The financial and operational implications are significant. Organisations face higher premiums, greater legal and investigation costs, service interruptions, store closures, reduced trading hours and lower productivity. National statistics show that mental health claims carry longer durations of time away from work, which compounds cost and resourcing pressures.[5] Additionally, incidents can be quickly amplified on social media which has the potential to damage the brand and reputation amongst the customers or clients, investors and insurers.

Regulatory and legal landscape

Regulator prevalence

Regulators are increasingly scrutinising how organisations manage psychosocial risk. A structured risk management approach is expected, including hazard identification, consultation, implementation of controls and regular review.

The Safe Work Australia Model Code of Practice for managing psychosocial hazards emphasises the hierarchy of controls, prioritising work design and environmental controls over training or resilience‑based approaches.[6] This position has been reinforced by the Work Health and Safety Regulation 2025 (NSW) and the Occupational Health and Safety (Psychological Health) Regulations 2025 (Vic).[7]

Technology driven controls, including artificial intelligence and facial recognition systems, give rise to interconnecting legal obligations that organisations must manage alongside WHS duties. The use of AI in the workplace presents both opportunities and legal risk, particularly where automated decision making, surveillance or biometric data is involved. Organisations need to ensure that AI initiatives are subject to appropriate governance, documented risk assessments and ongoing review.

Incident notification reforms

Safe Work Australia published amendments to the model Work Health and Safety Act that significantly expand incident notification requirements.[8] Once enacted into state and territory laws, organisations will be required to notify the regulator of:

  • Violent incidents that expose a person to a serious risk of psychological harm, as an expressly identified notifiable incident.
  • Extended absences of 15 or more consecutive days due to a work-related injury or illness.
  • Suicide and attempted suicide where there is an indication of a link to work or the work environment.

The reforms further clarify serious injury and illness definitions and expand the duty to preserve evidence including digital records and witness details.[9]

Penalties and enforcement risk

Failure to implement effective psychosocial hazard controls or to notify reportable incidents can result in improvement notices, enforceable undertakings, or prosecution. Penalties under the model laws are significant, and industrial manslaughter offences now apply across Australia, carrying very large fines for corporations and potential imprisonment for officers. Regulators increasingly expect boards and senior leaders to actively verify that critical controls for violence and other associated hazards are in place and operating effectively.

Next steps for organisations

Preventative measures

Organisations must ensure appropriate preventative measures are in place to manage violence and aggression in the workplace. This includes:

Workplace design

Environmental and engineering controls should be the first line of defence against violence and aggression. Responses should reflect the hierarchy of controls that regulators expect for psychosocial hazards, not just traditional physical risks.[10] Organisations should consider the following:

  • Improving visibility through clear lines of sight, appropriate lighting, monitored entry points and secure cash handling areas.
  • Limiting access to objects that could be used as weapons.
  • Design counters and workstations to provide separation where needed.
  • Regular testing of panic and duress alarms, and CCTV devices.
  • Where logistics and delivery are involved, practical measures such as route planning, time of day controls, lone worker check ins and GPS monitoring.

Work systems

Effective systems of work play a critical role in preventing and managing incidents. Organisations should consider the following:

  • Rostering adequate staffing during predictable peak periods.
  • Where there are known or repeat aggressors, responses should be structured and consistent, including behavioural management plans, trespass notices, and pre‑agreed escalation to centre security or police.
  • Empowering staff with clear pre‑incident controls, such as the ability to refuse service safely when required.
  • Additional obligations when using AI-enabled safety technologies, including AI-assisted CCTV analytics that detect escalating behaviour, crowding or distress indicators, automated alert systems linked to duress alarms, and facial recognition technology to identify known repeat aggressors. While these tools can strengthen early intervention, improve response times and reduce reliance on frontline workers to personally manage high-risk interactions, their use must be carefully designed to comply with privacy, surveillance and discrimination laws and integrated into a broader violence prevention framework.

Training and education

Organisations should focus on ensuring their workers can respond to violence and aggression through effective training and education, including:

  • Scenario-based training that moves beyond standalone e‑learning modules and instead focuses on building skills in situational awareness, early intervention, de‑escalation, and safe withdrawal when risks escalate
  • Where AI driven monitoring or biometric technologies are introduced, workers should be consulted early, trained on how technologies operate in practice, and reassured about the limits of their use. Transparent communication and consultation about purpose, data handling and escalation pathways is critical to ensuring that technology supports safety rather than undermining psychological wellbeing.

Coordination across supply chains

Effective prevention depends on clear consultation and coordination across the supply chain. This may include landlords and centre management in shopping centres, franchisors and franchisees in network models, labour hire providers, and delivery or security partners. A coordinated approach should ensure:

  • Clear documentation of the roles and responsibilities of all individuals.
  • Effective agreements that address security coverage, incident escalation pathways, evidence preservation, and information sharing following incidents.
  • Ensuring practical coordination and consultation, not just contractual arrangements, in line with regulator expectations.

Policies and culture

Organisations should ensure workplace culture and policies are effective in managing violence and aggression. These measures are important in reducing risk and supporting regulatory compliance, and include:

  • A violence prevention policy which discloses behavioural standards, security rules, and escalation pathways. This should make clear the expectations about unacceptable conduct by customers, visitors, and workers, prohibited symbols or behaviours, and when police involvement is mandatory.
  • Clear policies relating to preserving incident sites and evidence, including digital records such as CCTV footage, phone data, emails, and witness contact details.
  • Ensuring leaders and supervisors role model expected behaviours, reinforce standards consistently, and intervene early in cases of internal aggression, bullying, or harassment. Respect@Work obligations and WHS duties should be considered together, so managers understand that both frameworks require proactive prevention, not just complaint handling.[11]
  • Actively encouraging workers to report workplace violence and aggression, given research has identified that workers are likely under-reporting the incidents they experience.[12]

Effective incident responses

Organisations must ensure they have effective initial response measures to deal with violence and aggression in the workplace. This includes:

  • Safety: Securing the area and contacting emergency services where required.
  • Documentation: Incidents should be recorded promptly and evidence preserved. Under recent model law changes, preservation obligations extend beyond the physical scene to include relevant digital records and witness details.[13]
  • Notification: Review and update incident notification procedures to align with the model law amendments released on 5 December 2025,
  • Referral: Where incidents involve threats or hostility directed at protected groups, or the use of prohibited symbols, ensure police referral pathways are followed and internal policies are applied consistently.
  • Review: Look beyond individual actions to examine system controls, staffing arrangements, environment, and training. Any lessons learned in this review should be incorporated into future preventative measures.

Post-incident management

After an incident, timely support matters. Organisations should make clinical and practical support visible and easy to access. This includes embedding psychological first aid, promoting employee assistance services, and offering safe rostering, modified duties, or adjusted hours where needed. Strong recovery systems help reduce harm, support recovery, promote workforce stability, and reinforce that safety is a shared responsibility.

Key takeaways

Customer‑driven violence is a legal, operational and reputational risk requiring proactive management. Organisations that invest in safer environments, strong systems of work, frontline capability and coordinated responses across complex operating models are better placed to protect their people and meet rising regulatory expectations.

With expanded psychosocial duties (more on this here from Gadens), enhanced incident notification obligations, the Respect@Work positive duty and evolving hate crime laws, inaction now carries significantly greater consequences.

Proactive action now is not only safer, but it is the smarter legal, operational, and reputational choice.

To view all formatting for this article (eg, tables, footnotes), please access the original here.

Source: Lexology

Leave a Comment


Warning: Undefined array key "sfsi_threadsIcon_order" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 165

Warning: Undefined array key "sfsi_riaIcon_order" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 166

Warning: Undefined array key "sfsi_inhaIcon_order" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 167

Warning: Undefined array key "sfsi_blueskyIcon_order" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 170

Warning: Undefined array key "sfsi_mastodonIcon_order" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 179

Warning: Undefined array key "sfsi_mastodon_display" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 284

Warning: Undefined array key "sfsi_snapchat_display" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 293

Warning: Undefined array key "sfsi_reddit_display" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 290

Warning: Undefined array key "sfsi_fbmessenger_display" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 287

Warning: Undefined array key "sfsi_tiktok_display" in /home/monitlive/public_html/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 281
error

Enjoy this blog? Please spread the word :)