The breaches included unauthorised access to the tax file numbers of union members and delegates.

Sources have told The Australian that part of the secret operation, code-named the Pluto Project, involved giant construction company Thiess providing high-level access to an IT expert working for Bruce Townsend, the infamous strike-breaker recruited to run the project. It is understood that Mr Townsend - the so-called "No 1 scab of Australia" - and his company Australian Security and Investigations could have been paid millions of dollars if the potential scope of Pluto Project had continued to its planned end date of December next year.

Thiess's chief executive for Australia, Nev Power, yesterday condemned the hiring by his managers of Mr Townsend as "totally inappropriate and contrary to Thiess's business practice". However, he added: "At this stage I have seen no evidence of privacy breaches and I remain hopeful that is the case.

"Reports came from ASI with information gathered from various sources but some of this appeared to be websites, a lot of it was publicly available stuff."

Mr Power said he had not seen evidence that any records of telephone calls by union delegates were examined. He said it appeared there was "a very small number of people who knew anything about it (Pluto Project) and only a couple of individuals who understood the totality of it". Mr Power and other Thiess executives say they were unaware of Mr Townsend's role or the Pluto operation until advised by The Australian on Wednesday.

The chief executive said it was apparent from documentation that Mr Townsend was motivated to continue to promote himself and his services to the plant's managers, who terminated his arrangement after 15 weeks in June after deciding he was not an appropriate contractor.

Thiess managers had also become increasingly concerned about maintaining secrecy and dealing with the intelligence being gleaned by operatives brought into the workforce, sources said.

Thiess project director Greg Miller and human resources manager Marcus Carroll allegedly had direct and secret contact with Mr Townsend to receive his reports and advice.

Mr Miller and Mr Carroll were stood down by Mr Power late yesterday owing to "the serious nature of this matter", pending investigation by external lawyers.

When contacted, Mr Miller referred questions to Thiess senior executives and said it would be inappropriate to comment. Mr Carroll did not return calls.

Sources said a specially tailored software program helped ASI operatives track and report to Thiess on any anti-employer and pro-union activities of people with links to the desal plant. Any evidence of militant behaviour was of particular interest.

The software program is alleged to have ensured that information about individuals was sourced, collated, data-matched, linked with other people and analysed for intelligence that could be helpful in managing the workforce at the desal plant.

An informant with direct knowledge said he believed the access provided and the extent of the intrusions were indefensible and in breach of privacy and workplace laws. Sources claim some of the data made available to ASI by Thiess, along with the product of investigative work by ASI, was put into comprehensive secret reports. However, it is understood that while ASI had access to information including tax file numbers and workers' child support payments, these details were not put into the reports.

Mr Power said on Wednesday he was advised that Mr Townsend and ASI were involved as security consultants because of concerns over some reports of theft and unsatisfactory reference-checking of people seeking work at the plant.

But sources claimed the work assigned by Thiess to Mr Townsend and ASI was much wider and involved spying on the unions on the worksite as well as the potential recruitment of an alternative workforce in the event of unions delaying the project.

Mr Townsend, the man most hated by unionists and who was released from prison two years ago after being jailed in Tasmania for receiving stolen cars and trucks, refused to comment yesterday at his offices in an industrial estate in Hobart.

Lawyers specialising in Victorian employment and privacy law said it was likely Thiess had broken the law in accessing the sensitive employee information.

Maurice Blackburn solicitor Siobhan Keating said her colleagues were stunned to read the revelations on the Pluto project in The Australian yesterday.

"Our reaction is one of shock. It is an extraordinary step that the employer took, and one that completely undermines the trust and confidence that employees can have in their employer."

Ms Keating said courts could award significant damages to employees for egregious breaches of privacy. It was only permissible for an employer to gather information that was relevant to an employee's performance of their duties, Ms Keating said.

Industrial relations barrister Bruce Shaw said under Victorian law, companies could be fined up to $100,000 for improperly gathering information on their workers.

Victorian Privacy Commissioner Helen Versey said the Thiess Degremont joint venture would be bound by the state's Information Privacy Act because it was contracted to perform work under a state contract.

Under the Information Privacy Act, employers may only collect information relevant to an employee's performance of their duties, and the information may be collected only by lawful and fair means, with the employee's knowledge and consent. An employer is forbidden to pass on the information it has collected to third parties.

More related stories

Podcasts

How smooth swindler stole $7m

A major investigative series will uncover tens of millions of dollars worth of frauds committed by Hamish McLaren | LISTEN

Read more

Aviation

Bestjet’s collapse exposes law flaws

Thousands of travellers have been left worse off because consumer protection laws were scrapped several years ago.

Read more