Australia’s Privacy Regulator Beginning 2026 With Its First Compliance Sweep

Jan 16 2026
Browse archives for January 16, 2026
Posted in

Privacy, Data Protection & Information Management

Tagged with , , , ,
Share

By: Rob Pulham, Cameron Abbott, and Annaliese Filippis (Graduate, Melbourne)

The Office of the Australian Information Commissioner (OAIC), Australia’s privacy regulator, is conducting its first ever privacy compliance sweep, as of this January. The compliance sweep will include a review of the privacy policies of businesses that collect information in person.

The OAIC is focusing on businesses in industries with practices that involve the in-person collection of personal information.

Approximately 60 entities from the following sectors will have their privacy policies assessed, focusing on ensuring that they meet the requirements under Australian Privacy Principle 1.4:

  • Rental and property;
  • Chemists and pharmacists;
  • Licenced venues;
  • Car rental companies;
  • Car dealerships; and
  • Pawnbrokers and second-hand dealers.

Businesses found to have non-compliant privacy policies may face consequences including compliance and infringement notices that could include penalties of up to AUS$66,000 under the OAIC’s new enforcement powers.

If your business operates in these industries, it’s a timely reminder to check your privacy policies and collection notices to ensure that they are current, compliant, and accurately reflect how your business handles personal information.

For more information about the compliance sweep, see OAIC’s media release here.

Copyright © 2025, K&L Gates LLP. All Rights Reserved.