Privacy Compliance Sweep 2026: Is Your Business Ready?
The privacy commissioner has launched their first-ever compliance sweep in January 2026.
.
Privacy policies of selected businesses are under the microscope, and businesses with non-compliant policies could receive significant penalties. This article explains the privacy compliance sweep, who is being targeted, and how you can ensure your privacy policy is compliant.
What Is the Privacy Compliance Sweep?
Australian businesses should be transparent about the personal information they collect and how they handle it. The privacy commissioner has identified that customers are especially vulnerable when asked for information face-to-face. This is because, unlike online forms where customers can review privacy policies in their own time, in-person requests often pressure people to respond quickly without having full information about how their data will be used. Therefore, the sweep will initially target businesses that collect information during in-person interactions.
Here is a common scenario:
Your gym offers free trials and collects information from potential members. Customers fill out forms with their contact details, health information and preferences. They hand over this information quickly without fully understanding how it will be used. Then they receive persistent marketing calls and emails for weeks.
When customers can not properly review privacy policies, you may over-collect personal information and use it in ways customers did not expect or agree to. The privacy commissioner’s goal is to ensure you are transparent about how you use personal information.
Who Is Being Targeted?
All businesses covered by Australian privacy laws must have a compliant privacy policy. However, this initial sweep is targeting six specific sectors.
The privacy commissioner has selected these sectors because they commonly collect personal information in person, including identification documents, and these sectors have experienced many privacy breaches.
The six sectors under review are:
- rental and property;
- chemists and pharmacists;
- licensed venues;
- car rental companies;
- car dealerships; and
- pawnbrokers and second-hand dealers.
The privacy commissioner will review approximately 60 businesses from these sectors for compliance with privacy policy requirements. This is the first compliance sweep of its kind, and more targeted reviews are likely to follow.
What Do You Need to Do?
If you do not have a privacy policy, you need to have one prepared. If you already have one, now is the time to review it and make sure it is compliant.
What Your Privacy Policy Must Include
Australian privacy laws set out the minimum requirements that a privacy policy must include. This includes that your privacy policy must explain:
- the personal information you collect and hold;
- how you collect and hold personal information;
- why you collect, use and disclose personal information;
- how customers can access the personal information you hold about them;
- how to submit a complaint; and
- whether you send personal information overseas.
Making Your Policy Clear and Accessible
Your privacy policy must be clearly expressed and up to date. This means the privacy policy:
- is written in simple language that a 14-year-old could understand;
- uses headings so people can find information easily;
- is specific to your business, not a generic template;
- is not too long or written in vague language;
- is available free of charge on your website; and
- is updated regularly when your privacy practices change.
What Happens if Your Privacy Policy Does Not Comply?
The privacy commissioner can issue compliance notices requiring you to fix issues with your policy.
Key Takeaways
The first privacy compliance sweep is underway as of January 2026, targeting businesses that collect personal information in person. More sweeps are likely to follow as privacy regulation strengthens across Australia. To be compliant, you need to make sure you have a robust and clear privacy policy in place for your business that meets the requirements. Good privacy practices build customer trust by demonstrating you protect their personal information.
Lauren McKee
Updated on January 27, 2026
legalvision.com.au
Hot Issues
- Payday super part 2: not quite ‘all systems go’
- Privacy Compliance Sweep 2026: Is Your Business Ready?
- 6 ways to improve your business plan
- ‘Looking like a rough start’: SMEs set to feel the pinch as CPI spikes
- Accountants must keep ‘watchful eye’ on financial abuse
- Rare and vanishing: Animals That May Go Extinct Soon"
- What is a Commercial Lease?
- 8 tips to improve your online sales
- ATO cracking down on tax dodgers trying to leave the country
- Digital Assets You Forgot You Own (and Why They Still Matter at Tax Time)
- ‘Not insurmountable’: What accountants need to know ahead of Payday Super
- Heading overseas? Centrelink and the ATO might need to know
- The ATO’s new draft rules could change your holiday home tax claims
- Which country produces the most electricity annually?
- Restructuring Family Businesses: From Partnership to Limited Company
- Choose the right business structure step-by-step guide
- ATO’s holiday home owner tax changes spur taxpayers to be ‘wary and proactive’
- Payday Super part 1: understanding the new law
- A refresher on Medicare levy and Medicare levy surcharge.
- Protecting yourself from misinformation
- Super gender gap slowly narrows
- Countries with the largest collection or eucalyptus trees
- Benchmarks for small business
- Right to Disconnect
- There’s $18.9 billion in lost and unclaimed super - some may belong to you
- Small businesses remain optimistic despite high stress, report reveals
- Tax and your child’s money: what parents need to know including TFNs
- How to declare minor children’s income
- Net cash flow tax: What is it and what will it mean for SMEs?