Australia is kicking off 2026 with a bold move: the Office of the Australian Information Commissioner (OAIC) has launched its first-ever privacy compliance sweep, and it’s targeting one thing in particular — your privacy policy.
This is not your usual regulatory tap on the shoulder. The sweep will scrutinise whether businesses are complying with key requirements under Australian Privacy Principle 1.4, with a particular focus on industries that collect personal information in person and where consumers often lack the information they need to make informed choices.
What the OAIC Sweep Will Focus On
The Commissioner will review the privacy policies of around 60 entities across six sectors identified as high-risk due to “power and information asymmetries”:
- Rental & property
- Chemists and pharmacists
- Licensed venues
- Car rental companies
- Car dealerships
- Pawnbrokers and second-hand dealers
Policies will be assessed to ensure they clearly explain how personal information is collected, used, disclosed, stored, and destroyed, as required by APP 1.4.
And here’s the kicker: non‑compliance may result in penalties of up to $66,000 per infringement, as well as infringement notices under expanded enforcement powers introduced in 2024.
What This Means for Your Business — Even if You’re Not in the Targeted Sectors
While the sweep focuses on specific industries, it’s a clear signal:
Every organisation should treat 2026 as the year for a privacy policy health check.
The OAIC itself has described this as the start of a new era of privacy enforcement.
Businesses should now:
- Review and update your privacy policy
Ensure it is accurate, current, written in plain language, and reflects your actual data-handling practices.
- Understand your data flows
Map how personal information is collected (including in-person), stored, transferred, and deleted.
- Check alignment with APP 1.4
Your policy must cover the prescribed elements — omission is now a regulatory risk.
- Factor in any new technologies
If you have adopted AI tools, digital identity verification, biometric processes or new platforms, your policy needs to keep up.
How MM Legal+ Can Help (and take the stress off your plate)
At MM Legal+, we are already helping businesses get ahead of the OAIC’s heightened expectations. Our team can support you with:
✔ Privacy Policy Review & Redrafting
A clear, compliant, and user-friendly policy aligned with APP 1.4.
✔ Gap Analysis Against OAIC Requirements
We tell you exactly where the gaps are — and what to fix.
✔ Regular Updates via Subscription or Fixed-Fee Packages
Ideal for organisations that want ongoing compliance without the ad‑hoc costs.
✔ Updates to Related Policies
Including data breach response plans, collection notices, cybersecurity policies, and retention/deletion frameworks.
You stay compliant. We handle the heavy lifting. Easy.
