BOK logo
CHARTERED ACCOUNTANTS

Privacy Compliance Sweep 2026: Is Your Business Ready?

Share this article:

The privacy commissioner has launched their first-ever compliance sweep in January 2026.

.

Privacy policies of selected businesses are under the microscope, and businesses with non-compliant policies could receive significant penalties. This article explains the privacy compliance sweep, who is being targeted, and how you can ensure your privacy policy is compliant.

What Is the Privacy Compliance Sweep?

Australian businesses should be transparent about the personal information they collect and how they handle it. The privacy commissioner has identified that customers are especially vulnerable when asked for information face-to-face. This is because, unlike online forms where customers can review privacy policies in their own time, in-person requests often pressure people to respond quickly without having full information about how their data will be used. Therefore, the sweep will initially target businesses that collect information during in-person interactions. 

Here is a common scenario:

Your gym offers free trials and collects information from potential members. Customers fill out forms with their contact details, health information and preferences. They hand over this information quickly without fully understanding how it will be used. Then they receive persistent marketing calls and emails for weeks.

When customers can not properly review privacy policies, you may over-collect personal information and use it in ways customers did not expect or agree to. The privacy commissioner’s goal is to ensure you are transparent about how you use personal information.

Who Is Being Targeted?

All businesses covered by Australian privacy laws must have a compliant privacy policy. However, this initial sweep is targeting six specific sectors.

The privacy commissioner has selected these sectors because they commonly collect personal information in person, including identification documents, and these sectors have experienced many privacy breaches.

The six sectors under review are:

  • rental and property; 
  • chemists and pharmacists;
  • licensed venues;
  • car rental companies;
  • car dealerships; and
  • pawnbrokers and second-hand dealers.

The privacy commissioner will review approximately 60 businesses from these sectors for compliance with privacy policy requirements. This is the first compliance sweep of its kind, and more targeted reviews are likely to follow.

What Do You Need to Do?

If you do not have a privacy policy, you need to have one prepared. If you already have one, now is the time to review it and make sure it is compliant.

What Your Privacy Policy Must Include

Australian privacy laws set out the minimum requirements that a privacy policy must include. This includes that your privacy policy must explain:

  • the personal information you collect and hold;
  • how you collect and hold personal information;
  • why you collect, use and disclose personal information;
  • how customers can access the personal information you hold about them; 
  • how to submit a complaint; and
  • whether you send personal information overseas.

Making Your Policy Clear and Accessible

Your privacy policy must be clearly expressed and up to date. This means the privacy policy:

  • is written in simple language that a 14-year-old could understand;
  • uses headings so people can find information easily;
  • is specific to your business, not a generic template;
  • is not too long or written in vague language;
  • is available free of charge on your website; and
  • is updated regularly when your privacy practices change.

What Happens if Your Privacy Policy Does Not Comply?

The privacy commissioner can issue compliance notices requiring you to fix issues with your policy.

Key Takeaways 

The first privacy compliance sweep is underway as of January 2026, targeting businesses that collect personal information in person. More sweeps are likely to follow as privacy regulation strengthens across Australia. To be compliant, you need to make sure you have a robust and clear privacy policy in place for your business that meets the requirements. Good privacy practices build customer trust by demonstrating you protect their personal information.

 

 

 

Lauren McKee
Updated on January 27, 2026
legalvision.com.au

Want to know more?

Do you have a question about something you've read in this article? Need more information? Want to book an appointment? Simply let us know below and we'll get back to you ASAP.

Share this article:

Disclaimer

In the preparation of this website every effort has been made to provide accurate and timely information. However, errors can occur and applicable laws and regulations may change.

The information contained in the site is general and is not intended to serve as advice. No warranty is given as to the reliability of any information.

Users are encouraged to consult with professional advisers for advice before making any decisions that affect their own interests.

Bourke O’Brien Kennedy disclaims all and any liability to any person as to the consequences of anything done or omitted to be done by any person in reliance whether wholly or partially, upon any information contained in this website.

Links on this website are to resources managed by other parties over whom Bourke O’Brien Kennedy has no control. As such, Bourke O’Brien Kennedy accepts no responsibility as to the accuracy of any statement, opinion or advice contained in any of the supplied information and readers should rely on their own enquiries before making any decisions affecting their own interests.

Privacy Policy

We will only use the information you provide to us to respond to your requests and provide you with information about Bourke O’Brien Kennedy services.

Whenever you receive information from us electronically, you will always have an opportunity to request not to receive the information again and your wishes will be respected.

If you send us a curriculum vitae (CV) to apply for a position with Bourke O’Brien Kennedy, we will only use that information to consider you for available opportunities.

We do not share personal information with third parties except as necessary to carry out our business or as required by law or other processes. We do not sell personal information. All personnel with access to personal information ensure to maintain its confidentiality.

If you have questions or comments about anything to do with our website, please do not hesitate to contact us at bok@bok.com.au