The OAIC last week announced that it will undertake its first-ever compliance sweep by conducting a targeted review of approximately 60 businesses’ privacy policies.
As outlined in the announcement, the sweep will begin in the first week of January and will scrutinise the privacy policies of businesses that collect personal information in person, including real estate agents, chemists, licenced venues, car rental companies, car dealerships and pawnbrokers and second-hand dealers.
Changes to the Privacy Act (“Tranche 1”) which passed the Parliament in late 2024, gave the OAIC the power to issue compliance notices to encourage organisations to remedy a breach, as well infringement notices up to $66,000 for administrative breaches including non-compliant privacy policies.
The OAIC will target ‘high profile and high-risk’ entities within the targeted sectors to ensure they meet the requirements of APP 1.4, which sets out what a privacy policy has to include. The OAIC’s recent guidance on this is available here.
How marketers should prepare
While the sweep is focused on privacy policies, the implications go well beyond a document review. Marketers should use this moment to assess their consent, collection and data governance practices and ensure they are being sufficiently transparent with their customers.
Key actions to prioritise now:
In a tightening regulatory environment, strong data hygiene isn’t optional – it’s a strategic advantage. Reducing regulatory exposure, strengthening customer trust and enabling more responsible, effective marketing will make your brand more resilient today and more competitive tomorrow.
Want to sharpen your privacy and compliance skills?
Check out our regulatory course offering with a range of options to suit your needs. From our online short courses to our more comprehensive Privacy and Compliance for Marketers course, ADMA has your regulatory upskilling needs sorted.