12/01/2026
In December 2025, the Office of the Australian Information Commissioner (OAIC) announced plans to conduct its first-ever compliance sweep in January 2026.
Australia’s privacy regulator will kick off the new year with a targeted review of businesses privacy policies to ensure that entities are meeting their obligations under Australian Privacy Principle 1 (APP 1).
In an effort to stop the over-collection of personal information, the Privacy Commissioner will target 60 businesses across 6 key sectors identified as high-risk:
- Rental and property
- Chemists and pharmacists
- Licenced venues
- Car rental companies
- Car dealerships
- Pawnbrokers and second-hand dealers
These sectors have been chosen because of in person data collection, and a concern with the over collection of personal information within these sectors.
With new expanded regulatory toolkit, OAIC is stepping up its enforcement action to send a clear message to entities: clean up your privacy practices. Non-compliant entities could face infringement notices and penalties of up to $66,000.
For businesses in these sectors, now is the time to review your privacy policy and procedures. Contact Griffin Legal to help improve your privacy practices. We can assist in a wide range of matters including privacy policies and procedures, collection notices, data breach plans, advice on responding to data breaches and much more.