OAIC’s 2026 Privacy Policy Sweep: Is Your Organisation Ready? | Russell Kennedy

Australia’s privacy regulator is launching 2026 with its first compliance sweep. The Office of the Australian Information Commissioner (OAIC) will review selected businesses’ privacy policies to ensure they meet the existing statutory requirements of the Privacy Act 1988 (Cth) (Privacy Act). Whats Happening? Starting in the first week of January, the OAIC will scrutinise the privacy policies of approximately 60 entities across six sectors that commonly collect personal information in person. These include: Rental and property – collecting personal details during property inspections. Chemists and pharmacists – gathering identity information for medication or paperless receipts. Licensed venues – requiring ID for entry. Car rental companies – collecting identity and other personal details for rental agreements. Car dealerships – obtaining personal information for test drives. Pawnbrokers and second-hand dealers – collecting identity documents for transactions. The focus on in-person data collection reflects concerns about power and information gaps. People often feel pressured to share personal details without fully understanding how their data will be used, shared, or stored. Why Does It Matter? Entities with non-compliant privacy policies could face serious consequences, including compliance and infringement notices and penalties of up to $66,000 per infringement. This is separate from higher civil penalties
Read More