Here is a common scenario:

Your gym offers free trials and collects information from potential members. Customers fill out forms with their contact details, health information and preferences. They hand over this information quickly without fully understanding how it will be used. Then they receive persistent marketing calls and emails for weeks.

The privacy commissioner will review approximately 60 businesses from these sectors for compliance with privacy policy requirements. This is the first compliance sweep of its kind, and more targeted reviews are likely to follow.

What Do You Need to Do?

If you do not have a privacy policy, you need to have one prepared. If you already have one, now is the time to review it and make sure it is compliant.

What Your Privacy Policy Must Include

Australian privacy laws set out the minimum requirements that a privacy policy must include. This includes that your privacy policy must explain:

• the personal information you collect and hold;
• how you collect and hold personal information;
• why you collect, use and disclose personal information;
• how customers can access the personal information you hold about them; 
• how to submit a complaint; and
• whether you send personal information overseas.

Making Your Policy Clear and Accessible

Your privacy policy must be clearly expressed and up to date. This means the privacy policy:

• is written in simple language that a 14-year-old could understand;
• uses headings so people can find information easily;
• is specific to your business, not a generic template;
• is not too long or written in vague language;
• is available free of charge on your website; and
• is updated regularly when your privacy practices change.

What Happens if Your Privacy Policy Does Not Comply?

The privacy commissioner can issue compliance notices requiring you to fix issues with your policy.

Key Takeaways 

The first privacy compliance sweep is underway as of January 2026, targeting businesses that collect personal information in person. More sweeps are likely to follow as privacy regulation strengthens across Australia. To be compliant, you need to make sure you have a robust and clear privacy policy in place for your business that meets the requirements. Good privacy practices build customer trust by demonstrating you protect their personal information.

Lauren McKee
Updated on January 27, 2026
legalvision.com.au

Hot Issues

• Inflation continues to keep SME owners up at night, survey finds
• Payday Super: 6 Things Small Businesses Need to Know
• ATO issues new guidance on penalties for non-compliance with STP
• Strategies for Effective Debt Recovery for Small Businesses
• Succession planning to remain major focus for ATO this year
• Fringe Benefits Tax (FBT) Guide – Key Checklist & Rates
• Buy an existing business
• Most Valuable Industries in the World 2026
• Will a shareholders agreement protect a business from a family law dispute?
• ATO crackdown on profit restructuring leading to higher tax bills: RSM
• Super balance not a priority for young Aussies, SMC reports
• When to Update Your Business Trading Terms
• Support for rebuilding after natural disasters
• Are you ready for Payday superannuation?
• Calculate your costs to start a business
• Most Reliable Car Brands in 2026
• Payday super part 2: not quite ‘all systems go’
• Privacy Compliance Sweep 2026: Is Your Business Ready?
• 6 ways to improve your business plan
• ‘Looking like a rough start’: SMEs set to feel the pinch as CPI spikes
• Student loans debt update
• New SMSF education directions
• Accountants must keep ‘watchful eye’ on financial abuse

Article archive

• January - March 2026
• October - December 2025
• July - September 2025
• April - June 2025
• January - March 2025
• October - December 2024
• July - September 2024
• April - June 2024
• January - March 2024
• October - December 2023
• July - September 2023
• April - June 2023
• January - March 2023