Skip to content
LegalVision

Privacy Compliance Sweep 2026: Is Your Business Ready?

Avatar photo

By Lauren McKee
Practice Leader

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn

In Short

  • The Privacy Commissioner has launched a national compliance sweep in January 2026.

  • Businesses that collect personal information in person are the initial focus.

  • Non-compliant privacy policies can lead to enforcement action and fines.

Tips for Businesses

Review your privacy policy now, even if you are not in a targeted sector. Make sure it clearly explains what information you collect, why you collect it, how it is used, and how customers can access or complain about it. Keep it simple, up to date, easy to find on your website, and specific to how your business actually handles personal data.

Summary

This article is a guide for Australian business owners on the Privacy Commissioner’s 2026 compliance sweep and privacy policy obligations under Australian privacy law. It explains who is being targeted and what businesses must do to remain compliant, prepared by LegalVision’s business lawyers, who specialise in advising clients on privacy and data protection compliance.

Summarise with:
ChatGPT logo ChatGPT Perplexity logo Perplexity

Open now
Table of Contents

The privacy commissioner has launched their first-ever compliance sweep in January 2026. Privacy policies of selected businesses are under the microscope, and businesses with non-compliant policies could receive significant penalties. This article explains the privacy compliance sweep, who is being targeted, and how you can ensure your privacy policy is compliant.

What Is the Privacy Compliance Sweep?

Australian businesses should be transparent about the personal information they collect and how they handle it. The privacy commissioner has identified that customers are especially vulnerable when asked for information face-to-face. This is because, unlike online forms where customers can review privacy policies in their own time, in-person requests often pressure people to respond quickly without having full information about how their data will be used. Therefore, the sweep will initially target businesses that collect information during in-person interactions. 

Here is a common scenario:

Your gym offers free trials and collects information from potential members. Customers fill out forms with their contact details, health information and preferences. They hand over this information quickly without fully understanding how it will be used. Then they receive persistent marketing calls and emails for weeks.

When customers can not properly review privacy policies, you may over-collect personal information and use it in ways customers did not expect or agree to. The privacy commissioner’s goal is to ensure you are transparent about how you use personal information.

Your customers deserve to understand what happens to their information and who accesses it.

Who Is Being Targeted?

All businesses covered by Australian privacy laws must have a compliant privacy policy. However, this initial sweep is targeting six specific sectors.

The privacy commissioner has selected these sectors because they commonly collect personal information in person, including identification documents, and these sectors have experienced many privacy breaches.

The six sectors under review are:

  • rental and property; 
  • chemists and pharmacists;
  • licensed venues;
  • car rental companies;
  • car dealerships; and
  • pawnbrokers and second-hand dealers.

The privacy commissioner will review approximately 60 businesses from these sectors for compliance with privacy policy requirements. This is the first compliance sweep of its kind, and more targeted reviews are likely to follow.

Continue reading this article below the form

What Do You Need to Do?

If you do not have a privacy policy, you need to have one prepared. If you already have one, now is the time to review it and make sure it is compliant.

What Your Privacy Policy Must Include

Australian privacy laws set out the minimum requirements that a privacy policy must include. This includes that your privacy policy must explain:

  • the personal information you collect and hold;
  • how you collect and hold personal information;
  • why you collect, use and disclose personal information;
  • how customers can access the personal information you hold about them; 
  • how to submit a complaint; and
  • whether you send personal information overseas.

Making Your Policy Clear and Accessible

Your privacy policy must be clearly expressed and up to date. This means the privacy policy:

  • is written in simple language that a 14-year-old could understand;
  • uses headings so people can find information easily;
  • is specific to your business, not a generic template;
  • is not too long or written in vague language;
  • is available free of charge on your website; and
  • is updated regularly when your privacy practices change.

What Happens if Your Privacy Policy Does Not Comply?

The privacy commissioner can issue compliance notices requiring you to fix issues with your policy.

You may also receive infringement notices with penalties of up to $66,000.

In addition, business partners and customers both want assurance that you handle data responsibly and protect their information. A clear, transparent privacy policy demonstrates this commitment and is good for business.

Front page of publication
Commercial Contracts Checklist

Reviewing contracts across your business? Download this free checklist to ensure clear terms, fair risk allocation and stronger commercial outcomes

Download Now

Key Takeaways 

The first privacy compliance sweep is underway as of January 2026, targeting businesses that collect personal information in person. More sweeps are likely to follow as privacy regulation strengthens across Australia. To be compliant, you need to make sure you have a robust and clear privacy policy in place for your business that meets the requirements. Good privacy practices build customer trust by demonstrating you protect their personal information.

LegalVision provides ongoing legal support for Australian businesses through our fixed-fee legal membership. Our experienced lawyers help businesses manage policies, contracts, employment law, disputes, intellectual property and more, with unlimited access to specialist lawyers for a fixed monthly fee. To learn more about LegalVision’s legal membership, call 1300 544 755 or visit our membership page.

Frequently Asked Questions

What happens if my privacy policy does not comply?

The privacy commissioner can issue compliance notices requiring you to fix problems with your policy. You may also receive infringement notices with penalties of up to $66,000. Make sure your policy is compliant now to avoid enforcement action later.

I have not been contacted about the sweep. Do I still need to act?

Yes. Even if you are not among the initial businesses being reviewed, all businesses covered by Australian privacy laws need a compliant privacy policy. This sweep signals the privacy commissioner’s priorities, and more reviews are likely to follow. Being proactive protects your business and builds customer trust by demonstrating that you protect their personal information.

Register for our free webinars

Preparing Your Business Success in 2026

Online
Ensure your business gets off to a successful start in 2026. Register for our free webinar.
Register Now

Key Contracts Every Education & Training Business Needs (and How to Get Them Right)

Online
Discover the essential contracts every education and training business needs to stay protected and compliant. Register for our free webinar.
Register Now

You’re in a Dispute – Now What? Navigating Business Conflicts

Online
Learn practical ways to manage and resolve business disputes. Register for our free webinar today.
Register Now

Managing Data Breaches: Prevention, Response, and Recovery

Online
Prepare for cyber incidents and understand your privacy duties. Register for our free webinar.
Register Now
See more webinars >
Lauren McKee

Lauren McKee

Practice Leader | View profile

Lauren is a Practice Leader in LegalVision’s Corporate and Commercial team and works across a broad range of commercial contracts matters. Lauren works with SMEs, startups and enterprise clients to understand their business and assist them with their contract needs.

Qualifications: Bachelor of Laws (Hons), Bachelor of Arts, Macquarie University.

Read all articles by Lauren

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

Data Privacy Laws and Real Estate: What Your Agency Should Know

Data Protection and Privacy Laws for Your Charity

4 Legal Documents a New Software Developer Needs

Data Protection and Privacy Laws in Aged Care

LegalVision is an award-winning business law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards