.
Privacy policies of selected businesses are under the microscope, and businesses with non-compliant policies could receive significant penalties. This article explains the privacy compliance sweep, who is being targeted, and how you can ensure your privacy policy is compliant.
What Is the Privacy Compliance Sweep?
Australian businesses should be transparent about the personal information they collect and how they handle it. The privacy commissioner has identified that customers are especially vulnerable when asked for information face-to-face. This is because, unlike online forms where customers can review privacy policies in their own time, in-person requests often pressure people to respond quickly without having full information about how their data will be used. Therefore, the sweep will initially target businesses that collect information during in-person interactions.
Here is a common scenario:
Your gym offers free trials and collects information from potential members. Customers fill out forms with their contact details, health information and preferences. They hand over this information quickly without fully understanding how it will be used. Then they receive persistent marketing calls and emails for weeks.
When customers can not properly review privacy policies, you may over-collect personal information and use it in ways customers did not expect or agree to. The privacy commissioner’s goal is to ensure you are transparent about how you use personal information.
Who Is Being Targeted?
All businesses covered by Australian privacy laws must have a compliant privacy policy. However, this initial sweep is targeting six specific sectors.
The privacy commissioner has selected these sectors because they commonly collect personal information in person, including identification documents, and these sectors have experienced many privacy breaches.
The six sectors under review are:
- rental and property;
- chemists and pharmacists;
- licensed venues;
- car rental companies;
- car dealerships; and
- pawnbrokers and second-hand dealers.
The privacy commissioner will review approximately 60 businesses from these sectors for compliance with privacy policy requirements. This is the first compliance sweep of its kind, and more targeted reviews are likely to follow.
What Do You Need to Do?
If you do not have a privacy policy, you need to have one prepared. If you already have one, now is the time to review it and make sure it is compliant.
What Your Privacy Policy Must Include
Australian privacy laws set out the minimum requirements that a privacy policy must include. This includes that your privacy policy must explain:
- the personal information you collect and hold;
- how you collect and hold personal information;
- why you collect, use and disclose personal information;
- how customers can access the personal information you hold about them;
- how to submit a complaint; and
- whether you send personal information overseas.
Making Your Policy Clear and Accessible
Your privacy policy must be clearly expressed and up to date. This means the privacy policy:
- is written in simple language that a 14-year-old could understand;
- uses headings so people can find information easily;
- is specific to your business, not a generic template;
- is not too long or written in vague language;
- is available free of charge on your website; and
- is updated regularly when your privacy practices change.
What Happens if Your Privacy Policy Does Not Comply?
The privacy commissioner can issue compliance notices requiring you to fix issues with your policy.
Key Takeaways
The first privacy compliance sweep is underway as of January 2026, targeting businesses that collect personal information in person. More sweeps are likely to follow as privacy regulation strengthens across Australia. To be compliant, you need to make sure you have a robust and clear privacy policy in place for your business that meets the requirements. Good privacy practices build customer trust by demonstrating you protect their personal information.
Lauren McKee
Updated on January 27, 2026
legalvision.com.au
27th-February-2026 | 
