The Office of the Australian Information Commissioner (OAIC) has announced a major compliance sweep starting in January 2026. This "blitz" will target businesses that over-collect personal information, particularly during face-to-face interactions.
Why Now? The "Paperless" Trap
Privacy Commissioner Carly Kind highlighted a growing concern: consumers are often forced to trade their privacy for basic services. Whether it's a "paperless receipt" at a pharmacy or a digital check-in at a venue, the convenience often masks a data grab.
"When confronted with in-person requests for their personal information... consumers often don’t have access to all the information they might need to make an informed decision."
Who Is Being Targeted?
The OAIC has identified six high-risk sectors for this initial sweep:
- Real Estate Agents: Collecting excessive data at open house inspections.
- Pharmacies: Using digital receipts to harvest marketing data.
- Licensed Venues: Scanning IDs as a condition of entry.
- Car Rental Agencies: Complex forms that obscure data usage.
- Car Dealerships: Requiring personal data for test drives.
- Pawnbrokers: Collecting identity info from sellers.
The Cost of Non-Compliance
This isn't just a warning. Businesses found to be non-compliant could face fines of up to A$66,000. The sweep will also revisit organizations that have previously suffered data breaches to ensure they've learned their lessons.
What You Should Do
If your business collects personal data, now is the time to audit your practices:
- Review your Privacy Policy: Is it clear, up-to-date, and easily accessible?
- Minimize Data Collection: Only collect what is strictly necessary for the transaction.
- Be Transparent: Clearly explain why you need the data and how it will be used.
Privacy is no longer just a legal requirement; it's a cornerstone of customer trust. Don't wait for the regulator to knock on your door.