The Office of the Australian Information Commissioner (OAIC) is conducting its first-ever privacy compliance sweep this month.
This first sweep focuses on sectors that regularly collect personal information through in-person interactions. The OAIC will check if the selected businesses have Privacy Policies that comply with all Australian privacy law requirements. Businesses in breach may face compliance and infringement notices and penalties of up to $66,000.
The OAIC may conduct future sweeps in different sectors, and other proactive initiatives to uncover privacy law non-compliance. Find out more about what your business should do.
Why this matters for aged care, NDIS and health providers
Aged care, NDIS and health providers all collect personal information and so must have a written Privacy Policy that complies with Australian privacy laws. The sensitive nature of information collected by these providers makes these sectors a natural choice for future OAIC sweeps and other proactive compliance checks.
I already have a Privacy Policy. Is that enough?
A Privacy Policy cannot be prepared once and relied on indefinitely. Privacy laws change. How personal information is handled can change. Privacy Policies must be regularly audited and updated to ensure they remain accurate and compliant.
For example, significant privacy reforms were introduced in 2025 so if your Privacy Policy and personal information handling practices have not been reviewed and updated by a privacy law specialist, you may be in breach of current laws.
What should I do?
Check when your Privacy Policy and information handling processes were last reviewed by a privacy lawyer. If this hasn’t happened recently, ask your privacy lawyer to complete a review and update.
How we can help
Our experienced privacy lawyers help our clients stay compliant and handle information in a way that reflects best practice standards. For example, by:
Preparing tailored Privacy Policies that comply with Australian privacy laws.
Reviewing and updating existing Privacy Policies to reflect changes in law or business data-handling practices.
Conducting audits of privacy documentation and data handling practices.
Advising on specific privacy issues, such as responding to requests for disclosure of client or participant information, such as case files or notes.
To find out more about how we can help your organisation, contact us today: info@kinnylegal.com or 02 9199 4563.
This blog post does not constitute legal advice and should not be relied upon as such. It is a general commentary on matters that may be of interest to you. Formal legal or other professional advice should be sought before acting or relying on any matter arising from this communication.
Subscribe
Sign up with your email address to receive news and updates.