Lander & Rogers supports Privacy Awareness Week 2026

As Australian businesses gear up for significant privacy reforms, Lander & Rogers is proud to support Privacy Awareness Week (PAW) 2026.

An initiative of the Office of the Australian Information Commissioner (OAIC), Privacy Awareness Week runs from 4 to 10 May 2026. This year's theme is "Trust is built here: In every privacy complaint, in every resolution", and focuses on strengthening privacy dispute resolution practices and building public confidence in how personal information is handled.

Australia's evolving regulatory landscape

Australia's privacy regulatory landscape continues to evolve since the Privacy Act was first enacted in 1988. The Privacy and Other Legislation Amendment Act 2024 introduced significant reforms, including a statutory right to sue for serious invasions of privacy, which commenced in June 2025, along with new enforcement powers for the OAIC.

The OAIC has also signalled that it will be adopting a more assertive regulatory posture. In January 2026 it commenced its first-ever compliance sweep, conducting a review of the privacy policies of a select number of businesses to assess their compliance with the Australian Privacy Principles. Privacy Commissioner Carly Kind noted that Australians are increasingly concerned about the lack of choice and control they have over their personal information, and that a clear, transparent privacy policy is the foundational building block of sound privacy practice.

Ms Kind also signalled a new approach to complaints handling and a greater focus on enforcement. Since June 2025, individuals have had a direct right to bring court proceedings against anyone who intrudes upon their seclusion or misuses their personal information. This fundamentally changes the risk profile of privacy failures, enabling legal action to escalate more quickly and independently of regulatory intervention. In October 2025, the District Court of New South Wales considered the first application for relief under the new tort in Kurraba Group Pty Ltd & Anor v Williams [2025] NSWDC 396.

Data breach volumes remain a pressing concern. The OAIC's Notifiable Data Breaches (NDB) scheme has seen continued growth in notifications year on year, with 532 notifications in the January-June 2025 period, compared to 299 notifications in the same period in 2018 when the OAIC first started reporting on privacy breaches notified to it under the scheme. Contact and identity information have consistently been the most common categories of personal information exposed. In the January-June 2025 period, 456 notifications involved exposure of contact information and 303 notifications involved identity information.

Key privacy changes commencing in 2026

The reform agenda continues apace in 2026, with two significant milestones approaching before the end of the year.

Children's Online Privacy Code

The OAIC must complete and register a Children's Online Privacy Code by 10 December 2026. This will set out clear obligations for organisations handling the data of young Australians.

Automated decision-making transparency

On 10 December 2026, organisations will be required to provide transparency around automated decisions that significantly affect individuals. This reform shifts compliance from a policy exercise to an operational one; organisations must be able to explain how their systems actually behave, and not just how they are intended to behave.

How can organisations respond?

Privacy Awareness Week is an annual reminder to all APP entities to continuously strengthen their privacy practices. This year, we recommend that APP entities:

review and update their privacy policies to meet the requirements of APP 1.4, ensuring they clearly and accurately describe how personal information is collected, used, disclosed and destroyed;
assess whether automated decision-making processes are understood, documented, and reflected in the organisation's privacy policy. This is required to meet the new privacy policy transparency obligations under new APPs 1.7 and 1.8, taking effect in December 2026;
consider the implications of the Children's Online Privacy Code for any products or services directed at or likely to be used by young Australians and subject to the Code; and
review and update their privacy complaints handling processes to ensure privacy complaints can be properly addressed by the organisation in accordance with the Privacy Act 1988 (Cth).

Get involved in Privacy Awareness Week

In celebration of Privacy Awareness Week 2026, Lander & Rogers will be hosting a panel discussion with Australian Privacy Commissioner, Carly Kind; Macquarie Group General Counsel Privacy and Data, Olga Ganopolsky, and Lander & Rogers Digital Economy Partner, Matthew McMillan. Find out more here.

For more information about Privacy Awareness Week 2026 and to register your organisation as a supporter, visit the OAIC's PAW 2026 page.

Fast track to compliance: Privacy Policy Rapid Review Service

Lander & Rogers' Privacy Policy Rapid Review Service is designed to help organisations to respond effectively and proportionately to upcoming changes to the Privacy Act, with three privacy policy review options tailored to a business' risk profile, operational needs and budget. Find out more.

Insights and further information

Lander & Rogers' team of data privacy and cyber security lawyers regularly publishes guidance on privacy, regulatory action, data governance, incident response and privacy reform. Access useful resources for organisations below.

Follow Lander & Rogers on LinkedIn for additional guidance on how to protect personal and sensitive information and implement compliant privacy practices.