Last updated: 22nd March 2026
Welcome
Explore this range of resources for Marketing Automation practitioners sourced from Australian media, law & professional services firms, government & agencies.
Stay up to date, subscribe today to have the latest edition arrive in your inbox
When was the legislation passed?
29 November 2024
"These new powers and functions come at a critical time, as privacy harms increase and the Australian community demands more power over their personal information.
They were also adopted in the same parliamentary session in which the Senate passed the social media ban, which I believe in time will fundamentally shape the online ecosystem by requiring social media platforms to age assure all users."
Attorney-General's Department
"On 29 November 2024, Parliament passed the Privacy and Other Legislation Amendment Act 2024. This Act progresses 23 proposals from the Government Response to the Privacy Act Review Report. This includes:
- a framework for developing a Children’s Online Privacy Code
- a new statutory tort for serious invasions of privacy.
"In the coming months, we will be working to develop draft provisions and engaging on the detail. This will inform the Government’s decisions on next steps."
Privacy Act Review Report | Australian Government
Publication date: 16 February 2023
Privacy Act 1988 | Australian Government
Effective date: 11 December 2024
*SOURCE: parlinfo.aph.gov.au
We're scouring the internet from reputable news sources, Australian law firms and the Australian Government to find content to help you manage changes to the Australian Privacy Act.
The Office of the Australian Information Commissioner (OAIC) is set to conduct its inaugural privacy compliance sweep in January 2026 | Andrew Martens | Mi3 | 11th December 2025
"The OAIC plans to review approximately 60 entities across six sectors: rental and property, chemists and pharmacists, licensed venues, car rental companies, car dealerships, and pawnbrokers and second-hand dealers. These sectors were chosen due to the privacy risks associated with personal information collection and previous privacy breaches."
"Entities found with non-compliant privacy policies may face compliance and infringement notices, along with penalties that could reach up to AU$66,000. The OAIC's approach to regulation will be risk-based and proportionate, taking into account its expanded regulatory toolkit for non-compliance."
The privacy series: OAIC targets marketing practices in 2025-26 regulatory priorities | ADMA | 31st October 2025
"The Office of the Australian Information Commissioner (OAIC) has made it abundantly clear that the staggered approach to privacy reform will not slow enforcement efforts. Since gaining new powers in tranche one (December 2024), the regulator has taken a proactive stance, using existing legislation to tidy up Australia’s privacy landscape.
For marketers, the OAIC’s newly released FY26 regulatory priorities serve as a reminder that standard marketing practices are under scrutiny. The regulator has both the means and the motivation to enforce privacy compliance, and these priorities show exactly where their focus lies."
The Privacy Commissioner isn’t waiting: Marketers must prioritise privacy, now | Andrew Martens | Mi3 | 5th June 2025
"Many businesses may have been tempted to interpret the recent delay of tranche 2 as a reprieve from the pressures to optimise for privacy, leading to a softening of internal momentum and resourcing around privacy initiatives.
But the slowing of legislative movement shouldn't be mistaken for a reason to pause. The foundations for stronger enforcement are already in place, and now is a good time to start building internal momentum."
Martens went onto say:
"It’s important to recognise that the OAIC’s enforcement strategy is not intending to “catch out” businesses, but rather to promote greater compliance and remove the grey areas that have allowed questionable practices to persist."
Michelle Rowland named to Attorney General | LSJ Online | 12th May 2025
"Rowland studied law at Sydney University, where she met her future husband, Michael.
They now have two daughters. As a lawyer, she specialised in telecommunications and media law.
Prior to entering parliament, she was Deputy Mayor of Blacktown City Council.
Rowland was a senior lawyer at Gilbert + Tobin for ten years and served as a Director of the Western Sydney Area Health Service.
She’s also been the Chair of Screen NSW."
The 24-year-old rule that lets politicians use your data however they want | SBS News | 10th April 2025
"Unlike businesses or other organisations, your local [Australian Government] member isn't required to include an option to unsubscribe in their emails and can continue emailing you because of an exception in the Spam Act."
"Cohen said it is "very likely" that political parties have "quite a bit of sensitive information about us, about their constituents, about their prospective voters".
She said the lack of legislative obligations to ensure the security of voter data is "pretty troubling".
The more information an organisation collects, Floreani said, the greater the potential consequences if the data was to be released in a breach."
Experts demand Australian businesses focus on data security and privacy | cyberdaily.au | 14th January 2025
"With reforms to Australia’s Privacy Act now in place, businesses large and small must “lift their data security standards.
With the long-awaited reforms to Australia’s Privacy Act finally passing into legislation, Dr Ian Tho – a partner at professional services firm RSM Australia – said businesses of all sizes need to be aware of both the reputational and legal aspects of the reforms.
The initial amendment introduces a raft of changes to empower individuals, including a statutory tort that will provide a legal avenue to pursue compensation for privacy-based damage or loss against an organisation or individual,” Tho said."
With ‘fair and reasonable’ privacy regime incoming, only 15 ASX100 firms have consent management platforms in place – maybe for good reason | Mi3 | 2nd December 2024
Now that we have certainty and can read the legislation, the discussion is moving.
"Fair and reasonable behaviour" is something we will probably need to check with legal, but there is every chance the Government will want to stress test their new legislation sooner, rather than later.
"With new privacy laws passing Parliament last week, Australia's biggest companies find themselves contending with a regulatory regime that will ultimately prioritise 'fair and reasonable behaviour' over the consent management of complicated data and marketing stacks. That might be just as well.
Analysis by Mi3 working with DataTrue reveals that only 15 ASX100 firms have implemented a consent management platform or basic banner. (CMP). Nicole Stephensen, managing director of Ground Up Privacy, warns that when the era of fair and reasonable privacy rules with the second tranche of privacy reforms, "If consent lacks specificity and purpose, CMPs "may not be worth the software they're written on."
Changes to Australian privacy laws now in force | Johnson Winter Slattery | 12th December 2024
"The Privacy and Other Legislation Amendment Bill 2024 (Cth) passed both Houses of Parliament on 29 November 2024 and received Royal Assent on 10 December 2024.
The key changes, which came into effect on 11 December 2024, are:
- New powers for the OAIC to issue infringement notices and compliance notices
- Civil penalties
- New powers to ‘whitelist’ overseas jurisdictions for the purposes of overseas disclosure of personal information
- Information security obligations clarified
- A new regime under which, in the wake of a notifiable data breach, a Minister can permit by way of declaration certain collections, uses and disclosures of personal information"
Know your privacy obligations under the Anti-Money Laundering / Counter-Terrorism Financing (AML/CTF) Act: Updated OAIC guidance | OAIC | 27th February 2026
"The updated guidance is designed to support an expanded range of businesses that will soon fall under the Privacy Act 1988 (Privacy Act) as part of the AML/CTF reforms.
From 1 July 2026, real estate professionals, dealers in precious metals and stones, and professional service providers such as lawyers, conveyancers, accountants, and trust and company service providers (also known as ‘Tranche 2’ entities) will be brought into the Privacy Act.
Changes for current reporting entities (‘Tranche 1’ entities) will also take effect from 31 March 2026, which may affect the types and volume of personal information that is handled for AML/CTF purposes, depending on the customer risk."
Privacy compliance sweep to put privacy policies under the spotlight | OAIC | 9th December 2025
"Australia’s privacy regulator will start 2026 with its first-ever compliance sweep, conducting a targeted review of selected businesses’ privacy policies to ensure they meet strict rules.
The compliance sweep, which will begin in the first week of January, will scrutinise the privacy policies of businesses that collect information in person. For example, real estate agents asking for phone numbers at open houses, or car rental agencies presenting customers with lengthy forms."
"The Privacy Commissioner has trained her gaze on sectors and practices involving the in-person collection of personal information for the Office of the Australian Information Commissioner’s (OAIC) first privacy compliance sweep, after identifying that such practices often involve power and information asymmetries."
Australia begins the implementation of the Social Media Minimum Age law | eSafety Commissioner | 19th October 2025
This update isn't a press release, but details of a campaign to educate Australians about the upcoming changes to teenagers, under 16 being able to access social media sites.
"The campaign ‘For the good of their wellbeing’ raises awareness of the new Social Media Minimum Age law. The new law means that from 10 December, you have to be 16 years or older to have a social media account.
This change is designed to protect young people from the risks of harm from social media and to support their wellbeing."
Safety Statement correcting mistaken claims re YouTube | eSafety Commissioner | 26th June 2025
"The new law will only restrict children under the age of 16 from having their own accounts – not accessing content on YouTube or any other service through links from the school or in a ‘logged-out’ state.
There is nothing in the legislation that prevents educators with their own accounts from continuing to incorporate school-approved educational content on YouTube or any other service just as they do now.
eSafety’s advice recommended that no single platform or service – whether YouTube or any other service – be specifically excluded under the Rules. This is due to the fast-evolving nature of online platforms and the fact their risk profile may quickly change. "
Passing of bill a significant step for Australia's privacy law | OAIC | 29th November 2024
"These new powers and functions come at a critical time, as privacy harms increase and the Australian community demands more power over their personal information,” Australian Privacy Commissioner Carly Kind said.
“They have had a long gestation. Many have campaigned for reform – in some cases for more than a decade – so their efforts need to be recognised today.
“The reforms are an important first step. More needs to be done of course, and we appreciate the government’s commitment to further action."
Privacy Awareness Week (PAW) is led by the Office of the Australian Information Commissioner (OAIC) in partnership with state and territory privacy regulators and the Asia Pacific Privacy Authorities members.
Signing your organisation up as a PAW supporter is a is a way to show your commitment to promoting good privacy practices and advancing the privacy rights of individuals. Supporters receive updates on PAW activities and resources, and can access a PAW toolkit. They also have the option to be listed here as PAW supporters when we get closer to PAW.
The articles below were published prior to the Senate passing the 'Privacy and Other Legislation Amendment Bill' on the 29 November 2024
Australian Government moves ahead with Age Assurance Tech Trial, awards tender to consortium led by UK's ACCS | Mi3 | 15th November 2024
For educational institutions, companies and community-based organisations, these changes will limit their ability to reach children via some social platforms.
Direct marketing to children under the age of 16 is already a challenge and most principle centred organisations are very selective in the content and messaging they would use for this segment.
"The Australian Government is progressing its plans to limit social media access for under 16s, awarding a tender for its age assurance trial to a consortium led by the Age Check Certification Scheme (ACCS).
"Assistant Secretary of the Online Safety Branch at the Department of Infrastructure, Transport, Regional Development, Communications and the Arts, Andrew Irwin, said: "The department is working closely with industry and communities to deliver the age assurance trial, which will play an important role in determining the most effective way to protect young people online. As world leaders in their field and with the help of industry experts, ACCS is well placed to lead the trial, which will inform next steps for this vital work. We look forward to the findings and insights that this trial will deliver."
Qantas, Choice and ADMA warn marketers to ditch dead data sets as regulators mobilise | Mi3 | 17th October 2024
"It’s high time marketers squared up to the “dead data sets and processes” they’re still using in campaigns and figure out if the ROI from potentially iffy practices and consent is still worth the risk of regulatory scrutiny, says Qantas head of legal, cyber and data privacy, Kate Friedrich. Because tougher enforcement is exactly what she sees coming sooner rather than later.."
Navigating the new Privacy Bill: what real estate agents and businesses need to know | Elite Agent | 14th October 2024
Porter manages to present, in an easy to read format, the key points marketers need to be aware of. Not just in the real estate industry, but essentially for everyone.
"This one’s a bit of a wake-up call for real estate agencies because now, failing to meet specific obligations under the Australian Privacy Principles (APPs) could hit your agency with fines of up to $62,600.
The penalties are tied to a range of common mistakes, like not having an up-to-date and clear privacy policy with all the required information, failing to give individuals the option to remain anonymous, or making it too hard for them to opt out of marketing communications."
Kristen Porter is a legal practitioner specialising in real estate, property management and privacy laws. She is the founding Director of O*NO Legal The Real Estate Agents' Lawyer.
Long awaited first tranche of amendments to the privacy act 1988 (cth) tabled | FTI Consulting | 1st October 2024
Tim de Sousa touches on a few interesting points in this article. His points about data retention, or what he calls "over-retention" is something many marketers could be guilt of.
Contacts who have "opt-out" of email communications, or email accounts that have "hard-bounced" are the obvious candidates for removal form marketing platforms.
"Data retention: Over-retention has been a key factor in the mega-breaches of the last few years; the clear expectation here is that organisations will be required to implement both policy controls and technical controls to classify personal information, set clear retention timelines, proactively identify information which should no longer be held, and securely dispose of it.
Information governance is commonly overlooked, and this is likely to be a significant challenge for many organisations."
Long-overdue Australian privacy law reform is here – and it’s still not fit for the digital era | The Conversation | 12th September 2024
"While the government calls this a “first tranche” of reform, it has not yet committed to a timeline for further reform. That would come after the election.
The amendments are far from the “overhaul” that privacy experts and advocates expected. Instead, they focus on rules for relatively narrow situations or groups, without changing the most important principles that tell government and businesses how to treat our personal information.."
"The proposed amendments leave out most of the fundamental reforms necessary to make Australia’s privacy laws fit for the digital era.
There is no “fair and reasonable” test for dealing with personal information. This would have helped prevent businesses relying on supposed “consents” to use information unfairly in situations where a person has no real choice but to provide the information."
Privacy and Other Legislation Amendment Bill 2024 | Law Council of Australia | 7th November 2024
"Our submission was informed by the expertise and guidance of our Business Law Section, National Human Rights Committee, and several Constituent Bodies. We are grateful for the ongoing contributions of our membership in respect of these significant and complex privacy reforms.
In our submission, we emphasised our strong support for the urgent strengthening and modernisation of Australia’s privacy regime and indicated support for the timely passage of the Bill, subject to the various recommendations we made, including that..."
Australia: Proposed changes to digital regulation | Baker McKenzie | 15th October 2024
"The Australian Government has introduced a raft of new digital legislation, including to combat misinformation and disinformation, and hate speech. It has also announced plans for minimum age requirements for social media."
On the road: Australia’s privacy law overhaul begins | Minter Ellison | 13th September 2024
"In the Government's Response, it ‘agreed’ to 38 of the 116 proposals, with a further 68 'agreed-in-principle'. The Bill will only implement 23 of the 25 'agreed' proposals that were specifically directed at legislative change.
The balance of the 'agreed' proposals largely relate to enhancing guidance issued by the Office of the Australian Information Commissioner (OAIC) and engaging in further consultation.
None of the 'agreed-in-principle' proposals are addressed in the Bill."
Privacy Act Reforms – A Long Running Saga, Yet Still to be Continued... | Mallesons | 12th September 2024
"A privacy reform Bill has been introduced to parliament. If enacted, the Bill will implement significant changes to the Privacy Act, including introducing broader enforcement powers for the Australian Information Commissioner, a statutory tort for serious invasions of privacy, greater transparency for individuals regarding use of personal information for automated decision-making, and additional protections for children’s privacy."
"Looking beyond this Bill to the future reforms that still lie ahead, businesses should be thinking now about how they will comply with the new privacy landscape – experience from the introduction of the GDPR in Europe shows that major privacy compliance programs are complex and time consuming."
Mallesons explores the lack of progress in their blog post and expands on these points:
- give a brief background to the changes
- run through an overview of the reforms contained in the Bill
- flag some of the most important ‘missing’ elements that we may expect (or hope) to see in a subsequent tranche of reforms
- look at the potential implications of deferring further changes
Better protection of Australians' privacy | Attorney-General’s portfolio | 12th September 2024
"The Government is committed to ensuring the Privacy Act works for all Australians and is fit for purpose in the digital age. This legislation is just the first stage of the Government's commitment to provide individuals with greater control over their personal information.
We will continue targeted consultations with industry, small business, the media, consumer groups and other key stakeholders on draft provisions to ensure we strike the right balance between protecting people's personal information and allowing it to be used and shared in ways that benefit individuals, society and the economy."
Second reading speech – Privacy and Other Legislation Amendment Bill 2024 | Attorney-General’s portfolio | 12th September 2024
"The Privacy and Other Legislation Amendment Bill 2024 is a significant step forward for Australian privacy law. It begins the much-needed work of updating our privacy laws to be fit-for-purpose in the digital age.
With this Bill, the Australian Government is taking the next step to ensure Australians’ privacy is respected and protected. It implements a first tranche of agreed recommendations of the Privacy Act Review, ahead of consultation on a second tranche of reforms."
The articles below were published prior to the updated Privacy Act legislation being presented to Parliament on the 12 September 2024
The impact of the delay in privacy laws | Ad News | 5th September 2024
"The delay in the introduction of new privacy laws has also caught a few by surprise.
Given the increasing global focus on data privacy, including developments like the European Union’s General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA), there was an expectation that Australia would follow suit and get legislation in place as soon as possible.
However, the complexity of drafting comprehensive privacy legislation that balances consumer rights with business interests would have surely contributed to the delay.
This is a very complex space and we have seen the Australian government wanting to take more time to review and seek advice, particularly around how machine learning and AI now comes into play with this legislation."
Businesses must act as privacy law lags | The Australian | 2nd September 2024
"The delays are creating uncertainty for industry and consumers. At best, these delays stall progress in empowering Australians; at worst, they harm the economy.
Businesses can act now to actively have a conversation about protecting data and building consumer trust. These are both key drivers of revenue growth.
Australians are highly aware of the impact privacy laws have on their lives, and the consequences of inaction are clear. While the Edelman Trust Barometer shows that 63 per cent of Australians trust businesses to “do what is right”, the tension between privacy commitments, commercial realities and political agendas is evident."
"Neither government nor business can afford to lose sight of the privacy issue. It’s the oxygen of digital commerce — often invisible, but vital. Ignoring it leads to consumer mistrust, stifling growth our economy needs.
The slow pace in privacy reform gives all of us in the business community a unique opportunity to lead.
By investing in data protection, enhancing transparency, and educating consumers about how their data is used, companies can strengthen their market position and gain consumer trust."
Privacy bill delayed amid busy legislative agenda | InnovationAus.com | 19th August 2024
"New laws for a long-awaited overhaul of Australia’s outdated privacy regime have been delayed, with the federal government now targeting next month to introduce the legislation.
The laws, which were expected to be introduced this federal parliamentary sitting fortnight, are now expected to arrive in the week starting September 9, raising the prospect that the bill won’t pass before the New Year."
The Privacy Series: A defining change in privacy reform | ADMA | 2024
"Currently, the Act defines Personal Information as: information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and, whether the information or opinion is recorded in a material form or not.
To the unknowing eye, replacing the word ‘about’ with ‘relates to’ may seem insignificant. However, that now means that Personal Information is information or an opinion that relates to an identified individual, which will have a major effect on data practices."
Marketing is responsible for customer trust. Your customers and prospective customers trust you to do the right thing with their Personal Information. This means that the first step is to understand your current data practices. It’s a 5WH question. That is, who, what, when, why, where, and how should be asked about the Personal Information you collect and store.
A result of this step is likely to mean data shedding. Taking the time and money to invest in a deep clean of your business’s data will undoubtedly be an onerous task but will also be one of short-term pain for the long-term gain. Thoroughly cleansing data as if you’re preparing for an audit or investigation is the best approach to reset your data foundations. Cleaning your data will naturally force your business to really question what Personal Information you truly need to be effective in your marketing and business operations."
The pro-consumer privacy lobby speaks - and why the Federal Government listens on privacy reform clampdowns for hashed emails, geolocation, loyalty data trading and new definitions of personal information | Mi3 | 25th June 2024
"There’s little contention today that the pro-consumer privacy lobby is winning the war over industry on privacy reform – they’re informed on industry techniques, loaded with compelling consumer research and aligned entirely on the need for a clampdown on the collection and use of an individual’s online data trail."
"We've got AI companies training on people's photos and messages to friends that are now being used to train large language models with no opt out ... We've got increasing scam losses, increasing identity theft, increasing examples of deep fake sextortion ... and consumers are asking where is our protection here?
— Kate Bower, Consumer Privacy Advocate, Choice"
Privacy, data and GenAI: Are Aussie marketers ready? | Marketing Mag | 13th June 2024
"As Australia braces for significant changes to the Privacy Act against a backdrop of GenAI evolution, the nation’s marketers are nervous about their preparedness and MarTech stacks.
The Privacy Act reforms aim to enhance data protections for Australian consumers in the same way the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) enhanced them for consumers in the European Union and US.
According to the Office of the Australian Information Commissioner (OAIC), data breach notifications increased by 19 percent in the second half of 2023, highlighting the growing risks associated with inadequate data protection measures.”
"Those fines can be large, with OAIC having stated: “If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $2.2 million for each contravention.”
BDO partner Conor McGarrity warns businesses to review security amid Privacy Act changes | The Daily Telegraph | 10th June 2024
"Mr McGarrity said personal information identified as attractive to dangerous parties should be the main focus for businesses.
“Taking a preventive approach of what is coming down the line sometime from August will hold organisations in good stead,” he said.
“Executives should also be asking questions about whether the business is holding on to personal information of customers or shareholders that maybe we haven’t dealt with in years.
“It’s useful to understand the sensitivity because of all the cyber attacks we’ve had in recent years, particularly with the Medicare and Optus hacks in 2022.”
SOURCE: Apple News+ Subscription | The Daily Telegraph
Marketers feel unprepared for coming Privacy Act changes | AdNews | 4th June 2024
AdNews reference findings from the "digital, marketing & eComm in focus: 2024" report created by Australian advisory, consulting and training organisation, Arktic Fox.
"Only 38% of those surveyed believe their executive group understands the importance of adapting to privacy changes, according to a study by digital advisory group Arktic Fox."
That suggests 62% don't believe their executive group understands the imprtantance of changes to the Australian Privacy Act.
We have more work to do.
‘It will redefine our industry for the next decade’: Federal Gov accelerates privacy reform to August as Attorney General, Privacy Commissioner harden language on personal information; customer matching, clean rooms uncertain? | Mi3 | 7th May 2024
"Because organisations won’t be able to ‘consent out’ of the fair and reasonable requirement to justify their activities, I’m hopeful that this new feature of the Australian framework will set us aside from other jurisdictions worldwide and position us as Australia’s privacy regulator to take on some of the more concerning industry practices we’re seeing…
— Carly Kind, Privacy Commissioner"
Government adds new privacy rules for 2.3m small businesses | Mike Pelly, Legal Editor | Australian Financial Review | 28 September 2023
"Around 2.3 million small businesses face new obligations around the handling of personal information after the government said it would remove a current exemption from the Privacy Act.
Attorney-General Mark Dreyfus said the government had agreed to most of the 116 proposals contained in a landmark review of the Privacy Act that was released in February."
Australia’s privacy reforms are about to arrive! Five significant things to keep an eye out for | Mallesons | 5th September 2024
"With draft legislation for implementation of reforms to Australian privacy laws likely to be introduced this month, we’ve taken a look at some of the more impactful changes likely to be flagged and what that might mean for your organisation."
"Mallesons TechLaw Partners share their thoughts on some of the most likely and significant changes to feature either in this Bill or in subsequent rounds of reform."
Follow the link below to read their thoughts on these five points.
1. Fair and reasonable
2. Individual rights
3. Enforcement
4. Expanded meaning of ‘personal information’
5. High-risk processing and automated decision-making"
Changes to the Privacy Act are coming. Here’s what SMEs need to know | SmartCompany | 2nd September 2024
"The biggest change to the Privacy Act (anticipated in 2024) is the removal of the small business exemption.
Currently, most businesses with a turnover of under $3 million – which includes approximately 92% of businesses in Australia – are exempt from compliance with the Privacy Act.
However, with the small business exemption removed, a turnover threshold will likely no longer apply to any business, meaning that SMEs will no longer be exempt from the Privacy Act legislation."
Author - Hana Lee is an associate leader of the startup and capital team at Burch&Co Law Firm Melbourne.
A clearer picture of the coming Cyber Security Bill and critical infrastructure reforms | Ashurst | 6th August 2024
This is the first time we've seen a hint of something actually happening in Canberra in August. However it relates to the Cyber Security Bill.
"...the Federal Government reportedly hopes to bring a new Cyber Security Bill to Parliament in the next sitting – which begins next week on 12 August 2024."
"The new bill will cover ransom reporting, new security standards for smart (IoT) devices, limits on how cyber agencies use information, and the creation of a Cyber Incident Review Board."
Ashurst does touch on a range of topics that your organisation needs to be aware of i.e. ransonware attacks, payments made and fines for non-disclosure.
Many of our clients provide devices connected to the internet. Ashurst expand on new mandatory security standards for consumer-grade connectable devices.
Privacy Law Reform in Australia | FTI Consulting | July 2024
Proactively Preparing for Privacy Law Reform
"Taking steps now can help your organisation be more compliant as the Act evolves.
This involves maturing your governance framework, refining how you communicate about handling personal information, and ensuring your policy intent aligns with how your business operates through standards, procedures, guidelines, and tooling.
It is critical to know what data you hold, where it is and whether you need it or not.
Working on your information governance and conducting remediation activities to minimise the amount of data you hold is an important foundational step to ensuring future compliance."
Australian Government announces overhaul of Privacy Act and doxxing reforms | Johnson Winter Slattery Lawyers | May 2024
If you've not read and digested the Government Response to the Privacy Act Review Report, Johnson Winter Slattery lawyers have prepared a great bullet point summary.
Their article, published in May, covers 5 main points:
- Overhaul of the Privacy Act - this is where you'll find the bullet point summary
- What is doxxing?
- What is the background to the announcement regarding doxxing?
- Current state of play
- What the reforms may look like
Legislators up the stakes on privacy with new, mandatory scheme for NSW public sector agencies | Bartier & Perry Lawyers | 31st May 2024
While this is a NSW legislative change, it's definition of "personal information" that may be of interest. Until the federal government provides a definition, this could prove helpful:
Section 4(1) of the Privacy and Personal Information Protection Act 1998 (NSW) defines personal information as:
‘information or an opinion (including information or an opinion forming part of a database and whether or not in a recorded form) about an individual whose identity is apparent or can be reasonably ascertained from the information or opinion.’
"Personal information includes things such as an individual’s fingerprints, retina prints, body samples or genetic characteristics. It also includes information, or an opinion, that could identify an individual. For example, their name, address, date of birth, gender or audio-visual material."
Australian privacy law “more like the GDPR | Clyde & Co. | 23rd May 2024
Global law firm Clyde & Co. has itemised two key areas of interest:
- The “highlights” of the agreed changes likely to have the most immediate impact on business
- What to expect from the “agreed in principle” proposed changes
"The increased clarity and simplicity for business is supplemented by a significant number of changes to administrative provisions giving both increased and more targeted OAIC powers and a “push” to strengthen (and encourage more) enforcement by the OAIC."
Draft legislation on Privacy Act Reforms brought forward to August as the Government respond to the ‘violence against women’ crisis | Gadens Lawyers | 2nd May 2024
"The Federal Government has announced a suite of preventative measures and legislative reforms following a national cabinet meeting yesterday addressing violence against women in Australia. Notably, the Government will bring forward legislation in August outlawing the release of private information online with an intent to cause harm, also known as ‘doxxing’.
This is in addition to an overhaul of The Privacy Act 1988 (Cth) (Privacy Act) with the aim of giving all Australians who experience domestic and family violence ‘greater control and transparency over their personal information’, with a particular focus on women following widespread protests across the country this week."
The Attorney-General’s review proposed changes to children’s privacy: no longer child’s play! | LexisNexis | June 2023
The team at LexisNexis, a highly regarded global publisher to the legal industry, provides insight for organisations engaging with children i.e. anyone under the age of 18.
"Of significant interest in the above proposals is the introduction of the requirement that, when dealing with children (ie anyone under 18 years of age), each business (whether focused on children or not) must have regard to whether the collection, use or disclosure of the personal information in question is in the best interests of the child and “fair and reasonable in the circumstances”.
Therefore, you have to have a process in place to ensure you know when you are dealing with a child."
Top 5 Proposed Changes to Advertising and Marketing Under Reforms to the Privacy Act | Hamilton Locke | March 2023
"The Federal Government’s much-anticipated Privacy Act Review Report puts forward a total of 116 proposals in an effort to strengthen and modernise Australian privacy law.
Nine of the proposals relate to advertising and marketing activities, including where there is no personal information involved. The Government proposes increased regulation of direct marketing, online targeted advertising and trading in personal information.
This would prohibit some currently common activities and otherwise have potentially significant compliance implications for advertising and marketing activities in Australia."
Where to now for the Privacy Act review | Norton Rose Fulbright | May 2022
"The Online Privacy Bill, slated to be passed in the last sitting of Parliament prior to the election failed to pass.
This bill, including laws requiring the drafting of Online Privacy codes of conduct and, importantly, increases in the penalties for breaches of the Privacy Act 1988 to the greater of A$10 million or 10% of Australian turnover, is now in limbo awaiting the outcome of the election and the next government’s legislative agenda."
WEBINAR: Australia's privacy law reforms | 9 Key issues: Quick fire analysis | Norton Rose Fulbright | November 2021
The team at Norton Rose Fulbright Australia has compiled a range of resources to help Australian organisations stay ahead of the proposed Privacy Act changes.
"The Australian government recently published a Discussion Paper assessing options for modernisation of the Privacy Act and also released an amendment to the Privacy Act introducing new enforcement measures and a code of conduct and for online platforms. We take a quick fire journey through the key issues considered by the Discussion Paper that will shape the direction of Australian privacy law in the future and explore how these may impact Australian businesses."
Government response to the Privacy Act Review Report | 28th September 2023
The Privacy Act Review was initiated in response to recommendations made by the Australian Competition and Consumer Commission (ACCC) in its 2019 Digital Platforms Inquiry Final Report.
The Privacy Act Review Report was released in February 2023. Public consultation was then undertaken to inform the government's response.
On 28 September 2023, the Australian Government released its response to the Privacy Act Review Report.
The Privacy Act Review Report 2022 | 16th February 2023
"This Report is the culmination of two years of extensive consultation and review of the Privacy Act 1988 (Cth) (Review of the Act).
The Review was instigated following the Australian Competition and Consumer Commission’s (ACCC) 2019 Digital Platforms Inquiry final report (DPI Report) which made several privacy recommendations.
The Review commenced in October 2020 with the release of an Issues Paper, followed by a Discussion Paper in 2021 which put forward proposals for reforming the Act for consultation.
The Review has considered whether the Act and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online1 and their information is collected and used for a myriad of purposes in the digital economy."
About this resource centre
Significant changes to Australia's privacy laws were passed on the 29th November 2024, impacting how organisations collect and handle personal information.
This subscription provides you with the latest updates and practical guidance to help your organisation stay ahead of the curve and prepare for a smooth transition.
We will continue to find key insights from press releases, legal analysis from law firms, and official government announcements.
Additionally, we'll provide you with tangible tips, ideas, and suggestions based on what we know to help your organisation make any changes needed.
DISCLAIMER: Just to let you know, we're not offering legal advice. We encourage your organisation to refer to in-house counsel or other legal service providers to ensure compliance with changes being legislated by the Australian Government.
Hero photograph on this page by Marcus Reubenstein on Unsplash
Marketing Cube | Connected Capability
© 2026 Marketing Cube Pty Ltd. All Rights Reserved. ABN: 64 162 615 269
Australia: Level 4, 32 York Street, Sydney, NSW, Australia, 2000. Phone: +61 (0) 2 8244 0007
New Zealand: P.O. Box 68861, Newton, Auckland, New Zealand. Phone +64 21 228 7775
Marketing Cube acknowledges the Aboriginal and Torres Strait Islander peoples, the Traditional Custodians of the lands on which we work, live and travel. We pay our respects to Elders past, present and emerging and extend that respect to all Aboriginal and Torres Strait Islander peoples today.