Australia’s privacy regulator has kicked off 2026 with its first-ever privacy compliance sweep, focusing on how businesses explain their privacy practices to customers. From early January, the Office of the Australian Information Commissioner (OAIC) will review the privacy policies of selected businesses that collect personal information in person, including real estate agencies gathering contact details at open homes.
The sweep is aimed at ensuring privacy policies clearly explain how personal information is collected, used, disclosed and stored, as required under Australian Privacy Principle 1.4. Businesses found to have non-compliant policies may face compliance action, including infringement notices and penalties of up to $66,000. These enforcement powers were strengthened following amendments to the Privacy Act passed in 2024.
Importantly, the review also highlights the role of collection notices in face-to-face settings. When agencies collect personal information in person, individuals should be told, at the time of collection, why their information is being collected, how it will be used, and where they can find the agency’s full privacy policy. For real estate agencies, this can be as simple as a clear collection notice on a sign-in sheet, tablet, or QR code at inspections.
Real estate and rental services are one of six sectors being reviewed, reflecting concerns that people often feel pressured to hand over personal information in these situations without fully understanding how it will be used. The Privacy Commissioner has noted that this can leave consumers vulnerable to over-collection of information and increased privacy risks.
For agencies, this is a timely reminder to review not just their privacy policy, but how it is communicated in practice. A clear privacy policy, supported by a visible and easy-to-understand collection notice at inspections, is now firmly on the regulator’s radar—and being treated as a core compliance requirement rather than a box-ticking exercise.