OAIC Corporate Plan 2025–26
The Office of the Australian Information Commissioner (OAIC) has released its 2025–26 Corporate Plan, setting out the priorities and direction that will guide Australia’s national regulator for privacy, freedom of information, and government information management over the coming years.
As an independent statutory agency within the Attorney-General’s portfolio, the OAIC plays a critical role in shaping how information is created, managed, accessed and protected across the Australian Government and beyond.
A broad and expanding regulatory role
Under the Privacy Act 1988, Freedom of Information Act 1982, and Australian Information Commissioner Act 2010, the OAIC is responsible for:
-
Promoting and enforcing compliance with privacy obligations
-
Protecting individuals’ personal information
-
Upholding the public’s right of access to government information
-
Leading strategic information management functions across government
These responsibilities are supported by investigative and enforcement powers, complaint handling, decision reviews, and the provision of authoritative guidance and advice.
Importantly, the OAIC’s remit continues to grow. Almost 40 additional pieces of legislation now confer regulatory responsibilities on the OAIC or require consultation on privacy matters, reinforcing its central role in Australia’s information governance ecosystem.
A four-year outlook with immediate impact
The Corporate Plan forms part of the Commonwealth Performance Framework and outlines the OAIC’s priorities over a rolling four-year period, updated annually. For information, records and privacy professionals, this signals:
-
Continued regulatory focus on privacy compliance and enforcement
-
Ongoing scrutiny of information handling practices in government
-
Greater emphasis on proactive information management, not just reactive compliance
The 2025–26 Corporate Plan reinforces that information management, privacy and access are inseparable. Strong records and information governance is no longer just good practice, it is foundational to meeting regulatory expectations under privacy and FOI law.
For practitioners, the message is clear: defensible information management, clear governance frameworks, and well-documented practices are essential as regulatory oversight continues to mature and expand.
Staying aligned with the OAIC’s direction is not optional, it is a key part of managing risk, building trust, and enabling lawful and transparent use of information in 2026 and beyond.