RIMPA Global's Statement on OAIC’s 2026 Privacy Compliance Sweep
RIMPA Global welcomes the announcement from the Office of the Australian Information Commissioner (OAIC) regarding its first privacy compliance sweep commencing in January 2026. This initiative places an important spotlight on in-person information collection practices across sectors such as real estate, car rentals, retail, and hospitality which are environments where individuals often have limited visibility or real choice when asked to provide personal information.
The OAIC’s focus highlights an issue RIMPA Global has consistently raised: over-collection, unclear practices, and inadequate privacy policies undermine public trust and create significant organisational risk. With penalties of up to $66,000 for non-compliant privacy policies under the amended Privacy Act, organisations can no longer regard privacy transparency as optional or outdated.
RIMPA Global urges organisations to take immediate action
To prepare for the compliance sweep and strengthen overall privacy maturity, RIMPA Global encourages all organisations collecting information in person to:
- Ensure retention and disposal practices match commitments
Information management, security, and lifecycle controls must align with what the privacy policy promises. RIMPA also reminds private enterprises that tools such as SmartRetention clearly advises what records can be legally disposed of and when, which can significantly strengthen compliance and reduce the risks associated with unnecessary data retention. - Review and update privacy policies
Ensure policies clearly explain what personal information is collected in person, why it is collected, how it is used, who it may be shared with, how long it is retained, and how individuals can exercise their rights.
- Align frontline practices to the policy
Staff must understand what is required vs optional and be able to communicate this transparently to customers.
- Avoid over-collection
Reassess long-standing forms, identification checks, and data requests. Collect only what is necessary and justifiable.
- Improve transparency at the point of collection
Provide clear notices, signage or short-form privacy explanations so individuals can make informed decisions.
RIMPA Global’s message to organisations:
The OAIC’s 2026 compliance sweep is a clear signal that privacy transparency is now a mandatory standard, not a compliance afterthought. Organisations should seize this opportunity to modernise their policies, uplift staff capability, and strengthen the trust they hold with customers and communities.
Learn more about the OAICs Privacy Compliance Sweep
Meet your blog author:
Anne Cornish CSRIM MRIM (Life)
Anne is a seasoned professional with over 30 years of experience in the information and records management arena, working with all levels of government and most large private industry sectors. She is the CEO of RIMPA Global, the peak body for records and information management professionals in Australasia and beyond.