Keeping pace with the latest updates to Australian privacy regulations

Will your business be affected by the latest rules from the OAIC and AUSTRAC? If so, how? Let’s take a look at the most recent changes to Australian privacy rules and what they mean for you.

As our lives become increasingly digitised, regulators need to continually rethink rules and policies to ensure that people’s personal information and digital records are adequately protected. For businesses, keeping pace with the latest privacy rules and regulations can be hard work.

Here, we explore two of the most recent updates that small businesses should be aware of, and what you can do to prepare.

1. The OAIC’s privacy compliance sweep

The first big update for 2026 stems from recent legislative changes to the Privacy Act (which were passed by Parliament in 2024). New rules were introduced in an attempt to resolve perceived power imbalances, where customers feel pressured to share personal information without seeing the company’s privacy policy. 

And now, the OAIC is following up to see if businesses are compliant. 

They are initially targeting around 60 businesses from six key sectors: real estate, pharmacies, licenced venues, car rental companies, car dealerships and pawnbrokers. Essentially, any business that collects people’s details in-person. For example, real estate agents collecting phone numbers at an open house, car dealerships collecting driver’s licenses when someone wants to take a new vehicle for a test drive, or even bouncers at a club checking IDs.

With compliance checks already underway opens in a new tab, it’s a good idea for any business that collects information in-person to ensure their privacy policy is crystal clear in communicating how a customer can expect their information to be collected, used, disclosed and destroyed. And then, obviously you need to be able to demonstrate how you follow through on these promises. If you don’t comply, you could face a fine of up to $66,000.

2. Expansion of AUSTRAC’s AML/CTF reporting 

Then there are the upcoming changes to AUSTRAC’s anti-money laundering and counter-terrorism financing (AML/CTF) obligations opens in a new tab. Like the name suggests, these rules exist to help fight fraud and organised crime. Until now, they have only impacted large organisations. 

From July 1, 2026, though, a new group of businesses will also need to comply. These businesses, called Tranche 2 entities, include real estate agents, lawyers, conveyancers and accountants, among others. You can check if your business will be regulated here opens in a new tab.

Any business that falls into this tranche 2 category will need to review existing policies and procedures to make sure it all complies with obligations like conducting customer due diligence, reporting certain transactions and suspicious activities, and maintaining accurate records.  

Docusign helps provide a secure foundation

Whether your business is impacted by the above changes or not, they serve as a great reminder to review your current practices for collecting, managing and storing customers’ personal information. Are your data collection systems auditable and verifiable? Can you prove your customers are who they say they are? Do you have systems in place to securely dispose of personal data when required? 

Docusign can help tackle many questions like these. For example, our identity verification solution — which is baked into our agreement workflow alongside our dynamic web forms for data and document collection — is a trusted, proven way to validate customers’ IDs and capture all the necessary information in an auditable certificate of completion. Importantly, to meet the conditions of privacy regulations, we don’t keep a copy of customers’ passports or drivers licences in the process. 

It’s things like these that help keep customers’ data safe, and in turn help businesses comply in an ever-changing and increasingly complex regulatory environment. 

To learn more about how Docusign can help you stay on top of complex, ever-changing rules and regulations in your industry, get in touch.