Rules Mate

Privacy Act checklist

Privacy Act 2026 readiness checklist

The Privacy and Other Legislation Amendment Act 2024 introduced a statutory tort, enhanced penalties (up to $50M) and signposted automated decision-making transparency obligations that commence on 10 December 2026. This checklist generator scores your privacy program across 10 control areas and outputs the must-do items tailored to your answers.

Last verified: 5 June 2026
Question 1 of 1010%
Privacy Act 2026 readiness

Do you have a documented inventory of the personal information you collect, hold, use and disclose?

APP 1.3 requires you to take reasonable steps to manage personal information openly. A data inventory is the foundation.

This checklist is a structured prompt — not legal advice. It cites the relevant Act and section against each item so you can verify the source. Engage a qualified adviser before relying on the output for board, regulator or transaction purposes.

Frequently asked questions

Does this checklist apply to me if I'm under the $3M small-business threshold?
Yes — voluntarily applying APPs is the prudent posture. Removal of the small-business exemption remains a proposed reform; it is not law. The checklist still helps you map your exposure today and prepare for a future tranche if it passes.
What changes on 10 December 2026?
Automated decision-making transparency requirements and the Children's Online Privacy Code commence (two years after the Privacy and Other Legislation Amendment Act 2024 received assent). The statutory tort and enhanced penalties are already in force.
Will this checklist make my organisation Privacy-Act compliant?
It will not — no checklist can. This is a structured starting point. Engage a privacy lawyer or APP-trained consultant to validate scope and risk treatments before relying on the output.