Privacy Awareness Week 2026

Privacy compliance and artificial intelligence risks

Privacy Awareness Week (PAW) is an opportunity for organisations to move beyond policy and compliance and focus on how privacy, privacy governance, and data protection operate in practice across systems, processes and people.

At Holding Redlich, our Digital Economy and Data & Privacy teams are working with clients navigating increasingly complex privacy challenges. As regulatory expectations evolve, there is a growing focus on whether privacy frameworks are not only well-designed, but effective in operation.

What we’re seeing in the market

Across sectors, a number of consistent themes are emerging:

• mature frameworks still breaking down in execution, highlighting gaps in privacy compliance and governance, leading to complaints, incidents and regulatory scrutiny
• Privacy Impact Assessments (PIAs) undertaken as compliance exercises, without fully testing real-world scenarios or data protection implications
• increased regulatory focus on accountability, privacy governance, and clear ownership of privacy risk
• technology adoption — particularly artificial intelligence and data-driven platforms — creating new and not always well understood risks
• heightened customer and stakeholder expectations, with privacy practices directly impacting trust and reputation

Top 5 trends in privacy – Australian Government:

• Privacy and AI: With the widespread adoption of AI in the Australian Public Sector, ensuring privacy compliance is an essential element in driving safe, responsible and effective use of AI. The Digital Transformation Agency has established requirements for transparency statements regarding the use of AI.
  
  References:
  Top five trends for Australian Government legal practice in 2026, Automated decision making and public reporting lessons for government agencies
  
• Tell Us Once: The Regulatory Reform Omnibus Act 2025 (Cth) supports a ‘tell us once’ approach to the sharing and use of information by various Australian Government agencies.  The reforms enhance the accuracy of personal information held by agencies and authorise sharing under the Privacy Act 1988 (APP 6.2(b)).
  
  Reference: Top five trends for Australian Government legal practice in 2026
  
• Privacy and Cybersecurity: Recent data breaches have shone a spotlight on the role of cybersecurity in protecting personal information. Reasonable steps to ensure the security of personal information under APP 11 include both technical and organisational measures.
  
  References: Privacy and Other Legislation Amendment Act 2024 (Cth), The Privacy Law Reforms finally passed in 2024 set the priorities for 2025
  
• Automated Decision Making (ADM) and Privacy: The Privacy and Other Legislation Amendment Act 2024 (Cth) includes new ADM transparency requirements scheduled to commence on 10 December 2026, obliging APP entities to disclose in their privacy policies when a computer program makes (or substantially shapes) decisions that significantly affect individuals, including the types of personal information and decisions involved.
  
  Agencies should also review their Information Publication Scheme ADM descriptions to ensure they are consistent with ADM disclosures made in privacy policies.
  
  Reference: Automated decision making and public reporting lessons for government agencies
  
• Uplifting privacy awareness: Safeguarding privacy cannot be achieved by the Privacy team alone. Agency wide understanding supports consistent implementation of good privacy practice. Privacy Awareness Week is the perfect time to hold training and uplift awareness.

Our focus this Privacy Awareness Week

Throughout Privacy Awareness Week, we will be sharing insights and practical guidance on strengthening privacy compliance, governance, and data protection with a focus on:

• where privacy frameworks are falling short in practice
• how to strengthen Privacy Impact Assessments (PIAs) and embed real-world scenarios
• managing privacy risks associated with artificial intelligence and emerging technologies
• lessons from recent complaints, incidents and regulatory activity
• building organisational capability — not just compliance