Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

All IT Services Managed IT Services Sydney, Northern Beaches

From 1 July 2026, a large group of businesses that were never covered by the Privacy Act suddenly are. Under the Anti-Money Laundering and Counter-Terrorism Financing “Tranche 2” reforms, real estate agents, accountants, conveyancers, lawyers and dealers in precious metals became “reporting entities” — and, as the OAIC explains, that pulls them into the Privacy Act whether or not the old small-business exemption once applied. The regulator estimates more than 100,000 small businesses are affected.

That’s a lot of the Northern Beaches. Walk through Brookvale, Dee Why, Manly or Mona Vale and you’ll pass dozens of agencies, accounting practices and conveyancers who’ve handled clients’ licences and passports for years without a formal privacy obligation. Now they have one — and there’s a twist that catches people out. The OAIC says you should stop keeping full copies of ID documents for AML record-keeping. The rules never required it, and every licence scan sitting in an inbox or shared drive is now a liability in a data breach, not a compliance safety net.

What to do: three practical steps. Put a plain-English privacy policy and collection notice in place if you don’t have one. Audit where client ID actually lives — email, shared drives, your CRM — and delete what you’re not legally required to keep. Then lock down what remains with multi-factor authentication, encryption and sensible access controls. The OAIC’s free Privacy Essentials Checklist for AML/CTF entities is worth ten minutes.

This is as much an IT job as a legal one — most of the risk sits in how client data is stored and who can reach it. If you run a professional practice on the Beaches, All IT can help you sort out data storage and manage your systems before the OAIC’s tougher enforcement stance finds you.