OAIC Privacy Sweep Targets Licensed Venues — What Your Pub, Club or Hotel Should Check

The Office of the Australian Information Commissioner (OAIC) kicked off its inaugural privacy-policy compliance sweep earlier this year, and licensed venues are one of the six sectors being examined. The sweep covers around 60 businesses across rental and property, pharmacies, licensed venues, car rental, car dealerships, and second-hand dealers. Non-compliant entities can face compliance notices, infringement notices and penalties of up to $66,000, as laid out in the OAIC’s announcement.

If you run a pub, club, restaurant or hotel in Australia, the OAIC’s focus is on how you collect personal information in person — think ID scanners at the door, loyalty sign-ups at the bar, venue Wi-Fi captive portals, booking forms, and CCTV notices. Australian Privacy Principle 1.4 requires your privacy policy to clearly cover what you collect, why, who you share it with, how long you keep it, and how people can access or complain about it. The regulator has been explicit that this is about genuinely informed consent — not a link buried in the footer that nobody reads.

What to do this week: pull up your privacy policy and read it through the eyes of a patron who’s been asked to hand over a licence at the door. Does it mention ID scanning specifically? Does it tell them where the data is stored, how long for, and who has access? Check your POS and loyalty platforms too — if a third-party vendor holds guest data on your behalf, that sits in your policy. And make sure staff know where the policy lives and how to direct a privacy query.

If the tech side of this (ID scanners, guest Wi-Fi, CCTV retention, POS integrations) is murky, that’s the practical work we do with hospitality operators — see our hospitality IT services for how we keep venue tech both useful and compliant.