Privacy Awareness Week 2026 runs from 4 to 10 May, led by the Office of the Australian Information Commissioner with the theme “Trust is built here — In every privacy complaint. In every resolution.” The focus this year is squarely on how regulated organisations actually handle complaints when something goes wrong, as set out by the OAIC. The timing is no accident — it lands in the same year the OAIC has shifted from guidance to active enforcement, with its first 2026 compliance sweep already targeting around 60 entities across sectors that collect personal information at the front counter.

For Australian wealth managers, this is more than a polite awareness campaign. You sit on some of the most sensitive personal data in the country — TFNs, identity documents, account balances, beneficiary details, health-related underwriting notes — and the small business turnover exemption has not protected the financial services industry for years. Tranche 2 of the Privacy Act reforms is widely expected to land in 2026 or 2027, the statutory tort for serious invasions of privacy is already in force, and your insurer, your AFSL responsible managers and your enterprise clients will all ask sharper questions when something gets escalated. A complaint that drags on, or a privacy policy that hasn’t been touched since 2022, is now a measurable business risk.

Five things worth doing this week:

1. Re-read your privacy policy with fresh eyes. If it still references the Privacy Act 1988 without acknowledging the 2024 amendments, it’s out of date.
2. Document your complaint handling pathway. Who receives it, how quickly is it acknowledged, who decides the outcome, and how is the resolution recorded? The OAIC will ask.
3. Map where client personal information lives — your CRM, your file server, the platform, your email archive, and any SaaS your advisers use. You can’t protect what you can’t find.
4. Run a 30-minute team session on what counts as a privacy incident and the OAIC notification window — using PAW as the natural reason for the chat.
5. Test that your Microsoft 365 retention and DLP policies actually do what your privacy policy promises.

If you want a second pair of eyes on the data flows, mailbox controls and incident response steps that sit underneath all of the above, our financial services IT team works with Australian wealth managers on exactly this.