Privacy is no longer a back-office issue; it is a social licence and trust issue, that sits right at the centre of how your organisation is judged.
The OAIC’s 2026 Australian Community Attitudes to Privacy Survey shows Australians are increasingly concerned about privacy, while trust in Artificial Intelligence (AI) remains extremely low.
30 Second Take
The survey also points to stronger community expectations for transparency, fairness, proportional collection of information, and better complaints handling.
For organisations, the message is important:
Privacy governance is becoming a visible test of operational discipline, customer trust and board oversight.
Enterprise wide understanding and governance are critical
People, and your regulators, are telling you they want to know what data is being collected, why it is needed, how it is used, and what happens when something goes wrong.
That matters because even where a practice is technically permitted, it may still be seen as unfair, unnecessary or hard to understand. Those perceptions can quickly become a conduct, reputational and regulatory risk.
The impact is not limited to the obvious, being the privacy teams. It also affects boards, executives, product owners, digital transformation programs, marketing teams, customer experience functions, complaints handlers, information security teams and those accountable for data-driven growth.
What should you ask
Key questions boards should be asking are:
- Do we know our most critical risks and why they matter?
- Can we clearly explain our use of personal information and AI in a way customers actually understand?
- Can we evidence our testing and clarity on management accountability?
- If a privacy complaint landed on the CEO’s desk tomorrow, could we evidence our decisions and response times?
- Have we prioritised focus across AI, process management, enterprise risk, culture and risk in change?
Boards should be asking whether privacy controls are designed for real-world use, whether complaint trends are being reported as risk signals, and whether the organisation can demonstrate fairness, accountability and improvement over time.
What next
Next steps should focus on maturity, evidence, ownership and uplift. That means testing management on privacy and data collection, whether AI and biometric use is clearly disclosed, whether retention and deletion are working, whether complaint handling is timely, and whether responsibilities sit with named owners.
Bottom line: this is a reminder that trust is earned through everyday governance and risk practice, not policy statements.
To learn more about where to focus on in your governance, our Board Risk Snapshot provides you a secure tool to help you focus on the key areas.

