HomeCompliance risk

Compliance risk

The Qantas privacy finding: a positive lesson in third-party oversight

A serious data breach does not automatically mean governance failed. The more important question is whether an organisation can demonstrate that it understood the risks,...

When the Price of Milk is about Governance

The ACCC fined Lactalis $59,400 over misleading 'fresh' milk labelling, while the Federal Court's $11.3 million penalty against Mercer Super shows the same claims-outrun-evidence governance failure at a very different scale.

Australia’s Data Breach Risk Has Moved From Cyber Issue to Operating Risk

The OAIC has published new Notifiable Data Breaches statistics for 2025, showing notifications at an all-time high and issuing a new quick reference guide for entities covered by the scheme. This is not a new…

OAIC draws a hard line on tracking pixels and sensitive data

OAIC has confirmed, through two determinations published on 24 June 2026, that Medmate and Monash IVF interfered with privacy by using third-party tracking pixels on health-related websites to collect sensitive information and target advertising. The…

OAIC determination puts insider privacy risk back in the spotlight

The OAIC found an organisation breached APP 11.1 after an employee accessed customer personal information without authorisation. With the Medibank civil penalty case before the Federal Court, OAIC enforcement on internal access controls is active and escalating.

Pricing governance is a customer trust control, not just a marketing decision

Coles, Woolworths and IAG each faced regulatory action over pricing for the same reason: a gap between what customers were told and what the pricing system actually did. This post uses those cases to ask whether your organisation can show how pricing decisions are owned, challenged and tested for customer outcomes — before a regulator does it for you.