Privacy Act Reforms: What Sporting Organisations Need to Know
- Matthew Krog
- Sep 22
- 2 min read
The Privacy Act 1988 (Cth) is undergoing the most significant reform in decades. Tranche one is already in force. The Government has signalled a second tranche is coming, with timing and final content still to be confirmed.
These reforms are being driven by heightened concern about how personal and sensitive information is collected, stored, and used. For sporting organisations that handle player data, fan engagement systems, wearable devices, or video analytics, now is the time to pay attention.
Privacy Act Reforms - What Changed in Tranche One
The Privacy and Other Legislation Amendment Act 2024 commenced on 10 December 2024 and delivered major changes, including:
Stronger penalties for serious or repeated privacy breaches;
Expanded powers for the Office of the Australian Information Commissioner (OAIC);
Clarification of extraterritorial operation, capturing overseas entities that carry on business in Australia;
Introduction of a new statutory tort for serious invasions of privacy; and
New criminal offences relating to doxxing.
These measures strengthened enforcement and increased the risks of non-compliance.
What to Expect in Tranche Two
Based on the Government’s 2023 response to the Privacy Act Review, tranche two is expected to address several major items. Until a bill is introduced, treat the following as proposals to plan for:
Possible removal of the small business exemption: Clubs, associations, and organisations with annual turnover under $3 million may soon be covered by the Privacy Act;
Expanded definitions of personal and sensitive information: Particularly relevant where data is collected from athletes, members, and fans;
Greater transparency obligations: Clearer privacy notices and more accessible policies; and
Stricter rules on data retention and deletion: Organisations may need to justify why they hold data and have systems in place for secure disposal.
Why Sporting Organisations Should Care
Sporting organisations often underestimate the breadth of personal and sensitive information they handle, such as:
Player health and performance data;
Member registrations and contact details;
Video footage and analytics; and
Financial information tied to memberships and sponsorships.
If the small business exemption is removed, almost every sporting organisation will be captured by the Act. Preparation is essential.
Practical Steps to Take Now
To get ahead of tranche two, sporting organisations should:
Review how personal information is collected and stored;
Update privacy policies to reflect the likely reforms;
Audit technology platforms (apps, wearables, video analytics tools) for compliance;
Train staff and volunteers on privacy obligations; and
Seek legal advice to ensure compliance before the reforms take effect.
Final Word
The Privacy Act reforms will lift the standard for how sporting organisations manage information. Those who prepare early will reduce legal risk and strengthen trust with players, members, and sponsors.
Now is the time to start.
Matt Krog
Director
Aus Sports Law
![When Sporting Bans Cross the Line: Greig v Insole [1978] 1 WLR 302 (QB)](https://static.wixstatic.com/media/b950973c2d4b487b8d68e0d605cd56a8.jpg/v1/fill/w_980,h_661,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/b950973c2d4b487b8d68e0d605cd56a8.jpg)
Comments