The headline number is real: more than 100,000 small businesses become subject to the Privacy Act from 1 July 2026. The mechanism catches people off guard, though, because it comes through the anti-money-laundering reforms, not the privacy reforms directly. From that date the AML-CTF regime extends to “tranche two” professions — lawyers, conveyancers, accountants, real-estate agents and dealers in high-value goods such as jewellers — and the privacy obligations follow the data they handle under it.

If you’re in one of those sectors and you’ve relied on the small-business exemption, that comfort is going. Note the nuance: the blanket $3 million-turnover exemption hasn’t been formally repealed yet — that’s expected in a later tranche — but the AML-CTF path pulls you in regardless for the data you handle under the new obligations.

The practical work is unglamorous and overdue: know what personal information you hold and why, write or refresh a privacy policy that maps to the Australian Privacy Principles, lock down access and storage, and have a breach-response process you could actually run. Start now; 1 July is not far, and the AML and ADM changes stack on top.

What it means for your businessIf you’re in real estate, legal, accounting, conveyancing or high-value goods, assume the Privacy Act now applies to you. Get your data inventory, privacy policy and breach process in order before 1 July 2026.
Source & referenceHelios Salinger — Privacy reforms to impact over 100,000 small businesses ↑AMLCompliant — Privacy Act 2026: every date on the calendar ↑