The 2024–26 Privacy Act reforms quietly added an automated-decision-making (ADM) transparency obligation that starts on 10 December 2026. If your business uses software — including AI screening, automated credit or eligibility checks, algorithmic pricing, or even a chatbot that triages enquiries — to make or substantially help make decisions that could significantly affect someone, you have to disclose that in your privacy policy.
Most SMBs reading that assume it doesn’t apply to them. It increasingly does. The tools that crept into the business over the last two years — the booking bot, the lead-scoring add-on, the “smart” quoting engine — are exactly the systems the obligation is written for. The disclosure itself is not onerous; the work is knowing which of your tools actually make decisions, and writing it down before the date, not after a complaint.
Treat it as a register exercise. List the systems that touch customer or staff decisions, note what each one decides, and update the privacy policy to match. It’s the same inventory you need for the AML-CTF and Privacy Act changes landing on 1 July anyway.
