What is a compliance notice?

A compliance notice is a written notice from the Privacy Commissioner to a public or private sector agency that the agency is in breach of its statutory obligations under the Privacy Act or a code of practice, or under another relevant Act or instrument. It is a direction to an agency requiring it to take certain action, or to desist from taking certain action, in order to comply with the requirements of the Privacy Act, the code of practice or another specific code or provision.

The notice will specify the nature of the breach and require the agency to remedy the breach so that it complies with its statutory obligations. It may require that agency to take particular steps to comply with its statutory obligations within a specified timeframe. If an agency does not comply with a notice or appeal it, the Privacy Commissioner may bring enforcement proceedings in the Human Rights Review Tribunal to enforce the notice. The Tribunal may make an order that the agency comply with the notice by a specified date. Failure to comply with Tribunal order could lead to a fine of up to $10,000

Our Compliance and Regulatory Action Framework policy outlines how we approach compliance notices. We also have further guidance on compliance notices [PDF, 388 KB] (opens to PDF, 388KB).

Updated October 2025