Notes from the Asia-Pacific region: Privacy Awareness Week a timely opportunity to reflect on expectations

As we move into May, the privacy community across Australia and the broader Australia and New Zealand region turns its attention to Privacy Awareness Week 2026 led by the Office of the Australian Information Commissioner in collaboration with industry partners and support organizations. More than 300 businesses, public departments and entities have proactively signed up as PAW supporters this year, signaling the importance of the moment. PAW continues to serve as a key moment to elevate awareness, reinforce accountability and prompt meaningful action on privacy and data protection across public and private sectors.

This year's theme, "Trust is built here. In every privacy complaint. In every resolution," reflects a notable shift in emphasis from awareness toward operational maturity. The OAIC has deliberately focused the conversation on dispute resolution, highlighting that trust is not earned through policy statements alone, but through how organizations respond when something goes wrong. 

In the words of Privacy Commissioner Carly Kind, a privacy complaint represents a "critical trust‑building moment," underscoring that responsiveness, fairness and transparency are now core indicators of organizational accountability. The data underpinning this shift is equally instructive. 

Preliminary insights from the 2026 Australian Community Attitudes to Privacy Survey, soon to be released, suggest Australians are increasingly concerned about how their personal information is handled, with a significant portion reporting concerns over the past year. However, more than half of individuals do not raise complaints, citing barriers such as complexity, lack of awareness or a belief that doing so will not lead to meaningful outcomes. For organizations, this signals both a risk and an opportunity, the risk of eroding trust through poor engagement and the opportunity to differentiate through effective, human‑centered resolution processes.

Third‑party perspectives reinforce this evolving narrative. Industry and legal commentators continue to highlight that privacy is no longer a peripheral compliance function, but a core business capability. Analysis published during previous Privacy Awareness Week cycles points to a growing litigation and enforcement environment, driven by strengthened regulatory powers, heightened public expectations and the emergence of a statutory tort of privacy in Australia. 

Collectively, these developments signal that organizations must be prepared for increased scrutiny not only from regulators, but from customers, partners and the courts. At the same time, practitioners are increasingly focused on the systemic risks embedded within modern data ecosystems. Third‑party service providers, in particular, have emerged as a critical point of vulnerability. This reinforces the importance of extending privacy governance beyond organizational boundaries, ensuring that vendor management, contractual safeguards and ongoing assurance processes are robust and fit for purpose.

Taken together, these themes point to a maturing privacy landscape in which accountability is tested not in theory, but in practice. Complaint handling, breach response and third‑party risk management are no longer operational afterthoughts; they are frontline indicators of organizational integrity and trustworthiness.

For privacy professionals, PAW 2026 provides a timely opportunity to reflect on these expectations and to drive internal conversations that move beyond compliance toward capability. Whether through strengthening complaint handling frameworks, investing in training and awareness or reassessing third‑party risk models, organizations have a clear mandate: to embed privacy as a lived experience within their operations.  

As the regulatory environment continues to evolve and societal expectations accelerate, one thing remains clear, trust is built not in moments of perfection, but in moments of response. Privacy Awareness Week serves as both a reminder and a call to action for all of us to meet that standard with consistency and purpose. Personally, I'm very much looking forward to the various events, gatherings and content sessions that will fill the schedule over the week and connecting with IAPP members and guests.