REGULATORY DEADLINE COUNTDOWN

Data Privacy & Consumer Protection Summit 2026

Thursday, 28 May 2026 |  8 am – 5 pm AEDT | Sydney CBD 
CPD - up to 6 points

Overview What's new Agenda FAQs Register now

The perfect compliance storm has arrived

Australia's privacy landscape has fundamentally changed. The Privacy Act reforms you've been hearing about? They're law. The OAIC compliance sweep? It's happening now. The December 2026 automated decision-making deadline? It's just months away.

And while you're navigating generational privacy reforms, the Australian Consumer Law is simultaneously being overhauled with new unfair trading practices prohibitions targeting the exact same business operations.

Same regulators. Same deadlines. Same compliance teams. One impossible workload.

In-person

SUPER EARLY BIRD
Individuals: $459 + GST, ends 22 March

EARLY BIRD
Individuals: $559 + GST, ends 26 April

FULL PRICE
Individuals: $699 + GST

VENDORS

Individuals: $1,299 + GST

*Buy 4 get 1 free offer available.

Don't wait until December. The compliance clock is ticking. Super early bird pricing ends 22 March—secure your spot and save $240.

The stakes have never been higher

Civil penalties up to $50 million for privacy breaches

New statutory tort creating direct litigation exposure (commenced June 2025)

Record data breaches reported in 2024–25, with human error the leading cause

OAIC enforcement ramping up with new powers and compliance sweeps targeting all sectors

December 2026 deadlines for automated decision-making transparency and Children's Privacy Code

Simultaneous ACL reforms banning unfair trading practices, subscription traps and dark patterns

Program highlights

8:30 - 09:00

Registration and networking

09:00 - 09:45

The new privacy enforcement era: What the OAIC compliance sweep means for you

The OAIC has completed its first-ever privacy policy compliance sweep. Learn what triggered enforcement activity, the regulator's 2025–26 priorities, and what "reasonable steps" now means in practice. Essential insights on emerging enforcement trends and what organisations should expect as scrutiny increases.

09:45 - 10:45

Your December 2026 compliance roadmap: ADM transparency & children's privacy code

What you must complete before 11 December 2026: automated decision-making (ADM) transparency and Children's Online Privacy Code readiness. This session provides a practical framework to identify which systems qualify as ADM under APP 1.4, what policy updates are mandatory, and how to prepare for children's privacy obligations. Walk away with a 90-day implementation roadmap and compliance checklist.

10:45 - 11:15

Morning tea & networking

11:15 - 12:15

The statutory tort reality check: Managing your new litigation risk

Since June 2025, individuals can pursue serious privacy invasion claims directly—and class actions are emerging. Learn what differentiates routine incidents from "serious invasions," which practices heighten exposure, and how to demonstrate reasonable steps to mitigate liability. Includes guidance on insurance gaps, indemnity provisions, and responding to tort claims.

12:15 - 13:15

Lunch and networking

13:15 - 14:15

Data breach crisis management: From detection to OAIC notification

Australia recorded record breaches in 2024–25, with human error the leading cause. Navigate the full 30-day assessment window from detection to OAIC notification using real case studies from health, finance and government. Walk away with a practical breach response playbook, notification guidance, and strategies for managing third-party breach liability.

14:15 - 15:00

Consumer protection reforms: Unfair practices, subscription traps & dark patterns

The 2026 ACL amendments target subscription traps, drip pricing, and dark patterns—often the same business practices under privacy scrutiny. Learn what the new unfair trading provisions prohibit, how consumer protection intersects with privacy obligations, and practical steps to meet both standards. Includes a compliance audit checklist for digital interfaces.

15:00 - 15:30

Afternoon tea & networking

15:30 - 16:30

Privacy compliance & vendor risk management: What actually works in 2026

Move beyond policy to genuine privacy governance. This session covers practical policy audits, data mapping without enterprise tools, staff training to reduce human error, and effective vendor risk management from due diligence to breach response. Walk away with templates, frameworks, and guidance on which compliance technologies deliver real ROI.

16:30 - 17:15

The privacy reform roadmap: Planning beyond December 2026

Balance December 2026 compliance with upcoming Tranche 2 changes. Learn how to prioritize competing demands, build scalable privacy frameworks, and avoid rework. This strategic session covers expected reforms, governance investments that deliver long-term value, and a roadmap for the next 12–24 months.

17:15

Event close

*Please note agenda is subject to change, speakers to be announced soon
 

Frequently asked questions

Why this summit Is different?

Most conferences give you theory. We're giving you the implementation playbook.

In 2026, Australian organizations face simultaneous privacy reforms and consumer protection changes, enforced by coordinating regulators, targeting the same business practices, managed by the same compliance teams, with overlapping December deadlines.

Attending separate events is inefficient and leaves dangerous gaps.

While others focus on privacy OR consumer protection, we address the reality: your business practices don't exist in regulatory silos, and neither should your compliance strategy.

This is the only Australian event that integrates privacy and consumer protection compliance with a laser focus on what you need to do before December 2026.
What You'll Walk Away With?

  • Step-by-step compliance checklist for the 11 December 2026 ADM transparency deadline
  • Privacy policy audit framework to survive the OAIC compliance sweep
  • Statutory tort risk assessment to protect against the new direct right of action
  • 30-day breach response playbook with hour-by-hour action plan
  • Unfair practices compliance guide for subscription models and pricing
  • Children's Privacy Code preparation roadmap
  • Data mapping and vendor risk templates that actually work

No fluff. No theory. Just practical tools you can implement Monday morning.

Who this summit is designed for

Who needs to attend?

This summit is essential for anyone responsible for privacy, compliance, consumer protection, or risk management:

  • Privacy Officers & Data Protection Officers
  • Legal Counsel & General Counsel
  • Compliance & Risk Managers
  • Chief Information Security Officers
  • Consumer Affairs Teams
  • Marketing & Product Managers
  • E-commerce & Subscription Business Leaders
  • IT & Security Teams
  • Government Agency Compliance Officers

If your organization collects customer data, makes automated decisions, operates subscription services, or markets to consumers, you need to be here.
Why legal professionals can't afford to miss this?

If you're a legal professional, you're facing:

  • Immediate compliance accountability – December 2026 deadlines you're responsible for delivering
  • New litigation exposure – The statutory tort for serious privacy invasions creates direct claims and emerging class actions
  • Active enforcement – OAIC compliance sweeps are happening now, with penalties up to $50M
  • Career-critical skills gap – Generational reforms require urgent upskilling
  • Clear ROI – Practical tools to help your organization avoid catastrophic penalties

This event directly serves your urgent needs with practical, deadline-focused content you can't get anywhere else.
Why CISOs, risk & compliance professionals need to attend?

Beyond legal teams, this summit is essential for:

  • CISOs – Data breach management, security obligations, vendor risk frameworks
  • GRC Professionals – Integrated privacy/consumer compliance, cross-functional risk management
  • Corporate Compliance – Policy development, staff training, privacy maturity assessment
  • Privacy Officers – OAIC expectations, data mapping, Children's Privacy Code preparation
  • Risk Managers – Statutory tort exposure, third-party liability, insurance considerations

This cross-functional content ensures your entire compliance ecosystem is aligned.

Be prepared before regulators come knocking

Join the only Australian event combining privacy and consumer protection compliance into one practical, implementation-focused day. Walk away with checklists, templates and action plans you can apply immediately.

Contact us

Attendee inquiries: eventsanz@thomsonreuters.com

Sponsorship enquiries:
david.lewis3@thomsonreuters.com