Small business exemptions disappear in 2026. For the Australian mortgage broker, cybersecurity is no longer an IT risk—it’s an operational imperative.
The "second tranche" of privacy reforms marks the period where the small business exemption is expected to be abolished. Brokerages with turnovers under $3 million will be fully subject to the Privacy Act, introducing a "fair and reasonable" test and potential damages of up to $478,550 for serious invasions of privacy.
Most brokerages with <$3M turnover are currently exempt from the Privacy Act provisions, limiting regulatory exposure.
Exemption Abolished.
The "Fair and Reasonable" test applies. Poor staff training is now a legal breach under APP 11.
94%
of consumers cite data security as their primary concern with AI-powered finance.
Cybersecurity is no longer just a risk function; it is integral to operational performance. Assess your brokerage's current readiness below.
Brokers who leverage technology and smarter processes while maintaining iron-clad data security will lead the next generation of Australian lending.
The Broker Times | Australian Mortgage News