Helios Salinger has unveiled its 'Privacy Pulse 2025: Measuring Maturity' report, highlighting significant gaps in privacy practices among Australian organisations. Released on June 19, 2025, the report is based on a survey of 119 organisations across various industries and sizes in Australia.

The findings suggest that most Australian organisations have yet to achieve the necessary level of sophistication in handling and protecting customer information to comply with legal standards. While 91% of the surveyed organisations have appointed a designated Privacy Officer, 56% have either no processes or only basic processes in place to identify and assess privacy risks.

Training appears to be a critical area of concern. The report indicates that 59% of organisations provide only basic online privacy training to their employees, with 10% offering limited or no training at all. Furthermore, only 30% of organisations have implemented role-specific privacy training.

The retail sector stands out for demonstrating the highest level of privacy maturity, particularly in areas such as staff training and data breach plans. In contrast, sectors such as construction, manufacturing, mining, agriculture, entertainment, and hospitality are noted for lagging in training, transparency, and risk management.

The report also draws attention to ongoing privacy law reforms and increased regulatory scrutiny in Australia. The Australian Privacy Commissioner has announced plans to escalate enforcement activities, which will include compliance scans and the issuance of fines up to $66,000 for strict liability matters.

Partner at Helios Salinger, Anna Johnston, said: "Training is a real gap, and an important one to fill. It really means getting down to the level of ensuring that everyone in the organisation knows what’s expected of them, and what that looks like practically speaking. It’s also important that it’s clear to customers why their information is being collected, and what it will be used for.

"Poor privacy practices are not only a major reputational risk for businesses that rely on consumer trust and goodwill, but also leave them exposed financially – with the Australian Privacy Commissioner this week signalling the regulator’s intention to ramp up enforcement activity including conducting ‘compliance’ scans and issuing instant fines of up to $66,000 for strict liability matters: for example, not having a compliant Privacy Policy on your website."

The report underscores the potential financial consequences of privacy breaches, with maximum penalties for breaches of the Privacy Act now exceeding $50 million. "But the maximum penalties for other breaches of the Privacy Act are now over $50 million, so companies can no longer afford to ignore privacy risk," said Johnston.