Australia's privacy reforms have quietly turned data privacy into a first-order governance problem. A new statutory tort in force since June 2025, tougher enforcement powers, and rising expectations around AI and automated decision-making (ADM) mean privacy now sits alongside cyber, conduct and workplace safety as a board-level exposure.