Privacy win or compliance headache? ASIC redacts directors’ residential addresses

However, ASIC claimed that this action did not remove residential address information entirely, but introduced a barrier at the most widely available access point.

“ASIC implemented this change in response to broader privacy and safety concerns including the potential to access personal information, heightened concerns around personal safety and to reduce the risk of identity theft and cyber crime,” the regulator said.

“Law enforcement agencies, government departments, and those who require address details for regulatory compliance and business purposes will still have access to this information.”

This move by the regulator was welcomed by members of the insolvency community, yet some reservations remained prevalent.

Eddie Griffith, Affiliation for Business Resilience and Turnaround (ARBT) chair, said considerable director risk was now transferred into additional compliance for accountants and advisers.

According to Griffith, this reform was “necessary and overdue, but it was poorly signposted”.

Before the removal, addresses could be found through public-facing company searches on ASIC Connect. Until last week, any member of the public could pay a small fee and obtain a company extract showing a director’s full home address, as well as being free of charge through tax agent reports.  

This change was applied without advance notice to accountants and advisers, Griffith said.

“Residential addresses no longer appear on paid ASIC Connect extracts or free tax agent reports. Directors’ dates of birth are now limited to month and year only. The reform operates at the output layer,” he said.

“The underlying data has not been deleted. ASIC, the ATO and other regulators retain full access. This was a policy-driven reform initiated by Treasury. ASIC’s role was execution, not decision timing.”

This was claimed by Griffith as residential addresses were allegedly hard-wired into legislation, meaning ASIC could not have lawfully redacted this information earlier without additional authority.

Despite this, it was acknowledged that from a risk perspective, the old public registry model was archaic and being able to identify where a director lived by buying a company extract was “out of step with modern privacy, safety and cyber-risk realities”, yet the lack of warning was difficult to justify.

“A short heads-up to accountants and advisers would not have a meaningful increased fraud risk. What it would have done is allow stale or incorrect address data to be corrected before visibility was removed. That opportunity is now gone.”

Overall, Giffith said ARBT considered the reform a net positive, but reiterated it hadn’t entirely hit its mark.

This was based on the reform following years after director identification numbers, registered office addresses and shareholder addresses still being publicly available, historical extracts could no longer be used to reconstruct address continuity for advisers, and the ATO was still using private addresses to send Director Penalty Notices.

“There is no loss of enforcement for ASIC, the ATO, or the courts. Regulators retain full access to this information. What has shifted is where the risk and cost sit – more of that friction now falls on accountants, small advisers and creditors,” Griffith said.

Additionally, this change landed at a time of escalating compliance pressure for small businesses, their advisers and accountants with Payday Super and AML/CTF obligations coming in as of July.

“Directors gain marginal but real privacy protection, and the public registry is safer as a result. Stronger protection already exists through silent elector status, which remains the gold standard where there is a genuine safety risk.”

“The criticism here is not the reform itself. It is the timing and the lack of communication with the accountants and advisers who sit closest to directors and small businesses, at a time when compliance demands are already intensifying.”