Sports insights - December 2025

Bringing you the latest legal news, information and insights impacting the sport and leisure industry.

Data protection and IT security due diligence

The Federal Court has issued the first civil penalty under the Privacy Act 1988 (Cth) (Privacy Act). Australian Clinical Labs (ACL) was ordered to pay civil penalties of A$5.8 million for the failure to prevent and also having an inadequate response to a cyber incident which exposed the personal information and sensitive health information of over 223,000 individuals.

In December 2021, ACL acquired the assets of Medlab Pathology Pty Ltd (Medlab), including its IT systems. These systems were scheduled for integration with ACL’s infrastructure within six months of completion. However, on or shortly before 25 February 2022, Medlab experienced a cyberattack that exploited vulnerabilities which existed in its IT systems prior to the acquisition.

ACL was found to have breached the Privacy Act by failing:

• to identify certain relevant vulnerabilities in Medlab's IT systems prior to the acquisition;
• to address the deficiencies of Medlab's IT systems which were known to ACL during the 6-month system integration period following completion;
• to have key ACL personnel trained;
• to maintain ACL's relevant playbooks/procedures adequate; and
• to conduct a reasonable and timely assessment, ACL relied exclusively on StickmanCyber’s advice even though it was aware of the investigation’s limitations.

Issues for sports

For sport teams or governing bodies, the Federal Court's decision in Australian Information Commissioner v Australian Clinical Labs Limited (No 2) reinforces the importance of:

• thorough privacy and data security due diligence to identify any deficiencies prior to a merger, acquisition or unification of teams, leagues or companies; and
• identifying any privacy and data security gaps before completing the acquisition, or promptly afterwards, as purchasers may be held liable for deficiencies that existed prior to the transaction.

More broadly, this case underscores the critical need for sports bodies to safeguard their data and implement robust procedures, supported by comprehensive staff training.

For a more detailed analysis of the decision in Australian Information Commissioner v Australian Clinical Labs Limited (No 2), please refer to the Legal Insight prepared by our Digital Economy team.

Fixed term contract exemptions made permanent for sport

As mentioned in earlier updates, from 7 December 2023 the Fair Work Act 2009 (Cth) (FW Act) has limited the ability of employers to engage an employee on a fixed term contract that is longer than two years or has more than one renewal option, or in a series of "rolling" or consecutive fixed term contracts.

The sports industry has traditionally relied on fixed term employment to meet its particular resourcing demands ─ for example, the need to contract elite athletes or coaching staff for several seasons at a time, without necessarily committing to providing them with indefinite and ongoing work.

As such, the Fair Work Regulations 2009 (Cth) have contained temporary exemptions from the fixed term contract limitations, including for:

• Organised sport: Capturing athletes, coaches, match officials and performance support professionals employed by National Sporting Organisations and National Sporting Organisations for People with Disability, State or Territory governing bodies for organised sport, and members of or persons otherwise affiliated with these bodies.
• High performance sport: Covering employers who support the administration or organisation of international high-performance sporting events that are not regularly held in Australia (e.g. Olympic Games, Commonwealth Games, or a World Cup).

These exemptions were scheduled to expire on 1 November 2025, leaving the sports industry to grapple with how it might balance compliance with the FW Act against the unique nature of its workforce - a significant portion of which perform roles that are necessarily time-limited by factors such as playing seasons and athletic performance, or temporary sport events.

During public consultation on the Secure Jobs, Better Pay legislation (which introduced the fixed term contract limitations back in December 2023), relevant stakeholders including the Australian Sports Commission and Coalition of Major Professional and Participation Sports endorsed the exceptions being made permanent.

With the expiry date looming, the Fair Work Amendment (Fixed Term Contracts) Regulations 2025 were issued on 30 October 2025. They provide that the exemptions for organised and high-performance sport will be permanent and ongoing. In positive news for the sports industry, this means eligible employers can continue to lawfully use fixed term employment contracts that might otherwise fall foul of the FW Act limitations.

The amending regulations also extend the temporary exceptions which have applied to charities and the not-for-profit sector, as well as in the medical or health research industry, until 1 November 2026 (subject to some additional requirements).

National AI Plan Released

The Australian Government has released its National AI Plan, outlining a clear roadmap for building an AI-enabled economy and signalling a major shift in the Government’s approach to AI regulation.

Our Digital Economy team's latest insight breaks down what you need to know - including the Government’s move toward a "regulate where necessary" model, the establishment of an AI Safety Institute, and what this means for organisations developing or deploying AI. It also highlights the key reviews underway across privacy, consumer law, healthcare, copyright and more, and why businesses cannot wait for AI-specific laws before strengthening their governance frameworks.

You can read the full update here.