Website analytics, advertising pixels and CRM tracking can be useful for understanding enquiries, campaigns and customer behaviour. The problem is that these tools can also collect information a business did not intend to share, especially when they sit on enquiry forms, booking pages, payment flows, health-related pages or customer portals.
The OAIC’s 24 June 2026 finding about third-party tracking pixels is a timely reminder for Australian small and medium businesses. Privacy is not only a legal document on the website. It is also about what scripts are installed, what data they collect, who receives it and whether the business can explain that clearly to customers.
Why tracking pixels need attention
Many businesses add analytics, remarketing tags, chat widgets, booking plugins and CRM integrations over time. A new marketing campaign, website refresh or plugin update can introduce extra tracking without a full privacy review. If those tools capture page visits, form fields, email addresses, phone numbers, appointment details or customer behaviour, the risk becomes more than a reporting issue.
For SMEs, the practical question is simple: do you know which third-party tools are running on your website, what they collect and whether your privacy notice, consent process and CRM setup match the reality?
What business owners should check
- Review every website tracking script. Check analytics, pixels, tags, chat tools, heatmaps, form plugins and CRM connectors.
- Map sensitive pages. Pay special attention to contact forms, quote requests, booking pages, customer portals, payment pages and industry-specific pages where sensitive information may appear.
- Limit what is shared. Avoid sending form field contents, customer identifiers or unnecessary event data to advertising and analytics platforms.
- Keep privacy notices accurate. Your website should clearly explain collection, use and disclosure in plain English.
- Control admin access. Limit who can add tags, install plugins or connect marketing platforms to the site.
- Test after changes. Website updates, new campaigns and CRM automation should include a quick privacy and data-flow check before going live.
Where Xpansion Technologies can help
Xpansion Technologies helps businesses review websites, CRM workflows, analytics, automation, cloud systems and cybersecurity controls together. A practical review can identify unnecessary tracking, improve consent and privacy wording, clean up form data flows and make sure customer information is handled with care.
The aim is not to remove useful reporting. The aim is to use technology responsibly, keep customer trust and avoid surprises when a website, campaign or automation tool starts collecting more than expected.
Sources
- OAIC media release: Privacy Commissioner finds privacy breaches in third-party tracking pixel investigation
- OAIC privacy guidance for organisations and government agencies
- Cyber.gov.au small business cyber security guide
Leave a comment