Half of all organisations are not even aware of amendments to the Privacy Act that could see fines of about $1.7 million imposed when it comes into effect next month.
IT vendors and privacy advocates hope the startling low awareness figure will shock corporate Australia and smaller players into action.
"Fifty per cent of organisations in Australia don't even know about the legislative changes," Capgemini Australia testing services director Shane Lonergan said. "It's across the board from tier-one to tier-two organisations ... they're major players (in the dark)."
He said only about 25 per cent of organisations were "doing something about it".
Mr Lonergan singled out the finance industry as "doing a lot to be compliant".
The new privacy laws apply to all businesses that turn over more than $3m a year and which collect personal data. This covers online retailers, tech start-ups, large corporations and all federal government departments and agencies.
Agencies and companies can be fined $1.7m and individuals $340,000 for serious or repeated invasions of privacy.
Currently, if company A collected personal information from a consumer and wanted to share it with company B, the only obligation on company A was to state in its privacy policy that it would share the information with a third party.
The new laws mean the obligation also falls on company B to contact the consumer and let them know how they plan to use their data.
DLA Piper intellectual property and technology partner Alec Christie told The Australian last month that 50-60 per cent of corporate Australia would not be compliant by March 12.
Mr Christie urged organisations to undertake a "mini privacy audit" and "look at what they collect, how they collect it, what purposes they use it for, how long they keep it", and map the findings against Australian Privacy Principles.
"I think most of them will find at least one of those scenarios is contrary to what their obligations are," Mr Christie said.
Australian Privacy Foundation health sub-committee chair Juanita Fernando said the Act meant different things to different people.
"Not only do private organisations not know about amendments to the Privacy Act, each of them interpret it differently in real life too. And they do not understand how to apply the Act to business," Dr Fernando said.
"Industry and governments simply behave as if it is their right to collect and mine big data - they are not philosophically prepared to think of personal data as linked to actual people ... it is all simply a technical, number-crunching concern.
"Privacy rights are subject to machine logic with the technological revolution (and) people and policies work to machine capabilities rather than human ones. The entire issue is a debacle that governments cannot manage effectively worldwide."
Australian Privacy Foundation vice-chairman David Vaile said the 50 per cent figure was consistent with what he had heard from the compliance and regulatory community.
