Public business registries were built for trust. But in practice, “privacy” often becomes a paid feature — and the smallest operators are the ones left exposed.
Introduction: what this post is really about
If you’re a sole trader working from home, your “business details” can quickly turn into your personal footprint: a searchable street address tied to your name, your ABN, and your work.
That’s not a hypothetical risk. Doxxing is literally the publishing of identifying details like a home address to enable intimidation or harm — and once an address is public, it’s easy to copy, scrape, and redistribute.
This is the address trap: modern registry systems try to balance transparency and safety, but the balance often breaks in one direction — toward exposing micro-business owners while better-resourced actors get buffers.
The core mechanism: “service address” rules that hit the smallest businesses hardest
Most countries require some kind of address for official contact (service of documents / registered office / registered agent). The logic is legitimate: if you’re doing business, there must be a reliable way to serve notices, enforce contracts, and prevent fraud.
The problem is what happens when the “reliable address” becomes a public address — and the cheapest reliable address you have is… your home.
In Australia, for example, ASIC explicitly states that the service of documents address for business names is shown on the public register.
“The address is shown on the public register.”
ASIC also notes a key nuance: if your principal place of business is your home and you operate as an individual, the register may show only suburb/state/postcode — but that doesn’t solve the exposure problem if your service address is your home.
So the “privacy outcome” often depends on whether you can afford a separate address.
Australia’s split reality: companies got a privacy upgrade; sole traders often didn’t
The company-side change (privacy improved)
On 2 February 2026, ASIC changed what appears on purchased company extracts: residential addresses of company officeholders are no longer included in those extracts. ASIC cited privacy/safety concerns and risks like identity crime and cybercrime.
But ASIC is also clear this was not intended to remove access entirely to residential address information — just to remove it from those extracts sold via ASIC’s website.
The sole-trader/business-name side (exposure persists)
Meanwhile, the business-name system still pushes many sole traders toward publishing an address that can function like a home address in practice (service address visibility, and principal place of business visibility rules).
That’s the privacy divide in one sentence:
Companies got an automatic safety buffer; individuals often still have to buy one.
ABN exposure: it’s not “ASIC vs ABN” — it’s a whole ecosystem
A lot of people experience this as “my ABN details are public.” That’s because ABN Lookup is a public view of the Australian Business Register (ABR), designed to let others verify business identity.
The ABR classifies information as public vs non-public, and it also provides a pathway to request non-disclosure of certain details in high-risk situations (for example, where publication could endanger you or your family).
So the issue isn’t “one website.” It’s the way multiple registries (business names, ABN lookup, company registers) interact — often producing a single, searchable identity trail.
The global pattern: public registries are tightening, but unevenly
Across jurisdictions, you can see a trend: governments are trying to reduce unnecessary exposure of home addresses — without destroying transparency.
United Kingdom: service addresses are the norm (but only if you use them)
Companies House guidance makes it blunt: if you use your home address in the wrong field, it can become public.
And the UK tightened address rules further: a company’s registered office must be an “appropriate address,” and you can’t use a PO Box as the registered office.
The practical outcome:
- If you can use an accountant/agent address, you’re safer.
- If you can’t, your home becomes the obvious default.
New Zealand: suppression is possible, but often requires proof of harm
New Zealand provides a process to request suppression of a residential address, but it’s not “automatic by default” — it’s typically an application-based mechanism, with supporting evidence.
European Union: beneficial ownership transparency hit a privacy wall
In 2018, EU rules pushed toward public beneficial ownership access. Then in November 2022, the Court of Justice of the EU struck down the “any member of the public” access model as incompatible with fundamental privacy/data protection rights.
Now the debate is shifting toward “legitimate interest” access — trying to preserve access for journalists, civil society, and enforcement while limiting mass public exposure.
United States: beneficial ownership reporting whiplash — but it’s not a public register
In March 2025, FinCEN issued an interim final rule removing BOI reporting requirements for U.S. domestic companies and U.S. persons (while foreign reporting companies remain in scope).
And critically: BOI reporting (where it exists) is not designed as a public “open address book.” The bigger day-to-day privacy exposure in the U.S. often comes from state-level business filings and the use (or non-use) of registered agents.
Quick comparison: what tends to be public (and who can avoid it)
| Jurisdiction | What’s commonly public | What’s commonly protected | The “escape hatch” (often paid) |
|---|---|---|---|
| Australia (business names) | Service of documents address; principal place of business rules vary for individuals | Some details can be hidden; ABR supports non-disclosure in safety cases | PO Box/service address options; paid mailbox/agent |
| Australia (companies) | Registered office is public on purchased info | Residential addresses removed from purchased extracts (Feb 2026) | Separate registered office; professional services |
| UK (Companies House) | Registered office is public; PO Box restricted | Home address protections exist; service address is the safer public field | Accountant/agent address |
| NZ (Companies Office) | Core registry info is public | Residential suppression exists but is application-based | Legal/agent support; evidentiary burden |
| EU (beneficial ownership) | Moving away from unrestricted public access | Public access model curtailed by CJEU (Nov 2022) | “Legitimate interest” style access debates |
“Do the poor even matter?” The uncomfortable truth about registry design
Here’s the hard part: registry policy can be “neutral” on paper and regressive in practice.
Because privacy isn’t just a right — it’s also an infrastructure problem:
- If you can pay for a separate address, you can decouple “business identity” from “home identity.”
- If you can’t, the registry turns your home into your business frontage.
That’s why the same policy can produce two realities:
- Well-resourced companies get privacy by default (structures, agents, office addresses, legal help).
- Sole traders and micro-enterprises absorb the exposure personally.
And once personal details are public, the risk surface expands: harassment, stalking, identity misuse, and doxxing campaigns thrive on address-level data.
The transparency counter-argument (and why it’s not wrong)
Transparency exists for a reason. Global standards bodies treat beneficial ownership and entity transparency as important tools against corruption, tax evasion, and money laundering.
The real question isn’t “transparency vs privacy.”
It’s:
Which data needs to be public, for whom, and at what risk cost?
The EU’s post-2022 pivot is basically this debate in legal form: public access was too broad, but public-interest access still matters.
What sole traders can do now (practical, not theoretical)
1) Treat your “service address” as a safety decision
If the registry publishes it, don’t default to your home. In some systems, a PO Box is allowed for service (Australia’s business-name service address rules allow a PO Box), but always check the exact requirement for the address type.
2) Separate “principal place of business” from “public contact” where possible
Even when a principal place of business must be a physical street address (common in many frameworks), don’t assume it must be publicly displayed at full resolution — rules differ, and some registers use partial display for individuals.
3) Use suppression/non-disclosure pathways if you have a safety risk
Australia’s ABR provides a non-disclosure request pathway in safety-risk scenarios.
Other jurisdictions also offer “protect/suppress” mechanisms (UK, NZ), but they often require an application and evidence.
4) If you incorporate, understand what changed — and what didn’t
ASIC’s Feb 2026 change reduced exposure on purchased extracts, but it didn’t erase the existence of residential address information inside the system.
So you still want address separation where practical.
What better policy looks like (globally)
If governments want registries that build trust without turning micro-business owners into easy targets, reforms tend to converge on four principles:
- Default to service addresses publicly (home addresses collected for compliance, not broadcast).
- Tiered access: public sees minimal necessary data; accredited actors (courts, regulators, journalists under public-interest rules) can access more, with logging and oversight.
- Harm-aware design: “address-level” exposure is treated as sensitive by default, because doxxing operates on address-level data.
- Anti-abuse verification: transparency should target bad actors, not punish compliance — especially when global standards already emphasize effective beneficial ownership frameworks for enforcement.
Summary: the address trap is a design problem, not a personal failing
Public business registries aren’t evil. They’re essential.
But when registry design makes “privacy” something you buy — through paid addresses, agents, and structures — the smallest operators pay the highest personal cost.
If a system exposes home addresses by default, it will always hit hardest where margins are thinnest: sole traders, gig workers, micro-shops, and home-based businesses.
And that’s the real test of a modern registry:
Can it deliver trust and enforceability without turning ordinary people into collateral damage?