AI adoption in Australia under the privacy spotlight
AI adoption must now be on every board room and executive team’s agenda as an emerging area of risk and regulatory focus. This issue has been given further impetus by a number of key developments across Australia’s multi-jurisdictional landscape. At the federal level, the Office of the Australian Information Commissioner (OAIC) has released AI-specific guidance and one out of two tranches of sweeping and substantive privacy reform amending the Privacy Act 1988 (Cth) (Privacy Act) and related legislation, has been tabled. At the state level, and perhaps most significantly of all for horizon-watchers, there is the reasoning and findings of a ground-breaking investigation by the Office of the Victorian Information Commissioner (OVIC) into a government employee’s use of generative AI (GenAI) tools to produce a sensitive report. OVIC’s report represents the first findings by an Australian regulator about what constitutes ‘reasonable steps’ when it comes to the intersection of AI tools and personal information.