Using AI tools in your business doesn't exempt you from privacy obligations — in many cases, it creates new ones. Australia's Privacy Act 1988 and the Australian Privacy Principles (APPs) apply to the collection, use, and disclosure of personal information, regardless of whether that information is being processed by a human or an AI system. Getting this right is both a legal requirement and increasingly a commercial expectation.
The Privacy Act applies to any organisation with annual turnover above $3 million, and to all private health service providers and credit providers regardless of size. The key obligations when using AI tools with personal data include: APP 3 (collection — only collect what you need for a specified purpose); APP 6 (use — don't use personal data for a different purpose than it was collected for without consent); APP 8 (offshore disclosure — specific obligations apply when personal data is sent offshore, including to US-based AI tools processing data on US servers); and APP 11 (security — take reasonable steps to protect personal data from misuse, interference, loss, and unauthorised access or disclosure). The Privacy Act reforms that came into effect in 2024 increased maximum penalties to $50 million or 30% of adjusted turnover — making compliance more important than ever.
The Office of the Australian Information Commissioner (OAIC) published guidance in late 2024 confirming that feeding personal information into AI tools constitutes a "disclosure" under the Privacy Act if that data leaves your organisation's control. This means using standard ChatGPT (not Team/Enterprise) with customer data is likely to be non-compliant. Practical compliance steps include: audit which AI tools staff are using and what data they're using them with; establish a clear policy on what data can and cannot be processed by which AI tools; ensure contracts with AI vendors include appropriate data processing agreements; and implement technical controls to prevent personal data being inadvertently uploaded to consumer AI tools. Cornerstone AI Partners can help you build a compliant AI usage framework.
End-to-end AI services from strategy through to implementation and ongoing optimisation.
Honest assessment of where AI will genuinely move the needle in your business. A clear, prioritised roadmap you can actually execute.
Eliminate repetitive, time-consuming tasks. We design and deploy intelligent automations that free your team for higher-value work.
Turn your business data into actionable intelligence. AI-powered analytics that surface insights you can't see in spreadsheets.
Build genuine AI capability across your team. Practical, role-specific training that gets people using AI effectively — not just aware it exists.
Purpose-built AI systems for processes where off-the-shelf tools don't fit. Tailored to your data, your systems, and your competitive requirements.
Real engineering behind every engagement. We build integrations that are robust, maintainable, and tailored to your existing stack.
We work alongside your team, not just for you. Your goals are our goals — we succeed when your business does.
We measure success by business impact — time saved, revenue unlocked, processes transformed — not lines of code deployed.
Book a free discovery call and let's find the AI opportunity in your business.
Book a Free Discovery Call