Chelsea Gordon’s Post

This week the Office of the Australian Information Commissioner (OAIC) published two guides about how privacy laws apply to AI. The OAIC has confirmed it is best practice not to enter personal information in publicly available generative AI tools and that Privacy Impact Assessments should be performed before a new #AI system is introduced. We've summarised the key takeaways from the first guide to help Australian Privacy Principle Entities (APP Entities) deploy AI systems in a way that complies with their privacy obligations. Find out more: https://lnkd.in/gnTZZuPD Authors: Chelsea Gordon, Sam Burrett

Many believe Generative AI has huge potential but also poses privacy risks. By adhering to best practices, users can benefit from these tools while reducing harm. Collaboration between users, technology developers, and regulators is key to addressing privacy issues without hindering progress in this area. Looking at the approach adopted by the Office of the Australian Information Commissioner aids in shaping our local governance needs. 

If you were wondering whether you need to do a Privacy Impact Assessment before deploying AI in your organisation, the answer is a resounding "YES". For more tips on privacy compliant AI use, read our summary of the OAIC guidance. #AI #privacy

Number 2 below is particularly of note! Using commercially available AI: The key takeaways: 1. Privacy obligations apply to personal information entered into, and output generated by, AI (if that output it contains personal information). APP Entities must embed privacy into their selection and use of any AI system that interfaces with personal information. That includes AI systems trained or tested on personal information, as well as those that will generate outputs containing personal information. 2. Even incorrect AI generated information about a reasonably identifiable individual will constitute personal information, and must be managed accordingly. This includes hallucinations. 3. Privacy Policies and Collection Notices should clearly outline when and how AI will access and use an individual's personal information, to enable informed consent. 4. Use of AI to generate or infer personal information must comply with Australian Privacy Principle (APP) 3 in relation to collection of personal information. 5. In accordance with APP 6, Personal Information should only be used or disclosed to AI for: the primary purpose for which it was collected (which should be narrowly framed), or otherwise with consent, or where the APP Entity can establish secondary use would be reasonably expected by the individual, and is related (or for sensitive information is directly related) to the primary purpose. In order to establish the secondary use was reasonably expected, best practice is to outline the proposed use in the APP Entity's Collection Notice and Privacy Policy. 6. The OAIC has explicitly confirmed it is best practice not to enter personal information in publicly available generative AI tools, such as chatbots. Thanks Sonja Read and MinterEllison for the summary of OAIC guidance on Privacy Impact Assessments before deploying AI 👇

As more and more businesses incorporate AI into their systems and processes, it's critical to consider potential privacy implications and compliance. OAIC guides are now available to assist APP entities navigate how privacy laws apply when these tools are used - we have summarised the 5 key takeaways from the first guide.

Get ready for PrivacyNama 2024. This time, we are delving into the intersection of Artificial Intelligence (AI) and data privacy. Join us for insightful discussions on AI and its potential impacts on privacy, sovereign AI, and data privacy in the global south. Claimed to be a technological resolution, the rise of AI may require us to rethink and rework our existing laws and norms on privacy. You can find more information here. https://lnkd.in/dMCVDTHX We'll discuss this and more at PrivacyNama 2024, on October 3rd and 4th. You can register to attend the event virtually here: Register to attend in person here: https://lnkd.in/dr5KadKp    #PrivacyNama2024 #AI #DataProtection #TechPolicy #PrivacyRights

Colorado lawmakers target AI, social media and online data privacy - Axios: Colorado lawmakers target AI, social media and online data privacy  Axios http://dlvr.it/T5rVlw #ai #artificialintelligence

Interested in AI-powered tools but unsure how to implement them ethically? Read the first article in BDO’s Ethical AI and Privacy series to get started. #ArtificialIntelligence #DataPrivacy https://bdo-usa.co/3Aw1LQB

#BREAKING The Office of the Australian Information Commissioner has this morning published it’s new AI privacy guidance. A key recommendation (unsurprisingly) is that organisations do not enter personal information, and particularly sensitive information, into publicly available generative AI tools, due to the significant and complex privacy risks involved. Organisations need to ensure their privacy and AI policies align to protect sensitive business and personal information, both in the use and the development of AI products. #ai #privacy #guidance #australia

The Office of the Australian Information Commissioner has released 2 new guides for businesses that articulate how Australian privacy law applies to artificial intelligence (AI) and set out our expectations as the regulator. Work for a business? The first guide will make it easier for business to comply with your privacy obligations when using commercially available AI products and help you to select an appropriate product: https://lnkd.in/gq4Qr-47 Developing AI products? The second guide provides privacy advice around using personal information to train generative AI models: https://lnkd.in/g6BTg5cw Privacy Commissioner Carly Kind said: ‘Our new guides should remove any doubt about how Australia’s existing privacy law applies to AI, make compliance easier, and help businesses follow privacy best practice.’ This guidance should therefore be considered together with the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles guidelines. Are your practices, procedures and systems managed and operating effectively? If you need some support, reach out to Digital Human Assistants and book an appointment today - https://lnkd.in/gRPDET6x Paul Edginton Ricky Sydney