6.  Privacy protection and security

Under Australia's AI Ethics Principles, AI systems should throughout their lifecycle respect and uphold privacy rights and data protection, and ensure data security.

For each of the following questions, indicate either yes, no or N/A, and explain your answer.

6.1    Minimise and protect personal information

Are you satisfied that any collection, use or disclosure of personal information is necessary, reasonable and proportionate for your AI use case?  
See guidance on data minimisation and privacy enhancing technologies.

6.2    Privacy assessment

Has the AI use case undergone a Privacy Threshold Assessment or Privacy Impact Assessment?

6.3    Authority to operate

Has the AI system been authorised or does it fall within an existing authority to operate in your environment, in accordance with Protective Security Policy Framework (PSPF) Policy 11: Robust ICT systems?

Engage with your agency’s IT Security Adviser and consider the latest security guidance and strategies for AI use (such as Engaging with AI from the Australian Signals Directorate).

7. Transparency and explainability

Next page

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession