Regulatory Update - Going forward: preparing for a new regulatory era
As Australia’s regulatory landscape continues to evolve, organisations across all sectors, particularly those operating in technology, insurance, and compliance, should anticipate increased scrutiny from regulators around privacy, cybersecurity, and AI governance. The OAIC’s GenAI Guidance, AI Guidance and FRT Guidance signals a clear shift from reactive compliance to proactive accountability.
To remain compliant and resilient, businesses are encouraged to take the following steps:
- strengthen its privacy frameworks by regularly reviewing and updating their privacy frameworks, ensuring alignment with the Privacy Act, including data retention and breach response protocols.
- enhance their security posture by implementing robust security controls, including incident response, ransomware preparedness, and backup and recovery capabilities to protect sensitive datasets and AI systems.
- assess and strengthen their security posture, including incident response plans, ransomware preparedness, and backup and recovery capabilities.
- audit any AI and ADM systems by evaluating the use of AI and ADM tools, ensuring they are explainable, auditable, and privacy-compliant.
- update processes to reflect the introduction of a statutory tort for serious invasions of privacy, which will provide individuals with a direct legal avenue for redress. Organisations should proactively mitigate risk by conducting privacy impact assessments, reviewing data handling practices, and updating privacy notices.
- embed governance into AI development to ensure any use of personal information for AI training is either clearly within the scope of the primary purpose or supported by valid consent.
- promote transparency and trust through clearly communicating about data use, especially in high-risk contexts such as GenAI and FRT, which is also a strategic imperative and supports responsible innovation.
The window for preparation is now. Organisations that act early will not only reduce legal and reputational risk but also demonstrate leadership in privacy and data governance. Businesses are encouraged to integrate these principles into their operation and technical frameworks to ensure sustainable, ethical and compliant deployment of emerging technologies, including AI.
This publication constitutes a summary of the information of the subject matter covered. This information is not intended to be nor should it be relied upon as legal or any other type of professional advice. For further information in relation to this subject matter please contact the author.
Stay updated with Gilchrist Connell’s news and insights, zero spam, promise.
We acknowledge the Traditional Custodians throughout Australia and their connection to land, culture, waters and skies. We pay our respect to the communities, the people, and Elders past, present and emerging.
Liability limited by a scheme approved under Professional Standards Legislation. Legal Practitioners employed by and the directors of Gilchrist Connell Pty Ltd are members of the scheme.