Personal information and AI tools: five questions every Australian business must ask

The gap between what businesses assume and what the law requires

Most Australian businesses understand, in general terms, that they have to be careful with personal information. What's less widely understood is that those obligations don't pause when you're using an AI tool to process that information. You remain responsible for what happens to personal data that you collect — regardless of what tool you use to handle it.

Under the Privacy Act 1988 and the Australian Privacy Principles (APPs), the obligation to protect personal information belongs to the entity that collected it. Handing data to an AI tool doesn't transfer that responsibility. It extends your exposure.

Before entering personal information into any AI tool, run through these five questions. They're not legal theory — they're practical checkpoints that should be part of your team's normal workflow.

Q1: Is this actually personal information?

The definition of personal information under the Privacy Act is broader than most people expect. It covers any information or opinion about an identified individual, or an individual who is reasonably identifiable. That means:

• Names, addresses, email addresses, phone numbers
• Health information, financial details, employment records
• IP addresses, location data, device identifiers
• Photographs and voice recordings
• Information that could be combined with other data to identify someone

A client's first name alone might not be personal information. A client's first name plus their employer, role, and the matter you're working on together almost certainly is. Context matters. When in doubt, treat it as personal information.

Q2: Are we authorised to use it this way?

Under APP 6, personal information collected for one purpose generally cannot be used or disclosed for a different purpose without consent. If you collected a client's information to provide a specific service, using it as training data for an AI tool, or running it through a third-party AI system as part of an unrelated workflow, may not be a permitted secondary use.

Ask: did the individual whose information this is reasonably expect it to be entered into this AI system? If the answer is no — or you're not sure — that's a problem you need to resolve before proceeding.

Q3: Where will this data go — and who will see it?

Most AI tools are cloud-based, and many are operated by overseas companies. Under APP 8, before you disclose personal information to an overseas recipient, you must take reasonable steps to ensure the recipient handles it in accordance with the APPs — or you must obtain the individual's consent to the overseas disclosure.

This means you need to know, for every AI tool that handles personal information:

• Where the vendor's servers are located
• Whether there are sub-processors who also receive the data, and where they are located
• Whether there is a data processing agreement in place that requires compliance with Australian privacy standards

"The vendor has a privacy policy" is not the same as "reasonable steps have been taken." You need to actually assess the arrangement.

Q4: Could this data be used to train the AI model?

This question catches a lot of businesses off guard. Many free and low-cost AI tools use user inputs to improve their models. If personal information goes into a prompt, it could end up — in processed form — influencing future model outputs. Once data is used for training, it cannot be meaningfully deleted.

Enterprise versions of the same tools typically turn off training on user data. But you need to verify this explicitly, not assume it. Check the vendor's terms of service, look for a data processing agreement option, and confirm in writing if the answer matters to your risk profile.

If the vendor can't clearly confirm whether your data is used for training, that's your answer.

Q5: What happens if there's a breach?

Under the Notifiable Data Breaches scheme, if personal information held by your business (including by a third-party processor on your behalf) is subject to an eligible data breach, you may be required to notify the OAIC and affected individuals. This obligation doesn't disappear because the breach happened at the vendor's end.

Before entering personal information into any AI tool, confirm:

• The vendor has a breach notification process and will notify you promptly
• You have a process for assessing whether a vendor-side breach triggers your own NDB obligations
• Your AI Incident Response Plan covers this scenario

What to do if the answer to any question is "I don't know"

"I don't know" is a legitimate answer — but it's a reason to pause, not to proceed. If you can't answer one of these questions, you have three options:

1. Find out. Read the vendor's terms of service and privacy policy. Ask your vendor directly. Request a data processing agreement.
2. Remove the personal information. If you can do the task without including the personal details, do it that way. Anonymise or de-identify the data before it goes into the tool.
3. Don't use the tool for this purpose. Some tasks genuinely shouldn't be done with the tool you have available. That's not a failure — it's good risk management.

The pressure to use AI tools to work faster is real. But the obligation to protect personal information doesn't bend to efficiency pressures. Building these five questions into your team's workflow takes about 30 seconds — and it's significantly cheaper than managing a privacy breach.

Make it a habit, not a project

These questions work best when they become automatic — part of how your team thinks about AI use, not a compliance checklist that comes out once a year. The businesses that handle personal information and AI well are the ones that have normalised the habit of pausing to ask before they enter.