Australian businesses can now refer to a comprehensive list of best practices when leveraging commercial AI products. The Office of the Australian Information Commissioner (OAIC) has recently published guidance on the use of commercially available AI products, offering valuable insights and recommendations for organizations.

This document, released on October 21, sheds light on the obligations that businesses have when utilizing personal information in the context of off-the-shelf AI products. From chatbots to productivity tools and image generators, the guidance covers a wide range of AI applications and provides detailed recommendations on how to ensure compliance and data protection.

The guidance outlines best practices that encompass critical considerations throughout the deployment lifecycle of AI products. These include selecting an AI product, implementing privacy by design principles, ensuring transparency requirements, and addressing data privacy and accuracy risks associated with AI technologies.

Five Primary Privacy Recommendations When Using AI

The guidance document highlights five key privacy recommendations for businesses using AI:

1. Privacy requirements apply to both personal information input into an AI system and any data output generated by AI.
2. Businesses should update their privacy policies to provide clear and transparent information about their use of AI, including identifying public-facing AI tools to external users such as customers.
3. AI systems that generate or infer personal information are considered to collect personal information and must comply with privacy regulations.
4. Organizations should minimize the use of personal and sensitive information in public-facing AI tools to mitigate risks.
5. When using personal information in AI systems, entities must adhere to the principles outlined in the Australian Privacy Principles guidelines.

While the guidance applies to all AI systems involving personal information, it is particularly relevant for generative AI and general-purpose AI tools, as well as other high-risk AI applications. Businesses are encouraged to incorporate these recommendations into their AI strategies to enhance data protection and compliance.

It’s important to note that this document does not cover all privacy issues related to AI use but should be considered in conjunction with Australia’s Privacy Act and Privacy Principles guidelines. By adopting these best practices, businesses can harness the power of AI technologies while safeguarding customer data and privacy.