Australia: Office of the Australian Information Commissioner (OAIC) published guidance regarding Generative AI tools in workplace

On 4 December 2025, the Office of the Australian Information Commissioner (OAIC) published guidance outlining the privacy risks and management strategies for businesses integrating Generative AI (GenAI) tools in workplaces. The guidance highlighted that GenAI use presents challenges for personal information protection, reminding entities subject to Australia's Privacy Act to avoid inputting sensitive data into publicly available GenAI tools due to control difficulties. Businesses must actively manage privacy risks. Such risks encompass disclosure, secondary uses, new collections, and the security and accuracy of personal information. Practical steps detailed include conducting Privacy Impact Assessments, developing internal policies, and restricting personal information uploads to public GenAI products when risks are high. The OAIC underscored the need for staff education on responsible GenAI use and managing privacy settings for organisational licences to ensure legal compliance.