Robert Gregory
Rob is an experienced commercial lawyer who advises Australian and international public, private and for‑purpose clients across education, technology, media, telecommunications and consumer law.
View profileGenerative AI, including ChatGPT is becoming common in all facets of personal, professional and public life. While, used well, it can be a powerful tool to improve communication and efficiency, it also carries with it a range of risks, including risks to the collection and handling of personal and sensitive information. Public sector organisations in particular need to be conscious of these risks and bring a curious and informed mind to the way these tools are integrated into their operations.

To assist with this, the Office of the Victorian Information Commissioner (OVIC) has recently issued a public statement concerning the use of personal information with ChatGPT (Statement). The Statement sets out OVIC’s views and recommendations to Victorian Public Service (VPS) organisations and personnel regarding how they should be utilising and interacting with generative artificial intelligence (genAI).
The following aspects of the Statement may be of interest to VPS personnel who operate with some level of dependency on genAI, or those who are considering implementing processes which introduce a level of genAI.
Chat Generative Pre-Trained Transformer, better known as ChatGPT, is a platform developed by OpenAI (a U.S. based artificial intelligence research organisation) which responds to inputs from the user and generates human-like text as it’s output.
With each input given to the platform, ChatGPT further trains its Large-Language Model (LLM) to detect patterns, context and meaning of text. The platform will then incorporate its learnings into any future output, securing a perpetual and ever increasingly accurate output. Such output is most likely to be related to the prompt, word by word.
OVIC have taken a strict approach to its recommendations within the Statement. The position that they have taken is to approach with caution, as the use of personal information with ChatGPT raises significant privacy concerns and could contravene several Information Privacy Principles (IPP) contained in Schedule 1 to the Privacy and Data Protection Act 2014 (Vic) (PDP Act). By way of example, OVIC have provided the following use cases which they believe pose a risk in this regard:
In the Statement, OVIC recommends the following;
OVIC have otherwise recommended that VPS Personnel and contracted service providers limit their use of ChatGPT to public sector information that is already publicly known, or if disclosed would not cause any harm to an individual or damage to an organisation.
The practicality of the response from OVIC in this statement has created a helpful guideline for employees and contractors of public and private clients alike. Prior to any submission to ChatGPT or other similar genAI platform, it is important to consider the sensitivity of the data and whether any document contains personal information. If there is any personal information included within their input, the employee should restrict any reliance on any genAI platform, and otherwise follow the recommendations of OVIC.
Don’t hesitate to contact a member of Maddocks Victorian Privacy, Data and Information Law team with any queries or if you’d like to discuss any aspect of your organisations cyber or privacy governance or operations further.
Rob is an experienced commercial lawyer who advises Australian and international public, private and for‑purpose clients across education, technology, media, telecommunications and consumer law.
View profileGeorgia is an experienced commercial lawyer advising government, professional services and education organisations.
View profileKeep up to date with our legal insights and events
Sign upOAIC determinations clarify privacy obligations for organisations using tracking pixels.
Targeted changes are now in place for approvals, strategic assessments, information sharing and advisory processes.
The Court addressed the proper approach to assessing both economic and cultural loss.
In June, the Attorney-General tabled the Australian Law Reform Commission’s Final Report...
Partner
Sector Leader - Education
Melbourne