DFFH urges all funded organisations across Victoria to implement enhanced privacy controls, as detailed in Deputy Secretary Danny O’Kelly’s letter dated 7 May 2025. He stressed the need to follow clause 17 of the service agreement and revealed a funded agency advisory on generative AI accompanied by a third-party standard.
Deputy Secretary Danny O’Kelly emphasised that the advisory clearly states that organisations “must not enter client information and case notes into public GenAI applications” and “must not use AI to capture meeting discussions if the meeting refers to client information.”
The department proudly announces a stronger commitment to implementing robust data governance and cybersecurity protocols for all funded agencies that handle sensitive public sector information. This initiative aligns with the Third Party Standard and includes data sharing, cloud storage, data infrastructure, and the use of artificial intelligence. DFFH has issued an advisory, emphasising its dedication to managing data collections, promoting collaboration, and improving digital government frameworks to tackle gaps in data silos and protect public trust.
The Service Agreement sets clear and enforceable obligations concerning privacy. Clause 17 requires organisations to implement the Information Privacy Principles, the Health Privacy Principles, and relevant VPDSS standards when managing public sector data. DFFH has issued two definitive controls in conjunction with the COPL letter. The correspondence featured the advisory from the funded agency about Generative AI applications and the standards for third parties. The advisory highlights potential risks tied to artificial intelligence, such as data exposure, non-compliance with data protection regulations, and issues related to data integrity.
Check Out: “ASIC shields consumer credit data privacy”
The Victorian government strengthens the advisory framework with its comprehensive GenAI policy. Personnel in the public sector must share only “publicly available information” with accessible Generative AI tools, as outlined in the guidance on Generative AI. Entering any public sector information that exceeds the protective marking set by their agency is not allowed. Apply these guidelines in acquiring GenAI services and managing Data Collection and Data sharing protocols. The Third Party Standard boosts assurance and contract obligations for every vendor and subcontractor.
DFFH’s public statement clarifies that the Third Party Standard “outlines the departments’ expectations of all third parties including service providers that are engaged to work with the departments’ IT, information, and data.”
Agencies must ensure that third parties securely collect, hold, manage, use, disclose, or transfer public sector information, as mandated by VPDSS Standard 8. Prepare for contractual provisions that clearly outline the obligations of clause 17 concerning data governance controls and vendor security evaluations. Offshore data transfers in cloud storage face various limitations and constraints.
The new direction sets clear expectations with no room for doubt. Executives must integrate data governance into the operations of every funded partner. Organisations must incorporate provisions in their agreements to uphold VPDSS Standard 8 and ensure third-party security for public sector information. Implementing technical controls, encryption, logging, cloud storage safeguards, and controlled data sharing has become essential.
OVIC has issued a compliance notice concerning DFFH’s use of ChatGPT, highlighting regulators’ dedication to enforcing violations of IPP 3.1 and IPP 4.1 with binding remedies. Organisations must clearly demonstrate their oversight of data infrastructure, collaborative efforts, the use of artificial intelligence, and data collection methods. Failing to comply can result in legal action, contract termination, and damage to reputation. Public sector leaders must quickly adjust to the evolving digital government landscape or face potential repercussions.
Public Spectrum is the first knowledge-sharing platform in Australia to embrace the entire public sector. This website is a platform where you can connect, collaborate, empower, inspire, and upskill with public sector professionals.
Latest
Popular