Skip to content
LegalVision

What are My Business’ Privacy and Data Obligations if I Use AI Tools?

Avatar photo

By Elise Willett
Lawyer

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn

In Short

  • Utilising AI within a business requires careful consideration of privacy concerns and data protection laws.
  • Compliance with relevant privacy regulations is crucial when using AI to process personal data.
  • Businesses should implement robust measures to ensure data security and mitigate privacy risks associated with AI technologies.

Tips for Businesses

To address privacy issues when using AI, conduct thorough risk assessments and ensure compliance with data protection laws. Establish clear data handling policies and invest in robust security measures. Engage in regular audits and staff training to stay updated on evolving privacy regulations and technological developments in AI.

Summarise with: ChatGPT logo ChatGPT Perplexity logo Perplexity Microsoft Copilot logo Microsoft Copilot
Table of Contents

The integration of artificial intelligence (AI) tools can profoundly transform businesses, paving the way for enhanced customer experiences, elevated productivity, and innovative breakthroughs. As the capabilities of AI continue to expand, using these sophisticated tools in the everyday operations of your business will provide countless benefits. However, you must be conscious of your privacy and data obligations as a business owner using AI tools.

You must balance the pursuit of technological advancement against your ethical and legal obligations of data protection and privacy. This article will explore best practices to implement for the secure and responsible management of information within your business. 

Data Privacy Risks with AI Tools

Deploying AI tools in your business can raise cybersecurity issues. This is particularly because AI models generally process extensive amounts of data, including confidential or sensitive information. These AI programs can become prime targets for cyber-attacks. A data breach within AI frameworks can involve:

  • exposure of confidential or sensitive information; 
  • posing risks of identity theft;
  • substantial financial repercussions; and 
  • brand damage.

AI models typically do not make assurances or guarantees to their customers in their terms of use document regarding safe customer data processing and storage. As a user, this places the responsibility on you to implement precautionary measures to mitigate data breach risk. 

As best practice, avoid inputting confidential or sensitive information into AI systems. If you must, you should use data protection measures. For instance, ensure you have de-identified the data to conceal personal information or have obtained written consent from any persons whose data you are disclosing.

Remember that AI models are trained on any data fed to them. Accordingly, this could expose confidential or sensitive information logged into the system and may inadvertently disclose this information in its output. To minimise your risk when setting up an account, we recommend that you opt out of allowing your data to be used to train the AI model.

Confidentiality Obligations

When engaging in contracts with third parties, be mindful of your contractual confidentiality obligations. This is especially relevant when it comes to your use of and interaction with AI models. Inputting confidential information into an AI model can be considered a breach of confidentiality if you have signed a non-disclosure agreement (NDA) or an agreement with confidentiality clauses. As the use of AI gains traction, the terms of confidentiality agreements are evolving to include the use of AI models as prohibited channels for disclosure.

Continue reading this article below the form
Loading form

Australian Privacy Principles (APPs)

You should adopt best practices in your business when handling personal information. Importantly, be aware of the APPs (even if your business is not required to comply with the Privacy Act 1988 (Cth)). The APPs provide rigorous guidelines for handling and managing personal information, which you must consider when deploying AI tools in your business.

APP 6

This principle focuses on ‘Use and Disclosure’, requiring businesses to only use and disclose personal information for the reason it was collected, that is, the ‘primary purpose’. The APPs prohibit using or disclosing personal information for a secondary purpose unless a specific exception applies. These exceptions can involve obtaining individual consent or the use or disclosure required by law or a court order. Using or disclosing information to train an AI model is typically considered a secondary purpose. Accordingly, unless an exception applies, you cannot use or disclose information for this purpose.

APP 8

This principle focuses on ‘Overseas Disclosure’. It means that you must take reasonable steps to ensure the AI model complies with the APPs even when it predominantly stores data overseas. Again, there are some exceptions to this, including if required by law or if an individual has granted consent.

APP 11

APP 11, themed ‘Security’, mandates businesses to safeguard collected information by taking reasonable steps to protect it from any: 

  • misuse;
  • interference; 
  • loss; 
  • unauthorised access; 
  • modification; or 
  • disclosure. 

You must be careful when choosing AI tools for your business and perform your due diligence to ensure the AI tools have policies and procedures to safeguard any data they store.

Be sure to regularly review your privacy policy to clearly articulate your business’ position on privacy, as well as your use of AI and its interaction with the personal information of your customers.

Front page of publication
AI Art: Your Legal Considerations Factsheet

This fact sheet outlines your rights and obligations as an AI artist regarding intellectual property and copyright.

Download Now

Key Takeaways

When leveraging the capabilities of AI tools within your business, ensure you are upholding your privacy, data and cybersecurity obligations. The vast benefits of AI use also come with an increased risk of data breaches and cyber-attacks. Be sure to avoid or minimise the input of confidential or sensitive information into AI systems; comply with confidentiality obligations in all binding agreements; adhere to the APPs if you are an APP entity (or as best practice for non-APP entities); and maintain comprehensive privacy policies.

If you need help understanding your obligations when using AI tools, our experienced AI lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.

Frequently Asked Questions

What are the data privacy risks with AI in business?

AI tools process large amounts of sensitive data, making them vulnerable to cyber-attacks. These breaches can expose confidential information, lead to identity theft, cause financial losses, and harm brand reputation. Businesses should mitigate these risks by opting out of data being used for AI training.

How should businesses comply with the Australian Privacy Principles (APPs) when using AI?

Businesses should adhere to APPs by using personal data only for its intended purpose (APP 6) unless exceptions apply. They must ensure AI data handling, including overseas storage, complies with APPs (APP 8) and take steps to protect data from misuse (APP 11). Regularly updating privacy policies helps ensure compliance.

Register for our free webinars

Demystifying M&A: What Every Business Owner Should Know

Online
Understand the essentials of mergers and acquisitions and protect your business value. Register for our free webinar.
Register Now

Social Media Compliance: Safeguard Your Brand and Avoid Common Pitfalls

Online
Avoid legal pitfalls in social media marketing and safeguard your brand. Register for our free webinar.
Register Now

Building a Strong Startup: Ask a Lawyer and Founder Your Tough Questions

Stone & Chalk Tech Central, Level 1 - 477 Pitt St Haymarket 2000
Join LegalVision and Bluebird at the Spark Festival to ask a lawyer and founder your startup questions. Register now.
Register Now

Construction Industry Update: What To Expect in 2026

Online
Stay ahead of major construction regulatory changes. Register for our free webinar.
Register Now
See more webinars >
Elise Willett

Elise Willett

Lawyer | View profile

Elise is a Lawyer at LegalVision with previous experience in Commercial, Corporate and Estate Planning law. She also has experience in the Wealth Management and Finance sector. Elise provides expert advice to commercial clients, particularly startups and SMEs, on a range of commercial matters.

Qualifications: Bachelor of Laws, Bachelor of Arts, University of Sydney, University of Wollongong, Master of Laws, College of Law.

Read all articles by Elise

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

How Do I Comply With the Artificial Intelligence (AI) Ethics Framework?

How the Emergence of Artificial Intelligence Impacts the Law

Intellectual Property and Artificial Intelligence: Who Owns What?

3 Employment Agreement Considerations for a Tech Business

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards