New Review considers how agencies are incorporating AI/ADM into their transparency and accountability policies

 

The Information Commissioner and the Privacy Commissioner have today published a new desktop review of documented AI or ADM use within Agency Information Guides (AIGs) and Privacy Management Plans (PMPs).

The Information Commissioner and the Privacy Commissioner sought to examine and understand the extent to which regulated entities are incorporating the use of AI and ADM technologies into their AIGs and PMPs.

The review included 119 agencies from across the NSW public sector and focused on three key questions relating to transparency, notification and accountability.

Overall, the review found that only a small portion of agencies had included information about the use of AI or ADM within their AIGs or PMPs. 

Information Commissioner, Emeritus Professor Rosalind Croucher AM, said, ‘NSW agencies play a crucial role in the provision of access to government-held information. This includes when using AI or ADM within, and to support, their functions.

‘The findings of this review indicate that the majority of agencies sampled were not yet documenting information about AI or ADM use within their AIGs – whether they do so, and to what extent. This lack of transparency represents a potential compliance risk because the GIPA Act requires agencies to proactively publish information about the way their functions are carried out.

‘I encourage all agencies within NSW to review and update their AIGs to ensure that any current uses of AI or ADM are clearly documented in the interests of transparency.’

Privacy Commissioner, Sonia Minutillo, said, ‘PMPs required to be prepared and implemented under the PPIP Act are an important element and input of an agency’s governance. They communicate to the public how agencies collect, store, use, and disclose personal information.

‘The large number of sampled agencies that did not reference AI or ADM in their PMPs may limit transparency to individuals around how their personal information is managed. 

‘Integrating AI and ADM information into PMPs enhances public trust and confidence in an agency's ability to effectively manage privacy, especially when adopting innovative and developing technologies.’ 

The review makes six recommendations to agencies to promote compliance with the GIPA Act and PPIP Act and to promote transparency, visibility and accountability of AI or ADM use among regulated sectors.

The review is available for download via the IPC website.

 

ENDS

 

For further information, please contact:

The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent integrity agency that supports the NSW Information Commissioner and the NSW Privacy Commissioner.  Its vision is that privacy and access to government information are valued and protected in NSW. The Information Commissioner is the chief executive of the Commission. 

About the NSW Information Commissioner 

Emeritus Professor Rosalind Croucher AM was appointed as the Information Commissioner in June 2025. The NSW Information Commissioner’s statutory role includes promoting public awareness and understanding of the Government Information (Public Access) Act 2009 (GIPA Act); providing information, advice, assistance and training to agencies and the public; dealing with complaints about agencies; investigating agencies’ systems, policies and practices; and reporting on compliance with the GIPA Act.

The Government Information (Information Commissioner) Act 2009 (GIIC Act) establishes the procedures for appointing the Information Commissioner and sets out the Commissioner's powers and functions. It outlines the method for people to complain about the conduct of agencies when undertaking their duties under the GIPA Act, and the way in which the Information Commissioner may deal with the complaint. The GIIC Act also enables the Information Commissioner to investigate and report on how agencies carry out their functions under the GIPA Act.

About the NSW Privacy Commissioner

Ms Sonia Minutillo was appointed as the Privacy Commissioner in March 2025. As Privacy Commissioner, her role includes the promotion of public awareness and understanding of privacy rights in NSW, as well as providing information, support, advice and assistance to agencies and the public.

The Privacy Commissioner administers the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).

For further information about the IPC visit our website at www.ipc.nsw.gov.au 

IPC Media Release - Desktop Review of Documented AI or ADM Use within AIGs and PMPs – 17 November 2025
Aboriginal and Torres Strait Islander Flags
We acknowledge Aboriginal and Torres Strait Islander peoples as custodians of Australia and pay our respects to Elders, past and present. We also acknowledge the ongoing connection to land, sea and communities throughout Australia, and the contributions to the lives of all Australians. 

IPC logo.

© IPC

CC logo

Navigate

Useful links

IPC Social Media

   Linkedin

 

IPC Social Media Terms of Use