Key points in the letter include:
- The importance of protecting client privacy
- A reminder about onboarding and offboarding staff according to their current and specific job requirements
- Careful and considered use of generative AI.
Danny included the Funded agency advisory on Generative AI applications and the Third Party Standard.
The advisory describes AI applications such as chatbots, image generators and productivity tools. It outlines risks such as data exposure, non-compliance with data protection requirements and data integrity issues.
Funded organisations must not:
- Enter client information and case notes into public GenAI applications
- Use AI to capture meeting discussions if the meeting refers to client information (for example notes transcribed by a GenAI tool such as Otter.ai or read.ai).
The Third Party Standard outlines the departments’ expectations of all third parties including service providers that are engaged to work with the departments’ IT, information, and data.
For more information go to Information Security and Funded Agencies https://dhhsvicgovau.sharepoint.com/sites/VPDSS.
You will need to request access from the DFFH Cybersecurity team to access this page. For further information please email vpdss.infosec@dhhs.vic.gov.au.