Draft your AI & ADM privacy update — before legal review.
A structured kit for Australian privacy, risk and compliance teams preparing for the 10 December 2026 Privacy Act changes. Inventory your decision systems, draft the disclosures, and hand a defensible first draft to your reviewer.
Does your privacy policy need updating for AI or automated decisions?
From 10 December 2026, APP entities must disclose how computer programs make decisions that significantly affect individuals. If that work is sitting on your roadmap, this kit is for you.
Software that decides who gets access — to credit, insurance, tenancy, employment, or a service.
Pricing, eligibility, or contract conditions shaped by what a system knows about the individual.
The Privacy Act just got teeth.
New automated decision-making rules require Australian businesses to update their privacy policies before December 10, 2026.
APP entities must disclose how automated systems make decisions that significantly affect individuals — in their privacy policies.
The regulator began its first privacy-policy compliance sweep in late 2025, with AI and ADM named as a 2025–26 enforcement priority.
In October 2025 the Federal Court ordered the first civil penalty under the Privacy Act — A$5.8M against Australian Clinical Labs.
A workflow, not a folder of PDFs
Three connected tools that take you from system inventory to a defensible draft, ready for your lawyer's review.
Decision Inventory
Interactive tool that helps you list every system in your business making or substantially supporting decisions about people. Exportable for your team and your reviewer.
Vendor Questionnaire
A ready-to-send template for extracting the disclosure information you need from SaaS vendors. Plus reference guides on the law and common mistakes.
Disclosure Templates
10 industry-specific disclosure templates, editable Word docs, designed to combine into a single privacy-policy section.
How it works
The workflow your team will run anyway
Three steps from blank page to a draft your reviewer can sign off on.
Step 1 · 30 minutes
Inventory
List every system in the business that makes or substantially supports decisions about people. Export the inventory to share with your team.
Step 2 · 1–2 hours
Draft
For each in-scope system, generate disclosure language from the templates and combine them into a single policy section ready to paste into your privacy policy.
Step 3 · your timeline
Review
Hand the draft to your privacy counsel or external reviewer. They review a defensible first draft instead of starting from scratch — faster turnaround, lower bill.
Get to a defensible draft, fast
One-time purchase, lifetime access, licensed per business. Price in AUD.
$97
Decision Inventory tool (interactive, exportable)
Vendor questionnaire template
10 industry-specific disclosure templates
Draft policy worksheet (combines selected disclosures)
Reference guides + common-mistakes guide
Lifetime access with updates
Instant access after purchase
Frequently asked questions
If you have any other questions, feel free to reach out to our support team.
It depends. While businesses under $3M annual turnover are generally exempt from the Privacy Act, you're already covered if you work with larger companies, handle sensitive data (health, finance, children), or trade in personal information. The exemption may also change in future.
OAIC can issue infringement notices up to $66,000 for non-compliant privacy policies. For serious breaches, civil penalties can reach $330,000. Privacy policies are public documents—OAIC reviews them as part of their privacy compliance work.
The kit is built around OAIC's published guidance on APP 1.7/1.8 and the Schedule 1 Part 15 amendments commencing 10 December 2026. Most users have their final policy reviewed by counsel — the kit gets you to a defensible first draft, faster, so the review is shorter and cheaper.
Yes. The kit is licensed per business, not per user. Anyone in your privacy, risk, legal or operations team can use it, and the inventory and draft worksheets are designed to be exported and shared.
The kit includes a simple decision framework and real-world examples across multiple industries. If your software makes or helps make decisions about people using their personal information, it's likely ADM. You can also take our free assessment to find out.
Yes. This is built specifically for Australia's Privacy Act amendments and OAIC requirements. It references the exact Australian Privacy Principles (APPs) and uses OAIC's guidance on what constitutes "significantly affects rights or interests."
The kit includes a step-by-step ADM system identifier checklist, privacy policy templates that meet the new disclosure requirements, an impact assessment framework, and a comprehensive compliance checklist to ensure you've covered all requirements.
Anything that makes — or substantially supports the making of — a decision about a person using their personal information, where the decision could reasonably be expected to significantly affect their rights or interests. Common examples: credit scoring, tenant screening, fraud detection, applicant tracking, identity verification, and dynamic pricing.
Need a lawyer to review the draft?
We can connect you with an Australian privacy lawyer who reviews completed AusPrivacyKit drafts at a flat rate. Useful when sensitive data, multiple systems, or board-level sign-off is involved.