A practical checklist for AI projects against the 13 Australian Privacy Principles, covering collection, security and cross-border disclosure.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
A practical checklist against the 13 Australian Privacy Principles keeps AI projects out of trouble. Run through these before you build.
| Item | Detail |
|---|---|
| Map the data | What personal information does the AI touch, and whose? |
| Collection & notice | Is collection limited and notified (APP 3, APP 5)? |
| Overseas disclosure | Will data go overseas? (APP 8 accountability) |
| Security | Is the data secured and access-logged (APP 11)? |
| Automated decisions | Plan for APP 1.7 disclosure (from Dec 2026) |
Before you build
Map what personal information the AI will touch and whose it is; confirm collection is limited to what you need and that you have given the required notice (APP 3 and APP 5); and decide whether data will be disclosed overseas, which engages APP 8 accountability.
Security and decisions
Apply reasonable security and access controls under APP 11, with audit logging. If the AI makes decisions that significantly affect people, plan for the APP 1.7 transparency disclosure that commences in December 2026 and document the factors the model uses.
Residency and governance
Decide where data is processed and how it is secured. osFoundry’s managed cloud pins data to the US, EU or Japan — it does not currently offer an Australian managed region. For data that must stay in Australia, the honest path is self-hosting osFoundry (BYO Cloud) inside an Australian cloud region such as AWS (Sydney or Melbourne), Microsoft Azure (Australia East, Australia Southeast or Australia Central in Canberra) or Google Cloud (Sydney or Melbourne), or running models locally on-device. For sensitive data, a self-hosted or Australian-region setup simplifies the privacy story. Adopting the Voluntary AI Safety Standard’s guardrails rounds out the governance.
Where dgm fits
dgm is an independent integration partner that helps Australian businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.