Last updated:
New South Wales has a well-established privacy framework and is rapidly developing AI governance for education. Our platform is designed to align with the PPIP Act, the NSW AI Assurance Framework, and the AssessedIT catalogue requirements.
Regulated by the Information and Privacy Commission NSW (IPC)
Mandatory — Mandatory data breach notification has been in effect since November 2023. NSW public sector agencies, including government schools, must notify the IPC and affected individuals of eligible data breaches likely to result in serious harm.
NSW AI Assurance Framework (AIAF) — The NSW AI Assurance Framework provides a structured approach to assessing and governing AI use across government agencies, including education. It covers risk assessment, accountability, transparency, and fairness requirements for AI-powered tools used in schools.
Here's the process your school follows to adopt a new platform in New South Wales. We'll support you at every step.
Your school identifies the platform through the AssessedIT catalogue or the Online Learning Tools Marketplace (available from Term 3 2025). These are the approved procurement channels for NSW government school technology.
For AI-powered tools, the vendor must demonstrate alignment with the NSW AIAF. This covers risk classification, transparency, human oversight, and accountability requirements specific to AI in education.
Schools complete the DET NSW Due Diligence Vendor Checklist, which evaluates data handling, security controls, privacy compliance, and suitability for the school context. We provide pre-filled documentation to support this step.
Once the vendor checklist and AI assessment are complete, schools can deploy the platform with their wellbeing teams. Ongoing compliance is monitored through regular review cycles.
Your school identifies the platform through the AssessedIT catalogue or the Online Learning Tools Marketplace (available from Term 3 2025). These are the approved procurement channels for NSW government school technology.
For AI-powered tools, the vendor must demonstrate alignment with the NSW AIAF. This covers risk classification, transparency, human oversight, and accountability requirements specific to AI in education.
Schools complete the DET NSW Due Diligence Vendor Checklist, which evaluates data handling, security controls, privacy compliance, and suitability for the school context. We provide pre-filled documentation to support this step.
Once the vendor checklist and AI assessment are complete, schools can deploy the platform with their wellbeing teams. Ongoing compliance is monitored through regular review cycles.
A detailed look at how our platform capabilities align with New South Wales's privacy and security requirements for schools.
IPP 5 — Information security (data storage)
Healthcare-grade encryption at rest and in transit. Role-based access controls. 14+ character password requirements. Secure Australian cloud hosting with no offshore data transfer.
IPP 2 — Collection directly from individual
Data is collected by authorised wellbeing staff during support sessions. Students do not interact with AI directly — the platform is a staff-only documentation tool.
IPP 10 — Limits on use of personal information
Data is used solely for wellbeing documentation purposes within your school. No data shared with third parties for marketing, research, or any purpose beyond service delivery.
Data residency in Australia
All data stored on secure Australian cloud infrastructure in Sydney. Schools using manual notes and the student support system keep all data entirely in Australia. If the optional AI Scribe is used, audio is briefly processed overseas for transcription with zero retention, then deleted — only text is stored, in Sydney.
Audio data handling
Audio recordings are deleted immediately after transcription is complete. Only text documentation is retained — raw audio is never stored permanently.
Mandatory data breach notification
We have a documented incident response plan. In the event of an eligible data breach, we notify affected schools immediately and support IPC notification requirements within prescribed timeframes.
NSW AIAF — AI transparency and human oversight
All AI-generated documentation is reviewed and approved by wellbeing staff before becoming part of any record. No AI training on school data. Clear disclosure that AI assists with documentation.
Audit trail for IPC compliance
Comprehensive audit logging with 7-year retention. All data access is tracked and available for compliance reporting and incident investigation.
Different school sectors in New South Wales have different procurement processes. Select your sector for specific guidance.
Key body: Department of Education (DET NSW)
AssessedIT listing is mandatory for all technology products used in NSW government schools. The NSW AIAF assessment is required for any AI-powered tool. The Online Learning Tools Marketplace (from Term 3 2025) provides an additional streamlined procurement channel.
Common questions from New South Wales schools about privacy compliance and using Grounded Scribe.
We'll provide the documentation your school needs to complete the assessment process in New South Wales. Request a compliance pack and we'll be in touch.