Compatible

Privacy Compliance for South Australian Schools

South Australia is the most AI-forward state in Australia for education, with EdChat as a sanctioned AI tool setting a clear precedent for AI use in schools. Our platform is designed to align with the SA privacy framework and SACSF cloud security guidelines.

Request a Compliance Pack All States

Legislation Overview

Cabinet Administrative Instruction PC012 (Information Privacy Principles)

Regulated by the Privacy Committee of South Australia (PCSA)

Key Details

Enacted: 2009
Privacy Principles: 10 Information Privacy Principles (IPPs)
Regulator: PCSA

Key Provisions

10 Information Privacy Principles established by Cabinet Administrative Instruction PC012 — administrative rather than legislative
SACSF (South Australian Cyber Security Framework) cloud security guidelines for government SaaS procurement
EdChat sanctioned as an approved AI tool for SA schools — setting precedent for AI in education
Privacy Committee of South Australia provides oversight and guidance on privacy matters
PC012 applies to SA government agencies including government schools — not legislation but enforceable via administrative instruction
Department for Education has published guidance on responsible AI use in school settings

Data Breach Notification

Not currently mandatory — South Australia does not currently have mandatory data breach notification legislation for state government agencies. However, the SA government follows the Australian Government's best practice guidelines for breach response, and agencies are expected to notify affected individuals of significant breaches as a matter of good practice.

AI Governance Framework

No standalone AI framework — South Australia does not have a formal AI governance framework for schools. However, the Department for Education has taken a proactive approach by sanctioning EdChat as an approved AI tool for school use, establishing a clear precedent that AI tools can be deployed in SA schools when appropriate safeguards are in place. The SACSF provides cloud security guidelines that apply to all SaaS platforms.

Vendor Assessment Pathway

Here's the process your school follows to adopt a new platform in South Australia. We'll support you at every step.

Step 1

SACSF Cloud Security Review

Your school or department assesses the platform against SACSF cloud security guidelines. This evaluates data handling, hosting location, encryption, access controls, and incident response capabilities. We provide documentation to support this review.

Step 2

Privacy Assessment (PC012 Alignment)

A privacy assessment is conducted to verify alignment with the 10 IPPs under PC012. This covers collection, use, disclosure, storage, and security of student personal information. We provide pre-filled privacy documentation.

Step 3

School or Departmental Approval

The school principal or relevant departmental authority reviews the security and privacy assessments and approves the platform for deployment. For government schools, this may involve regional or central office sign-off.

Step 4

Deployment

Once approved, schools deploy the platform with their wellbeing teams. Ongoing compliance is maintained through regular review aligned with SACSF update cycles and departmental guidance.

Step 1

SACSF Cloud Security Review

Step 2

Privacy Assessment (PC012 Alignment)

Step 3

School or Departmental Approval

Step 4

Deployment

Once approved, schools deploy the platform with their wellbeing teams. Ongoing compliance is maintained through regular review aligned with SACSF update cycles and departmental guidance.

How Grounded Scribe Meets South Australia Requirements

A detailed look at how our platform capabilities align with South Australia's privacy and security requirements for schools.

Requirement

IPP 4 — Storage and security (PC012)

How we address this

Healthcare-grade encryption at rest and in transit. Role-based access controls. 14+ character password requirements. Secure Australian cloud hosting with no offshore data transfer.

Requirement

IPP 2 — Use and disclosure limitations (PC012)

How we address this

Data is used solely for wellbeing documentation purposes within your school. No data shared with third parties for marketing, research, or any purpose beyond service delivery.

Requirement

SACSF cloud security compliance

How we address this

Platform security controls align with SACSF requirements for cloud-hosted services, including data residency, encryption, access management, logging, and incident response.

Requirement

Data residency in Australia

How we address this

All data stored on secure Australian cloud infrastructure in Sydney. Schools using manual notes and the student support system keep all data entirely in Australia. If the optional AI Scribe is used, audio is briefly processed overseas for transcription with zero retention, then deleted — only text is stored, in Sydney.

Requirement

Audio data handling

How we address this

Audio recordings are deleted immediately after transcription is complete. Only text documentation is retained — raw audio is never stored permanently.

Requirement

AI transparency and human oversight

How we address this

All AI-generated documentation is reviewed and approved by wellbeing staff before becoming part of any record. No AI training on school data. Consistent with the precedent set by EdChat's sanctioned use in SA schools.

Requirement

Audit trail for compliance

How we address this

Comprehensive audit logging with 7-year retention. All data access is tracked and available for compliance reporting and incident investigation.

Requirement

Staff-only platform (no student access)

How we address this

Only authorised wellbeing staff access the platform. Students never interact with AI directly, significantly reducing consent requirements and aligning with SA privacy expectations.

Guidance by School Sector

Different school sectors in South Australia have different procurement processes. Select your sector for specific guidance.

Government Schools Schools

Key body: Department for Education South Australia (DoE SA)

South Australia is the most AI-forward state for education in Australia. The Department for Education has sanctioned EdChat as an approved AI tool, setting a clear precedent that AI platforms can be deployed in SA schools when appropriate safeguards are in place. SACSF cloud security guidelines apply to all SaaS procurement.

SACSF cloud security review required for all cloud-hosted platforms handling student data
PC012 Information Privacy Principles apply to all government agencies including schools
EdChat precedent demonstrates departmental openness to AI tools in education
Department for Education has published guidance on responsible AI use in school settings
Principal approval required — may involve regional or central office sign-off for new AI tools
South Australia's administrative privacy framework (not legislative) means adoption pathways can be more streamlined

Frequently Asked Questions

Common questions from South Australia schools about privacy compliance and using Grounded Scribe.

Does South Australia have privacy legislation like other states?

South Australia's privacy framework is administrative rather than legislative. The 10 Information Privacy Principles are established through Cabinet Administrative Instruction PC012, which applies to all SA government agencies including schools. While not legislation in the traditional sense, PC012 is enforceable and agencies are expected to comply. Catholic and independent schools are governed by the federal Privacy Act.

What does the EdChat precedent mean for AI tools in SA schools?

The Department for Education sanctioning EdChat as an approved AI tool for SA schools is significant. It demonstrates that SA is open to AI in education when appropriate safeguards are in place — including data security, human oversight, and responsible use guidelines. Grounded Scribe meets and exceeds these safeguards as a staff-only documentation tool with comprehensive security controls.

What is the SACSF and does it apply to our school?

The South Australian Cyber Security Framework (SACSF) provides cloud security guidelines for government agencies, including government schools. It covers data handling, hosting, encryption, access controls, and incident response for SaaS platforms. For non-government schools, SACSF is not mandatory but is widely referenced as best practice.

How does Grounded Scribe handle student data mentioned in wellbeing notes?

Wellbeing staff use the platform to document support sessions. The AI assists with structuring case notes, but all content is reviewed and approved by the staff member before saving. Audio recordings are deleted immediately after transcription — only the text documentation is retained.

Can our CESA school adopt this independently?

CESA operates a centralised technology procurement model — new platforms are typically evaluated and approved at the system level rather than by individual schools. If your school is interested, the best approach is to raise it with your school leadership, who can escalate to CESA central office for evaluation. We are happy to work directly with CESA on a system-level assessment.

What happens to our data if we stop using the platform?

Schools can export all their data at any time. Upon termination, we provide a complete data export and securely delete all school data from our systems within 30 days, in line with Australian Privacy Principles.

Need Help With Your School's Vendor Assessment?

We'll provide the documentation your school needs to complete the assessment process in South Australia. Request a compliance pack and we'll be in touch.

Request a Compliance Pack Back to All States