Last updated:
Tasmania's Personal Information Protection Act 2004 sets clear privacy standards through 10 Personal Information Protection Principles. Our platform is designed to meet these requirements, with Australian-only data hosting that satisfies PIPP 5 protections for offshore data.
Regulated by the Ombudsman Tasmania (Ombudsman)
Not currently mandatory — Tasmania does not currently have mandatory data breach notification under state legislation. However, the Ombudsman recommends voluntary notification of significant breaches, and schools operating under Commonwealth obligations may have additional requirements.
No standalone AI framework — Tasmania does not have a standalone AI governance framework for schools. The ITS Cyber Security team within the Department assesses technology platforms, and an endorsed tools list provides guidance on approved products for school use.
Here's the process your school follows to adopt a new platform in Tasmania. We'll support you at every step.
The Department's ITS Cyber Security team assesses the platform against security and privacy requirements. This covers data handling, encryption, access controls, and infrastructure security.
Successfully assessed platforms are added to the endorsed tools list, making them available for school procurement with confidence that security and privacy requirements are met.
Individual schools review the platform for their specific use case, considering their wellbeing team's needs and any school-specific requirements. We provide documentation to support this step.
Wellbeing staff are onboarded to the platform. Ongoing compliance is maintained through regular reviews aligned with PIPA requirements and ITS Cyber Security guidance.
The Department's ITS Cyber Security team assesses the platform against security and privacy requirements. This covers data handling, encryption, access controls, and infrastructure security.
Successfully assessed platforms are added to the endorsed tools list, making them available for school procurement with confidence that security and privacy requirements are met.
Individual schools review the platform for their specific use case, considering their wellbeing team's needs and any school-specific requirements. We provide documentation to support this step.
Wellbeing staff are onboarded to the platform. Ongoing compliance is maintained through regular reviews aligned with PIPA requirements and ITS Cyber Security guidance.
A detailed look at how our platform capabilities align with Tasmania's privacy and security requirements for schools.
PIPP 4 — Information security
Healthcare-grade encryption at rest and in transit. Role-based access controls. 14+ character password requirements. Comprehensive audit logging.
PIPP 2 — Use and disclosure
Data is used solely for documentation purposes within your school. No data shared with third parties for marketing or other purposes.
PIPP 5 — Equivalent protections for offshore data
All data stored on secure Australian cloud infrastructure in Sydney. Schools using manual notes and the student support system keep all data entirely in Australia, exceeding PIPP 5 requirements. If the optional AI Scribe is used, audio is briefly processed overseas for transcription with zero retention, then deleted — only text is stored, in Sydney.
Audio data handling
Audio recordings are deleted immediately after transcription is complete. Only text documentation is retained — raw audio is never stored permanently.
Audit trail and compliance reporting
Comprehensive audit logging with 7-year retention. All data access is tracked and available for compliance reporting and incident investigation.
AI transparency and human oversight
All AI-generated documentation is reviewed and approved by wellbeing staff before becoming part of any record. No AI training on school data.
Staff-only platform (no student access)
Only authorised wellbeing staff access the platform. Students never interact with AI directly, significantly reducing consent and risk requirements.
Different school sectors in Tasmania have different procurement processes. Select your sector for specific guidance.
Key body: Department for Education, Children and Young People (DECYP)
Government schools use the endorsed tools list maintained by the ITS Cyber Security team. Platforms on this list have been assessed for security and privacy compliance.
Common questions from Tasmania schools about privacy compliance and using Grounded Scribe.
We'll provide the documentation your school needs to complete the assessment process in Tasmania. Request a compliance pack and we'll be in touch.