Privacy Act — OAIC, APPs & CDR
5 production AI models covering the full Australian privacy compliance landscape: Australian Privacy Principles 1–13, Notifiable Data Breach scheme, Consumer Data Right accreditation, Privacy Impact Assessments, and DSAR automation. Max civil penalty: AUD 50M (Privacy Act 2022 amendment).
Regulatory Framework
5 AI Models
Australian Privacy Principles 1–13 gap analysis. APP 1 (open and transparent), APP 3 (collection), APP 5 (notification), APP 8 (cross-border disclosure), APP 11 (security).
Notifiable Data Breach scheme compliance (Privacy Act s.26WK–26WR). Eligible data breach detector, 30-day notification timer, OAIC and individual notification templates.
Consumer Data Right accreditation obligations (CDR Rules 2020). Data holder and accredited data recipient requirements, CDR data security standards.
Privacy Impact Assessment automation. Triggered when new data processing activity detected. Outputs PIA report with risk matrix and mitigation recommendations.
Data Subject Access Request workflow automation. 30-day response SLA, DSAR triage, identity verification, response pack generation, OAIC complaint pre-emption.
Example — NDB Eligibility Check
curl -X POST https://your-instance/api/v1/audits/domains/privacy \
-H "Authorization: Bearer $BP_API_KEY" \
-d '{
"entity_id": "ent_abc123",
"models": ["C-20"],
"event": {
"type": "data_breach",
"records_affected": 1200,
"categories": ["financial_info", "health_info"],
"discovered_at": "2026-05-15T09:00:00Z"
}
}'
# Response:
{
"model": "C-20",
"eligible_data_breach": true,
"notification_deadline": "2026-06-14T09:00:00Z",
"days_remaining": 30,
"notify_oaic": true,
"notify_individuals": true,
"acho_action": "ndb_notification_pack_generated"
}