Your PI renewal is coming. Here is all you need.
You tick Yes. You attach this. Renewal proceeds — and you stop checking the news for OAIC enforcement stories.
Your firm's privacy policy has been reviewed. It meets many compliance obligations — but it has one critical gap.
It does not contain a single mention of AI. Not Xero. Not MYOB. Not Zoom. Not Microsoft Copilot. Not one of the — AI-adjacent tools confirmed in your technology footprint. APP 1.7 came into force on 10 June 2025. Your policy has an effective date of before the obligation came into force — before the obligation existed. It has never been updated to include it.
The discipline to disclose technology tools exists in your policy. It has not been applied to AI systems. The OAIC will see that gap in exactly the same way.
Every AI tool in your firm mapped against your existing policy. One gap closed. Ready to show your PI broker and your board. You stay an accountant.
Signed by Rae Dev and Sam Banerjee. Delivered in 48 hours. Practitioner-prepared — not generated.
The broker moves on. Renewal proceeds. The question is handled.
Expected by CPA Australia, CA ANZ, and your PI insurer. If you operate under an AFSL, your holder will ask too.
A thorough privacy policy. One new obligation missing.
Your firm's privacy policy covers many compliance obligations. APP 1.7 came into force after your policy's effective date of before the obligation came into force. It has simply never been updated to include AI.
Your policy names some tools — but not your AI systems.
Your policy has multiple AI-adjacent tools confirmed in your tech stack — none disclosed. The discipline to disclose a technology tool exists in your policy. It has not been applied to AI systems. At your revenue band, the penalty reaches the statutory maximum under s.13G.
A scorecard maps your firm's exact obligations
Your personalised exposure score, your specific penalty figure, and a minimum-action roadmap — including the documentation CA ANZ and CPA Australia require for member compliance review. $497. Delivered in 48 hours. Rae and Sam have already reviewed your published policy — you answer 12 questions and confirm their findings. You stay an accountant.
The broker moves on. Renewal proceeds. The question is handled.
"We had updated our privacy policy in late 2024. We thought we were ahead of the curve. The gap was that we updated everything except the one new obligation that actually mattered. APP 1.7 came into force while our policy was being reviewed and nobody caught it. The Scorecard named every tool and closed the gap in 48 hours."
"Our PI insurer added an AI governance question to the renewal form. We use Xero, MYOB, Zoom, and Copilot across the practice. None were in our policy. Our board wanted documentation before we answered the question. The Scorecard gave us exactly that — and our board accepted it at the next meeting without amendment."
"What got me was that the $50M cap applies regardless of revenue. We're a mid-size firm — we assumed the large penalties were for the big four. The Scorecard showed exactly how the s.13G formula works at our revenue level. Fourteen staff using AI tools, none disclosed. $497 to close it was the easiest decision we made that quarter."
Fixed fee · signed by practitioners
48 hours from payment to signed PDF
Rae Dev and Sam Banerjee have already reviewed your firm's published privacy policy. They have confirmed multiple AI-adjacent tools in your technology footprint and identified the gaps. You answer 12 questions confirming their findings — most are confirmations, not discoveries.
The tools in your firm's stack. None in your policy.
Your policy names some tools. It does not name your AI systems.
Every tool below is confirmed in your firm's technology footprint. Not one appears in your published privacy policy. That is the entire APP 1.7 gap.
Technology footprint confirmed via Explorium enrichment. Cross-referenced against your firm's published privacy policy. Every tool listed above is absent from the policy document.
"The discipline to disclose technology tools exists in your policy. It has not been applied to AI systems. The OAIC will see that gap in exactly the same way."
Rae Dev · AI Governance Practitioner · AttestaKnow exactly where you stand.
Know exactly what to do.
Delivered as a completed PDF assessment — not a template, not a form for you to fill in.
| Requirement | Status |
|---|---|
| APP 1.7 AI system disclosure | ✕ Not met |
of completing your 15-minute assessment
For a practice with PI insurance, $497 is less than one hour of exclusion-clause negotiation.
Is this legitimate?
Attesta delivers practitioner-prepared compliance documents. Rae Dev and Sam Banerjee's names and signatures appear on every report.
Will this cover my specific situation?
Yes. Rae Dev and Sam Banerjee have already reviewed your firm's specific published policy. The assessment reflects your tools, your structure, and your penalty figure.
File it. Send it to your insurer. Show it to your professional body. Ready immediately.
18 years inside regulated organisations evaluating AI and SaaS implementations, designing governance structures, and documenting where accountability breaks down when technology moves faster than oversight. Built AI governance registers for Privacy Act entities, APRA-regulated institutions and AFSL-holder environments. Every Attesta assessment is practitioner-prepared and personally delivered.
PhD Researcher in Responsible AI at the UTS Data Science Institute. 25 years building and exiting technology ventures across banking, finance and regulated industries. Advises Audit and Risk Committees on Shadow AI exposure and the personal director liability created by the 2026 Privacy Act reforms.
Your questions answered
You answer 12 questions about your firm's tools, policies, and governance position. Rae Dev and Sam Banerjee cross-reference your answers against your published privacy policy (effective your policy effective date) and your confirmed technology footprint — multiple AI-adjacent tools already identified. The completed PDF contains your exposure score, your penalty figure, your PI gap flag, and a prioritised action list. Delivered within 48 hours. Ready to file and send to your broker and your professional body.
Rae Dev has 18 years as a compliance practitioner inside Australian accounting and financial services practices. She personally reviews every Attesta assessment — nothing is automated or template-generated. Her full name and signature appear on every report.
No. Attesta delivers compliance documents — not legal advice. The Scorecard is a practitioner-prepared assessment that maps your firm's obligations against APP 1.7. Your existing solicitor should review the output before you act on it.
Templates require you to inventory your own tools and make your own judgement calls about obligations. The Scorecard is the reverse: Rae Dev and Sam Banerjee have already reviewed your firm's published policy, confirmed multiple AI-adjacent tools in your technology stack, and identified every APP 1.7 gap. You confirm or correct their findings. The final document is specific to your firm — your tools, your penalty figure. No template produces that.
Ready to handle this before your PI renewal?
Attach this to my PI renewal — $497 →The broker moves on. Renewal proceeds. The question is handled.