Build your personal AI policy. From the Victorian public sector framework. From your organisation. From the shape of your role.
Safety is what unlocks the work.
Generative AI is becoming embedded in everyday work across the Victorian public sector. The Department of Premier and Cabinet issues the Administrative Guideline. The Office of the Victorian Information Commissioner sets the privacy rules. Public Record Office Victoria sets the records rules. Australia’s national AI Ethics Principles set the broader expectations.
You operate inside all of these. Your role has its own context. Your organisation has its own policy. The goal of this session is not to memorise the rules. It is to make them yours. To build a personal AI policy you can attach to every conversation you have with AI from tomorrow onwards.
This is not about being cautious for caution’s sake. It is about being safe in a way that lets you move forward. Safe and responsible use is what unlocks AI as a working partner. Without it you hesitate. With it you proceed with confidence.
Why we are doing this.
Many people read the rules once and forget them. Or they assume the rules are too restrictive and stop trying. Both miss the point. The rules are the conditions for confident use. This session helps you internalise them by applying them to your actual role and your actual work.
Turn the Victorian public sector AI guidance into specific actions you actually take.
Get clear on what information is appropriate to share with AI in your role and what is not.
Design a verification routine that fits how you actually work. Not a checklist you ignore.
Walk out with a personal AI policy you can save and reuse for every AI session from tomorrow.
By the end of this module.
Four things you will be able to do.
Apply the Victorian AI guidance to your specific role and organisational context.
Distinguish safe and unsafe information handling for AI use in your everyday work.
Name who you escalate to when AI use crosses into uncertain territory.
Compile a personal AI policy that can be used as standing context for every AI session.
Four documents that set the rules.
Before we build your personal policy. Know where the rules come from. The Victorian Public Sector has clear, principles-based guidance. It applies to your work. These four documents are the foundation.
Endorsed by the Victorian Secretaries Board in September 2024. Issued by the Secretary of DPC. Sets minimum requirements and safeguards for GenAI across the VPS. Principles-based and broad.
From the Office of the Victorian Information Commissioner. Sets privacy and information security obligations for enterprise GenAI tools. Aligned to the Victorian Protective Data Security Standards.
From Public Record Office Victoria. Tells you what AI-assisted work becomes an official record and how to keep it. Audit trail expectations are explicit here.
Victoria signed up in June 2024. Five principles: wellbeing, human-centred values, fairness, privacy and security, reliability and safety. The foundation under everything else.
Five guardrails. From the framework into practice.
The Administrative Guideline turns into five practical rules you can hold in your head. The same five rules apply across the VPS regardless of which agency you sit in. Click each number to read the rule.
Use agency-approved Copilot in your M365 tenancy wherever the work involves organisational material. Personal-licence tools are for public material only.
If you are not in your agency-approved tool, only publicly-available information goes in. No internal documents. No personal information. No commercial-in-confidence.
AI never makes or substitutes decisions affecting specific individuals. Not performance assessments. Not selection. Not eligibility. The delegate decides. AI assists.
Check AI outputs against reliable sources before they enter official work. Confidently-wrong is the danger. Plausible does not mean correct. Verification is a habit not a step.
When AI-assisted content becomes an official record, capture the prompt, the output and the verification. PROV expects it. Your organisation expects it. So should you.
Name your chat.
A small habit. Big payoff. Every conversation you have with AI gets stored. The ones with names are the ones you can find again. Set the name before you do anything else.
Start the conversation.
Paste this prompt into your new chat. It tells AI what session you are in, what you are about to build and the three steps we will work through.
Read your policy through your role.
What you are doing
You are taking a general policy document and asking AI to filter it through the specifics of your role. The same policy means different things to a procurement manager, a frontline service officer or a data analyst. You are getting AI to do the translation.
Why this matters
Policies are written for everyone. Which means they often feel relevant to no-one. Asking AI to read your policy through the lens of your specific work makes the rules tangible. You get the five things that apply to you, not the fifty that apply to someone else.
Work through real scenarios.
What you are doing
You are stress-testing the policy against your actual work. Edge cases are where policies get tested. The scenarios that nag at you in the back of your mind are the ones that need a verdict before you face them at speed.
Why this matters
You build judgement through deliberate practice. Working through real scenarios with AI as a thinking partner trains you to spot the pattern. Next time a similar scenario lands on your desk you will already know which guardrail applies.
Compile your personal AI policy.
What you are doing
You are pulling together everything into a single document. Not a long policy that sits unread. A short, role-specific reference you can paste at the start of every AI conversation. The Victorian framework becomes yours.
Why this matters
A policy you carry is a policy that works. By compiling your own version you commit to the rules. You also build a reusable artefact. When you start a new AI thread tomorrow you paste your policy. AI knows your guardrails before you ask anything else.
Capture your policy.
Go back to the same AI thread you have been working in. Paste this prompt. Your AI now knows your role, your organisation’s policy implications, your scenario verdicts and your draft personal AI policy. It will help you finalise.
Share what you have built.
The rule you did not realise you needed. The escalation path you will set up tomorrow. The one thing you will never let AI do for you.
Two minutes each. The thing you put in your policy that surprised you. The line you almost crossed without knowing.
Privacy. Legal. Records. IT. Your manager. Which conversation will you have first to set up that path so it is ready when you need it.
Your decision boundary. The one call you will always make as a human. Say it out loud so the room hears it.
What you have done.
Not a compliance exercise. A working personal policy that fits the Victorian framework and your role. Something you carry forward into every AI conversation from tomorrow onwards.
Five things from your organisation’s policy that personally apply to you. Not the fifty that apply to someone else.
Used AI to give you a verdict on the edge cases that have been nagging you. Yes. No. Stop and check. Reasoning attached.
Role context. Information lines. Verification routine. Escalation paths. Voice rules. Decision boundary. All in one document.
Privacy. Legal. Records. IT. Your manager. You know who to go to when in doubt before you are in doubt.
The one thing AI will never do for you. The line you hold as a human. Said out loud.
A document you save. Attach to every future AI conversation. Update as your role evolves. Carry forward.