| Date | 28 July 2026 |
| Time | 12.00pm-4.00pm. Times are AEDT (Syd/Melb time) |
| Venue & Recordings | Live Online with recording available to view until 28 August 2026 |
| Pricing | $440 Price includes gst. |
| CPD | Addresses 7.2 of the Australian Professional Standards for Teachers |
| Sector | Non-State Schools |
Register
Program
12.00 LawSense Welcome
12.05 Chairperson’s Remarks
Brenton Harty, Director of ICT and Privacy Officer, Presbyterian Ladies’ College (Victoria); President, MITIE
Fred Shu, Head of Information Technology, William Clarke College (NSW); Vice President, MITIE
Virat Shah, Head of Technology, Scotch College (WA)
Ron Robinson, Director of Information Technology, Toowoomba Grammar School (Queensland)
12.10 Best Practice AI Governance and Management in Schools: Integrating AI Governance, Effectively Evaluating Apps for Use and Updating Contracts
Current Legal and Regulatory Requirements and Guidelines
- Examining the current legal requirements and guidelines applying to AI and evolving changes, including:
- Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
- OAIC’s specific AI privacy guidance
- Online Safety Act 2021 (Cth) and eSafety guidance
- Copyright requirements – education and AI
- Australian Framework for Generative AI in Schools
- Examining upcoming reforms, including Children’s Online Privacy Code
AI Governance: Updating Current Governance Policies to Integrate Best Practice in Optimising AI and Managing Risk and Compliance
- Exploring how the use of AI in schools can impact current policies and practices, including in managing risk
- Developing an effective AI governance strategy and integrating it into current policies
- Examining the extent of Board/Council involvement
- Dealing with the use of shadow AI
- Implementing strategies and processes to manage evolving legal, regulatory and operational risks
Implementing Best Practice in Evaluating AI Applications Against Legal Requirements, Guidelines and Risks
Implementing Best Practice and Streamlining Assessment
Elements to Consider
- Examining key elements to consider, including:
- privacy assessments, including vendor/supplier policies, data flows, risks/mitigations, vendor and cross-border handling.
- data location, sub-processors, training use of your prompts/uploads, retention, and deletion rights
- child specific policies and defaults & consents
- certifications
- data minimization
- incident response
Considerations with K-6
- Examining and applying particular considerations with K-6 students
Risks From Particular Contract Terms, Conditions and Arrangements
- Exploring common contract terms, conditions and arrangements used by suppliers/vendors, and identifying which are high risk in practice for schools
Best Practice and Streamlining Evaluation of T’s&C’s
- Implementing best practice in evaluating vendor/supplier terms and conditions – what to look for and streamlining the process
Updating ICT Contract Terms to Manage AI, Evolving Legal Obligations and Costs
- Exploring how implementing best practice in AI governance can impact current contracts and arrangements
- Examining contract terms to seek to implement with suppliers or vendors to optimise AI governance and costs
James Field, Managing Director,DecisionLine; Founder and former CEO of CompliSpace
Alec Christie, Partner, Head of Privacy Risk and Digital Law, Atmos
1.25 Break
1.40 School Obligations Beyond the School “Gate”: Examining the Implications of Recent Cases and Managing Student Monitoring, Including Impacts of the New Social Media Laws
Outlining Key Laws and Government Anti-Bullying Rapid Review
- Outlining relevant laws regarding a school’s obligations outside school and examining the implications of the Anti-Bullying Rapid Review
Impacts of Social Media Aged Limits and Other Reforms
- Examining the new laws regarding age limits on social media use, including examining exceptions
- Exploring the implications of the new laws for schools and learnings from what schools have implemented and experienced. Have or should schools be reporting breaches of social media laws?
- Exploring best practice polices to deal with the changes in social media laws and impacts
Duty of Care Beyond the School “Gate”
- Reviewing recent cases regarding school duty of care and implications – have obligations been extended?
- Exploring implications for managing school liability, including obligations in monitoring and responding to issues the schools become aware of
- Implementing best practice policies to manage a school’s obligations beyond the school gate
Supervision/Monitoring Student Activity Outside School Hours
- Exploring the boundaries of a school’s duty of care in monitoring student activity outside school hours
- Using monitoring software on student managed devices:
- what can you legally monitor and ensuring you have adequate consent
- to what extent should you have human monitoring/ escalation to humans?
- what is your legal exposure for an incident where a greater degree or availability of human monitoring could have prevented harm?
- what are your responsibilities to act where the information you collect indicates a student may be at risk, including when the information arrives outside school hours
David Scanlan, Employment Law Lead – WA, Mapien Law; Former, Director of People and Culture, St Hilda’s Anglican School for Girls
2.40 Break
2.55 Recent Case Law – Data Breaches and Information Security (APP11): Learning from Guidance on “Reasonable Steps” To Take for Privacy Law Compliance and Mitigating Liability
The recent decision of Australian Information Commissioner v Australian Clinical Labs Limited [2025] FCA 1224 provides guidance on the factors the Court will consider in determining whether an organisation has done enough to comply with obligations to keep personal information secure (APP11) and the mandatory breach reporting obligations. This presentation reviews these factors and how they apply to schools as well as drawing from other cases and school experiences to ensure your school implements best practice policies in this area.
- Outlining obligations under Australian Privacy Principals 11 (APP11) – reasonable steps in the circumstances to protect personal information it holds from misuse, interference, loss, unauthorised access, modification or disclosure
- Exploring school experiences in managing and responding to cyber incidents and data breaches
- Examining key aspects of Australian Information Commissioner v Australian Clinical Labs Limited applicable to schools including:
- examining what are “reasonable steps” to take and factors to be considered
- further guidance regarding mandatory breach reporting, including regarding adequacy of investigations
- reliance on third party service providers
- how civil penalty provisions will be applied
- Examining implications in practice for schools including:
- calibrating measures depending on the nature of the data, risk of harm, size and resources of the school and security environment
- understanding the extent of investigation required and approach to assessing the application of requirements in breach reporting
- optimising arrangements with third party service providers
- Implementing best practice policies and processes to meet requirements and mitigate liability
Leah Mooney, Partner, Wotton Kearney
3.55 Closing Remarks
4.00 Event Close
Presenters / panelists include:
Brenton Harty has four decades of experience in education, spanning roles as a teacher, digital learning manager, and ICT Manager within both government and independent schools. Presently, he holds the dual roles of Director of ICT and Privacy Officer at Presbyterian Ladies’ College Melbourne, while also serving as President of MITIE, a national organization dedicated to representing ICT professionals in the education sector.
James is the Managing Director of DecisionLine and the Founder and former CEO of CompliSpace. A major part of James’ focus at CompliSpace was developing its governance programs, which are still used by over 750 schools Australia-wide. This work included developing comprehensive programs in areas such as Enterprise Risk Management, Compliance, Complaints Handling, Privacy, Human Resources Management, Workplace Safety, and Child Safeguarding. James is also an experienced commercial lawyer and an accredited organisational coach (ACC) with the International Coaching Federation (ICF).
Alec Christie is a recognised leader in digital, privacy, critical infrastructure and information law. Alec's deep understanding of privacy law allows him to create comprehensive risk solutions, especially in relation to tech innovations, digital transformation, financial services IT regulation and multi-jurisdiction projects. His practical and agile solutions focused approach, especially in a time of rapid tech and regulatory change, together with his extensive experience makes him a highly sought after trusted resource.
David Scanlan is currently a Senior Employment Lawyer at Mapien Law heading up their WA office, having commenced in September 2025. Prior, David was the Director of People & Culture at St Hilda’s from 2020. In this role he drove the people development, cultural development, talent acquisition and compliance functions of the School. Prior to joining St Hilda’s, David worked in private practice as lawyer. He spent much of his career at international law firm Ashurst in their Perth Employment and Industrial Relations team, starting there as a graduate and leaving as a Senior Associate.
For more than 20 years, Leah Mooney has provided legal, regulatory, risk and governance services to corporate and government entities. She is best known for helping organisations to understand data privacy, cyber security and technology risk and compliance, with a particular focus on responding to complex data breaches, security of critical infrastructure, countering foreign interference, and high-risk AI technologies. Leah has worked as a director of a Big Four consulting firm and a special counsel in a top tier international law firm; and worked in senior in-house roles with a university and Australia's leading provider of identity theft and cyber incident counselling and remediation services.