90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-066
Government · Australia · 2024 · Data exposure & egress

A child protection worker used ChatGPT on a Children's Court report, and the regulator found it disclosed a child's details and understated risk

By Ellie Harris · Filed Reported to OVIC by the department, December 2023

Alleged: Department of Families, Fairness and Housing (Victoria) developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

A child protection worker used ChatGPT on a Children's Court report, and the regulator found it disclosed a child's details and understated risk

What happened

According to OVIC’s investigation and press reporting at the time, in December 2023 Victoria’s Department of Families, Fairness and Housing reported to the Office of the Victorian Information Commissioner that a child protection worker had used ChatGPT while drafting a protection application report, a document submitted to the Children’s Court in a case concerning a young child whose parents had been charged in relation to sexual offences. OVIC’s investigation, published in September 2024, found, on the balance of probabilities, that the worker had entered a significant amount of personal and delicate information into ChatGPT, including names and information about risk assessments relating to the child, disclosing it to OpenAI, an overseas company, in the process. OVIC noted that the parents’ charges did not relate to offences against the child, and that the report’s deficiencies did not ultimately change the decisions of Child Protection or the Court.

The investigation also found that content generated by ChatGPT and carried into the report was inaccurate in ways that mattered. OVIC’s report describes generated content that recast sensitive case material bearing directly on risk as a positive reflection on the parents’ care, inaccuracies the regulator found downplayed the risks to the child. OVIC found the department responsible for a serious breach of the Information Privacy Principles, and the Deputy Commissioner issued a compliance notice requiring DFFH to block ChatGPT and similar tools for its child protection workforce. According to the investigation, an internal departmental review of cases handled by the worker’s broader unit over a one-year period identified 100 cases with indicators that ChatGPT may have been used in child protection documents, and a departmental analysis of audit logs, also cited in the investigation, found that nearly 900 employees had accessed the ChatGPT website in the second half of 2023.

What an auditable version would have shown

The department could not initially say how widely the tool had been used, by whom, or in which cases: it had to reconstruct that from audit logs and text patterns after the fact. An auditable version captures the moment of use, not the echo of it. A signed record at the point where case material left the department’s systems would have shown which documents drew on a generative tool, what categories of information were sent, to which external service, and under whose account. The question OVIC spent months reconstructing, where did this child’s information go and what came back, would have been answerable from the record in minutes, not from a forensic review spanning a year of casework.

Where the gap was

Sensitive case material crossed a trust boundary into an external consumer service, and nothing stood at the exit. An EgressGate classifies what is about to leave (names, risk assessments, court material) and checks the destination against the trust boundary before anything is sent; a child’s casefile bound for a consumer chatbot is exactly what it exists to stop. A ConductRecord preserves each use of an AI tool in official work, signed at the time, so an agency knows the scale of its exposure from its own records rather than from a year of forensic review.

What governance should have looked like

The reported failure was not one worker’s shortcut; it was a system with no checkpoint between a child’s file and the open internet, and no record of the crossing. Government agencies handling the most sensitive information they hold should know, as a property of their systems, what leaves, where it goes, and what generated the text in their court documents. When the regulator asks how far it spread, the answer should come from a signed record, not a survey of audit logs.

If this content raises issues for you, help is available. In Australia, Lifeline is on 13 11 14 and 1800RESPECT is on 1800 737 732; in the United States, the 988 Suicide and Crisis Lifeline can be reached by calling or texting 988.

The reference implementation of EgressGate and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Department of Families, Fairness and Housing (Victoria) could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →