SKILL.md— paste into Microsoft 365 Copilot or ClaudeDownload▸ View skill file▾ Hide skill file
---
name: Privacy Act ADM Logger
description: Produces a Privacy Act-compliant automated decision-making log for an in-scope agent, capturing inputs, rationale, model version, and manual review path.
---
# Privacy Act ADM Logger
> **TL;DR:** This skill produces a Privacy Act-compliant automated decision-making log for an agent that makes or substantially contributes to a decision affecting an individual, capturing the input data summary, rationale, model identifier, timestamp, and manual review path.
## How does the Privacy Act ADM Logger skill document an agent's automated decision?
For each automated decision made by an in-scope Agentic AI system, this skill produces a structured log entry that satisfies the automated decision-making (ADM) transparency obligations of the Privacy and Other Legislation Amendment Act 2024, in force from 10 December 2026. It captures the input data classes, the model or rule set version, the decision outcome and impact category, the contributing factors, and the path to human review. Each entry can resolve back to a Microsoft Entra agent identity and is exportable on receipt of an OAIC access request.
## When should you run this skill?
- "Generate an automated decision-making log"
- "Document an agent's automated decision for OAIC compliance"
- "Produce an ADM transparency record"
- "Log an agent decision affecting an individual"
## How this skill works, step by step
1. Identify the decision event: agent identifier, decision timestamp, affected individual reference
2. Summarise the input data classes used (not the raw data — class names only)
3. Record the model or rule set identifier and version
4. Capture the decision output and its impact category (eligibility, ranking, recommendation, denial)
5. Record the rationale or top contributing factors at the level the agent can produce
6. Record the manual review path: how the affected individual requests human review, and the timeline
7. Produce the log entry below
## Output format
```json
{
"decisionId": "<uuid>",
"timestamp": "<ISO 8601>",
"agentId": "<entra agent id>",
"modelVersion": "<id@version>",
"subjectReference": "<pseudonymised id>",
"inputClasses": ["..."],
"decisionOutcome": "...",
"impactCategory": "eligibility | ranking | recommendation | denial",
"topFactors": ["..."],
"manualReviewPath": "...",
"retentionUntil": "<ISO 8601>"
}
```
Followed by a plain-English statement suitable for OAIC disclosure.
## Scope and safety
This skill does NOT:
- Make or override the agent's decision
- Store personal information beyond pseudonymised references
- Replace the organisation's Privacy Impact Assessment
## Licensing and permissions
### Licences and add-ons
| Capability used | Minimum licence |
| --- | --- |
| Microsoft Entra agent identity for resolving the decision back to an inventoried agent | Microsoft Entra ID P1 |
| Microsoft Purview compliance recordkeeping and retention for the exported log | Microsoft Purview (Microsoft 365 E5 Compliance or equivalent) |
### Least-privilege roles
- Compliance Administrator (read) in the Microsoft Purview portal, to retrieve and export records on an OAIC access request
- Global Reader, to resolve the Microsoft Entra agent identity without write access
### Microsoft Graph permissions (read-only)
This skill authors a structured Privacy Act ADM log entry from the decision details you supply; it does not query live tenant data through Microsoft Graph. The Microsoft Entra agent identifier is captured as an input, and the completed log is managed and exported through the Microsoft Purview portal rather than the Graph API. If you choose to enrich an entry by reading the agent's directory record, the read-only scope `Application.Read.All` covers retrieving the Microsoft Entra agent identity.
## Sources and compliance
- Privacy and Other Legislation Amendment Act 2024 ADM transparency obligations are in force from 10 December 2026
- Designed to be exportable on receipt of an OAIC access request
- Reference: [https://www.oaic.gov.au/privacy/privacy-legislation/privacy-and-other-legislation-amendment-act-2024](https://www.oaic.gov.au/privacy/privacy-legislation/privacy-and-other-legislation-amendment-act-2024)
- Pair with the Entra Agent ID Audit so each decision log resolves back to an inventoried agent
- Output in Australian English
How to use this skill
- Get the file. Download or copy the
SKILL.mdfrom the panel above. - Load it into your host:
- Microsoft 365 Copilot / Copilot Studio — add it as the instructions of a declarative agent or Copilot Studio agent.
- Claude (Cowork / Claude Code) — drop the file into your skills folder; it loads as an Agent Skill automatically.
- Any chat host — paste the file contents as your prompt.
- Grant read-only access. Assign the least-privilege roles and Microsoft Graph scopes listed in Licensing and permissions below.
- Provide your tenant scope and run it (a site, a collection, or the whole tenant).
- Review the report and action the risk-ranked recommendations.
This skill is read-only by default — it inspects and reports, and never changes your tenant.
Privacy Act ADM Logger
TL;DR: This skill produces a Privacy Act-compliant automated decision-making log for an agent that makes or substantially contributes to a decision affecting an individual, capturing the input data summary, rationale, model identifier, timestamp, and manual review path.
How does the Privacy Act ADM Logger skill document an agent’s automated decision?
For each automated decision made by an in-scope Agentic AI system, this skill produces a structured log entry that satisfies the automated decision-making (ADM) transparency obligations of the Privacy and Other Legislation Amendment Act 2024, in force from 10 December 2026. It captures the input data classes, the model or rule set version, the decision outcome and impact category, the contributing factors, and the path to human review. Each entry can resolve back to a Microsoft Entra agent identity and is exportable on receipt of an OAIC access request.
When should you run this skill?
- “Generate an automated decision-making log”
- “Document an agent’s automated decision for OAIC compliance”
- “Produce an ADM transparency record”
- “Log an agent decision affecting an individual”
How this skill works, step by step
- Identify the decision event: agent identifier, decision timestamp, affected individual reference
- Summarise the input data classes used (not the raw data — class names only)
- Record the model or rule set identifier and version
- Capture the decision output and its impact category (eligibility, ranking, recommendation, denial)
- Record the rationale or top contributing factors at the level the agent can produce
- Record the manual review path: how the affected individual requests human review, and the timeline
- Produce the log entry below
Output format
{
"decisionId": "<uuid>",
"timestamp": "<ISO 8601>",
"agentId": "<entra agent id>",
"modelVersion": "<id@version>",
"subjectReference": "<pseudonymised id>",
"inputClasses": ["..."],
"decisionOutcome": "...",
"impactCategory": "eligibility | ranking | recommendation | denial",
"topFactors": ["..."],
"manualReviewPath": "...",
"retentionUntil": "<ISO 8601>"
}Followed by a plain-English statement suitable for OAIC disclosure.
Scope and safety
This skill does NOT:
- Make or override the agent’s decision
- Store personal information beyond pseudonymised references
- Replace the organisation’s Privacy Impact Assessment
Licensing and permissions
Licences and add-ons
| Capability used | Minimum licence |
|---|---|
| Microsoft Entra agent identity for resolving the decision back to an inventoried agent | Microsoft Entra ID P1 |
| Microsoft Purview compliance recordkeeping and retention for the exported log | Microsoft Purview (Microsoft 365 E5 Compliance or equivalent) |
Least-privilege roles
- Compliance Administrator (read) in the Microsoft Purview portal, to retrieve and export records on an OAIC access request
- Global Reader, to resolve the Microsoft Entra agent identity without write access
Microsoft Graph permissions (read-only)
This skill authors a structured Privacy Act ADM log entry from the decision details you supply; it does not query live tenant data through Microsoft Graph. The Microsoft Entra agent identifier is captured as an input, and the completed log is managed and exported through the Microsoft Purview portal rather than the Graph API. If you choose to enrich an entry by reading the agent’s directory record, the read-only scope Application.Read.All covers retrieving the Microsoft Entra agent identity.
Sources and compliance
- Privacy and Other Legislation Amendment Act 2024 ADM transparency obligations are in force from 10 December 2026
- Designed to be exportable on receipt of an OAIC access request
- Reference: https://www.oaic.gov.au/privacy/privacy-legislation/privacy-and-other-legislation-amendment-act-2024
- Pair with the Entra Agent ID Audit so each decision log resolves back to an inventoried agent
- Output in Australian English
Licensed under CC BY 4.0 by Educ4te . Adapted from the open HybridSP skills catalogue.
Last updated on