OAIC ordered to turn over Amex privacy determination in full

By
Follow google news

Investigation uncovered security and access control issues.

Australia’s privacy watchdog has been told to turn over full details of an investigation into American Express that uncovered security and access control weaknesses to the senate.

OAIC ordered to turn over Amex privacy determination in full

Greens senator David Shoebridge successfully moved a motion in the senate on Thursday ordering the production of a series of documents relating to the Amex investigation.

Last month, the Office of the Australian Information Commissioner (OAIC) ordered Amex implement stronger system access controls within six months after a pair of insider privacy breaches.

The privacy watchdog published only an abridged “report” [pdf] of its investigation and findings, not the full determination.

It cited potential harm to individuals, risks to Amex's cyber security, and the need to protect its own investigative processes as reasons to withhold the full text.

But, courtesy of the senate order, the OAIC - through the minister representing the Attorney-General - now has until July 28 to produce the full determination, along with related correspondence and records.

The motion passed by a vote of 33-21.

In addition to requiring the “full text of the determination and the Australian Privacy Commissioner’s reasons” - “subject only to the redaction of the personal information of the complainant and any third parties” - it also seeks “all records of the OAIC’s decision regarding publication of the determination.”

Also covered is “all correspondence between the OAIC and American Express Australia Limited, or its representatives, concerning confidentiality, publication, or any restriction on disclosure”, together with any advice the OAIC took to back its decision not to release the full determination.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

NAB's SecOps rethink focuses on data expert and dev hires

NAB's SecOps rethink focuses on data expert and dev hires

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Log In

  |  Forgot your password?