Australia’s privacy watchdog has been told to turn over full details of an investigation into American Express that uncovered security and access control weaknesses to the senate.
Greens senator David Shoebridge successfully moved a motion in the senate on Thursday ordering the production of a series of documents relating to the Amex investigation.
Last month, the Office of the Australian Information Commissioner (OAIC) ordered Amex implement stronger system access controls within six months after a pair of insider privacy breaches.
The privacy watchdog published only an abridged “report” [pdf] of its investigation and findings, not the full determination.
It cited potential harm to individuals, risks to Amex’s cyber security, and the need to protect its own investigative processes as reasons to withhold the full text.
But, courtesy of the senate order, the OAIC – through the minister representing the Attorney-General – now has until July 28 to produce the full determination, along with related correspondence and records.
The motion passed by a vote of 33-21.
In addition to requiring the “full text of the determination and the Australian Privacy Commissioner’s reasons” – “subject only to the redaction of the personal information of the complainant and any third parties” – it also seeks “all records of the OAIC’s decision regarding publication of the determination.”
Also covered is “all correspondence between the OAIC and American Express Australia Limited, or its representatives, concerning confidentiality, publication, or any restriction on disclosure”, together with any advice the OAIC took to back its decision not to release the full determination.

