A significant breach of parliamentary protocol has emerged, with over 100,000 sensitive emails and documents transferred to a private law firm that had previously suffered a major cyberattack. This transfer occurred despite warnings from cybersecurity experts regarding the potential risks involved. The breach raises serious concerns about the confidentiality of parliamentary communications and the integrity of ongoing investigations.
In 2023, Jaala Hinchcliffe, then deputy secretary of the Department of Parliamentary Services (DPS), authorized her department to provide access to a comprehensive search of emails, Microsoft Office files, and Teams chats over a ten-month period. This search aimed to investigate potential misconduct by senior officials, including her former boss, Rob Stefanic.
The law firm HWL Ebsworth received the sensitive information as part of an investigation into a 315,000 AUD “incentive to retire payment” made to former deputy secretary Cate Saunders. The payment has come under scrutiny due to Saunders’ personal relationship with Stefanic, who was dismissed in December 2022 due to a loss of trust and confidence by Senate President Sue Lines and House Speaker Milton Dick.
Hinchcliffe’s oversight of the investigation included a directive to the IT department to search for communications involving ten individuals, including key departmental figures and several specific terms related to the payment. The initial search yielded 108,000 emails and 44,000 Microsoft Office 365 records sent to HWL Ebsworth in July 2022. Concern grew when Hinchcliffe requested a second search, claiming that potentially relevant materials had been missed.
The cybersecurity division within DPS expressed alarm about the risks associated with transferring unfiltered data to HWL Ebsworth, particularly in light of the firm’s cyber breach in April 2023, which resulted in the theft of 3.6 terabytes of data. The firm serves numerous government clients, including the Department of Home Affairs, the Department of Defence, and the Australian Federal Police.
Federal politicians, including Liberal Senator Jane Hume and Greens Senator Steph Hodgins-May, voiced their outrage over the potential breach of parliamentary privilege. Hume stated that if the investigation compromised confidential communications, it undermined the democratic processes essential to governance. Hodgins-May described the incident as a “huge breach of trust” from a government department, questioning its integrity.
The National Anti-Corruption Commission (NACC) is currently investigating the payment to Saunders. On October 3, 2022, NACC officials raided the Department of Parliamentary Services as part of their inquiry. Prior to this raid and following Hinchcliffe’s initial investigation, DPS received a risk assessment indicating that her actions posed “extreme” risks, including breaches of confidentiality and parliamentary privilege. Notably, Hinchcliffe did not respond to the risk assessment sent to her on September 4, 2022.
Despite these warnings, the IT department was directed to grant HWL Ebsworth’s contractor full administrative access to the department’s computer systems. This access was reportedly granted over a period of two to three days.
In response to the controversy, the DPS issued a statement asserting that HWL Ebsworth had provided “suitable assurances” to manage the data access appropriately. Nonetheless, concerns remain over whether sensitive communications were shared beyond the parliamentary network. Senator James McGrath emphasized the necessity for accountability, stating that if public servants released emails against explicit risk assessments, “heads should roll.”
As this situation unfolds, the implications for parliamentary integrity and trust between government departments and the public are profound. The DPS’s handling of sensitive information continues to face scrutiny, with calls for greater accountability and transparency in the investigation process.
Before her role at DPS, Hinchcliffe served as deputy commissioner at the NACC and as the Australian Commissioner for Law Enforcement Integrity, indicating her extensive background in oversight and investigations. The ongoing discussions highlight the critical balance between conducting thorough investigations and protecting confidential information within government operations.
