In a dramatic turn of events, a high-ranking federal bureaucrat has come under scrutiny for defying her department’s cybersecurity guidelines. She authorized the release of a significant volume of parliamentary emails to a private firm, TransPerfect, which previously suffered a breach by Russian hackers. This decision is now drawing sharp criticism as she dismissed the associated risk assessment as “overrated.”

The bureaucrat in question, Hinchcliffe, is now the subject of demands from the federal opposition for a thorough investigation into her actions. This controversy has sparked a debate over the handling and safeguarding of sensitive parliamentary data.

Addressing the issue, Hinchcliffe explained her reasoning by stating, “The speaker and I have been discussing this matter, and we believe it is in the best interest of parliament for the data to remain under the supervision of the clerks, as this aligns with the expectations of parliamentarians.”

The transfer of data from the Department of Parliamentary Services (DPS) to the private company occurred in three major phases: 299.7MB in June of the previous year, 32.63GB in August, and a substantial 136.95GB in a “bulk extract process” carried out over two days in late October and early November.

When questioned by Liberal senator James Paterson about whether she had sought advice concerning parliamentary privilege, Hinchcliffe admitted she had not. She justified her decision based on “first principles,” ensuring that MPs’ and senators’ data would not be part of an investigation led by barrister Dr. Fiona Roughley.

Reflecting on her decision-making process, Hinchcliffe acknowledged, “In light of the concerns raised in this committee, I admit it would have been advantageous for me to seek guidance from the Senate clerk, which I regrettably did not do.”

Paterson responded: “Did you really prefer your own judgment over the clerk’s judgment about the risk of parliamentary privilege?”

She replied: “Senator, I’ve conceded that I didn’t seek the advice of the clerks and that it would’ve been better placed if I had.”

Liberal senator Jane Hume said she was deeply concerned that the Senate president was not informed of the data extraction until after it had occurred, despite IT’s risk assessment.

“I would have thought that this would constitute further investigation as a potential breach of the department’s code of conduct,” Hume told the committee.

Lines said she would consider strengthening data handling protocols, “to make sure there is an oversight in place”.

Asked by Hume if she retained confidence in Hinchcliffe, Lines said: “Yes I do.”

Hume said she would formally request the Senate president seek advice from the Australian Public Service commissioner about whether Hinchcliffe had breached the department code of conduct.

Hume said she would also seek to hold an inquiry into potential breaches of parliamentary privilege.