American Express breached privacy laws, Australian regulator finds
( June 15, 2026, 06:20 GMT | Official Statement) -- MLex Summary: American Express Australia failed to take reasonable steps to protect a customer’s personal information from unauthorized access by an employee, Australia’s privacy regulator has found. In a statement on Monday, the Office of the Australian Information Commissioner said that American Express breached the 1988 Privacy Act and ordered the company to compensate the complainant for economic and non-economic loss and expenses, issue a written apology and implement additional access-control and logging measures. The regulator said it has only published a summary report of the determination rather than the full decision due to confidentiality and cybersecurity concerns.Statement and summary report are attached....
Prepare for tomorrow’s regulatory change, today
MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.
Know what others in the room don’t, with features including:
- Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
- Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
- Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
- Curated case files bringing together news, analysis and source documents in a single timeline
Experience MLex today with a 14-day free trial.