NewsBite

Contractor without security clearance given sensitive emails, DPS admits

A top bureaucrat has revealed the department that runs Parliament House exposed sensitive emails to a contractor without the necessary security clearance.

Joseph Olbrycht-Palmer
2 min read
December 1, 2025 - 5:05PM
NewsWire

A third-party contractor was given top-level access to Parliament House’s IT system without the necessary security clearance, senior bureaucrats have admitted.

HWL Ebsworth is one of several law firms regularly engaged by the Department of Parliamentary Services (DPS).

In 2023, the firm was assisting a probe into ex-secretary Rob Stefanic, who was sacked late last year amid murkiness around his romantic relationship with former deputy, Cate Saunders.

Ms Saunders was moved to a different department for six months in 2023 before taking “incentive-to-retire payment” of $315,000.

HWL Ebsworth enlisted data analytics group Transperfect Legal (TPL) to sift through sensitive emails, with both telling DPS all involved had the right clearances, Secretary Jaala Hinchcliffe told senate estimates in October.

But fronting the Senate Finance and Public Administration Legislation Committee on Monday, she admitted that information was wrong, and that someone working for Transperfect Legal did not possess the needed clearance.

Department of Parliamentary Services Secretary Jaala Hinchcliffe has admitted the contractor did not hold proper security clearance. Picture: NewsWire / Martin Ollman
Department of Parliamentary Services Secretary Jaala Hinchcliffe has admitted the contractor did not hold proper security clearance. Picture: NewsWire / Martin Ollman

“It’s my understanding that when DPS engaged HWL lawyers and Transperfect to extract the troves of sensitive data from the APH system at extreme risk – on the advice of your own ICT experts – you did not independently seek to determine as to the security status of the contractors can be carrying out this work,” Liberal senator James McGrath charged.

“How can senators in this place … have any faith that the DPS moving forward … will be able to respect and protect our data, including matters of parliamentary privilege?”

Liberal senator James McGrath has asked how parliamentarians can trust sensitive correspondence to be kept secure. Picture: NewsWire / Martin Ollman
Liberal senator James McGrath has asked how parliamentarians can trust sensitive correspondence to be kept secure. Picture: NewsWire / Martin Ollman

Senator McGrath also asked why the department “did not perform additional security clearance or vetting processes”.

DPS Deputy Secretary Nicola Hinder said that not doing so was “entirely in accordance with normal practice” because of HWL Ebsworth’s relationship with government.

“In relation to the TPL employee, I assured myself upon commencement with DPS that we had received assurances that they did have (clearance),” Ms Hinder said.

“That subsequently turned out to be incorrect, and we have raised that in the strongest terms with both HWE, who have done the same with TPL.”

Asked by Liberal senator Jane Hume if that meant someone “lied”, Ms Hinder said no.

“I don’t want to categorise it as being a lie,” she replied.

Both Ms Hinchcliffe and Ms Hinder also stressed that TPL used algorthims to search for emails rather than doing so manually, meaning the employee had limited exposure.

Originally published as Contractor without security clearance given sensitive emails, DPS admits

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

More related stories

Original URL: https://www.thechronicle.com.au/news/breaking-news/contractor-without-security-clearance-given-sensitive-emails-before-russia-hack-dps-admits/news-story/15df1b5db4497aecaf4b1ff7327fd789