Australian regulator orders Amex to fix insider threat data flaws

THE Australian Privacy Commissioner has ordered American Express to address security weaknesses in five data systems to mitigate insider threats and restrict employee access to sensitive customer information, especially for vulnerable and high-profile clients. Privacy Commissioner Carly Kind noted that American Express failed to implement proper measures despite prior warnings about security risks. The company is also required to apologize to the initial complainant and maintain a log of employee access to customer records.