Powered by MOMENTUM MEDIA
subscribe to our newsletter

CBA to review privacy under OAIC undertaking

Commonwealth Bank has committed to overhauling its privacy policies and procedures under an enforceable undertaking it has entered into with the Australian Information Commissioner.

The Commonwealth Bank of Australia (CBA) has entered into an enforceable undertaking (EU) with the Office of the Australian Information Commissioner (OAIC), under which it will review and “enhance” internal privacy policies, procedures and record retention standards. 

CBA had referred itself to the privacy watchdog last year due to two data mishandling incidents in 2016 and 2018, one involving the loss of magnetic data tapes containing historical statements of 20 million customers, and the other relating to poor internal user access controls to systems containing personal information about life insurance customers. 

“As previously announced, CBA has found no evidence to date, as a result of these incidents, that our customers’ personal information was compromised, or that there have been any instances of unauthorised access by CBA employees or third parties,” the major bank stated.

CBA has 90 days to develop and submit to the OAIC a work plan and a timetable of work that it will complete to meet its obligations under the enforceable undertaking.

Advertisement
Advertisement

These obligations include conducting a review of and improving CBA’s:

  • Privacy policies, procedures, and record retention standards
  • Privacy impact assessment process
  • Internal user access controls on systems and applications that hold personal information
  • Privacy risk management and monitoring processes that apply to service providers to CBA and certain subsidiaries

Angelene Falk, the Australian Information Commissioner and Privacy Commissioner, said the office’s inquiries, which took into account APRA’s final report of the Prudential Enquiry into Commonwealth Bank of Australia, showed that the big four bank had taken a reactive approach to risk management and compliance matters.

“The Australian community expects financial service providers, and indeed all organisations, to be proactive in protecting the personal information they hold,” Ms Falk said.

“Our inquiries identified deficiencies in CBA’s management of personal information, specifically its internal access controls and approach to retention and destruction. 

“As a result of this work, CBA has committed through a court-enforceable undertaking to substantially improve their privacy practices.”

PROMOTED CONTENT


Commenting on the EU, Commonwealth Bank’s group chief risk officer, Nigel Williams, said: “We have offered this EU as a demonstration of our continued commitment to appropriately managing the privacy of customer personal information, and addressing any concerns identified by the commissioner.

“We continue to take action to address issues, earn trust and be a better bank for our customers. This includes proactively engaging with our regulators to ensure we continue to build better systems, processes and controls to manage the personal information of our customers.”

[Related: Reactive approach led to recurring misconduct: CBA]

CBA to review privacy under OAIC undertaking
mortgagebusiness

If you have ever considered how you could better service your SME clients but lack the knowledge or confidence to do this beyond referring them on, this is a must-attend event for you. Don't miss SME Broker Bootcamp, a jam-packed, free-to-attend, practical workshop. Register today and secure your place at this interactive, flexible, must-attend event.

Tas Bindi

Tas Bindi is the features editor on the mortgage titles and writes about the mortgage industry, macroeconomics, fintech, financial regulation, and market trends.  

Prior to joining Momentum Media, Tas wrote for business and technology titles such as ZDNet, TechRepublic, Startup Daily, and Dynamic Business. 

You can email Tas on: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

 

Latest News

The major bank’s chief has apologised to customers, admitting far-reaching systemic issues led to each of the six matters presented in new...

Several lenders, including major banks, have offered loan repayment relief and fee waivers for NSW and Queensland residents impacted by floo...

The Federal Court has ordered La Trobe Financial Asset Management to pay a $750,000 penalty for “false and misleading marketing” of the ...

Join Australia's most informed brokers

Do you know which lenders are providing brokers and their customers with the best service?

Use this monthly data to make informed decisions about which lenders to use. Simply contribute to the survey and we'll send you the results directly to your inbox - completely free!

Do you think APRA's bank buffer changes will see more borrowers use non-banks?

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.