realestatebusiness logo

Subscribe to our newsletter

CBA to review privacy under OAIC undertaking

Commonwealth Bank has committed to overhauling its privacy policies and procedures under an enforceable undertaking it has entered into with the Australian Information Commissioner.

The Commonwealth Bank of Australia (CBA) has entered into an enforceable undertaking (EU) with the Office of the Australian Information Commissioner (OAIC), under which it will review and “enhance” internal privacy policies, procedures and record retention standards. 

CBA had referred itself to the privacy watchdog last year due to two data mishandling incidents in 2016 and 2018, one involving the loss of magnetic data tapes containing historical statements of 20 million customers, and the other relating to poor internal user access controls to systems containing personal information about life insurance customers. 

“As previously announced, CBA has found no evidence to date, as a result of these incidents, that our customers’ personal information was compromised, or that there have been any instances of unauthorised access by CBA employees or third parties,” the major bank stated.

CBA has 90 days to develop and submit to the OAIC a work plan and a timetable of work that it will complete to meet its obligations under the enforceable undertaking.


These obligations include conducting a review of and improving CBA’s:

  • Privacy policies, procedures, and record retention standards
  • Privacy impact assessment process
  • Internal user access controls on systems and applications that hold personal information
  • Privacy risk management and monitoring processes that apply to service providers to CBA and certain subsidiaries

Angelene Falk, the Australian Information Commissioner and Privacy Commissioner, said the office’s inquiries, which took into account APRA’s final report of the Prudential Enquiry into Commonwealth Bank of Australia, showed that the big four bank had taken a reactive approach to risk management and compliance matters.

“The Australian community expects financial service providers, and indeed all organisations, to be proactive in protecting the personal information they hold,” Ms Falk said.

“Our inquiries identified deficiencies in CBA’s management of personal information, specifically its internal access controls and approach to retention and destruction. 

“As a result of this work, CBA has committed through a court-enforceable undertaking to substantially improve their privacy practices.”

Commenting on the EU, Commonwealth Bank’s group chief risk officer, Nigel Williams, said: “We have offered this EU as a demonstration of our continued commitment to appropriately managing the privacy of customer personal information, and addressing any concerns identified by the commissioner.

“We continue to take action to address issues, earn trust and be a better bank for our customers. This includes proactively engaging with our regulators to ensure we continue to build better systems, processes and controls to manage the personal information of our customers.”

[Related: Reactive approach led to recurring misconduct: CBA]

CBA to review privacy under OAIC undertaking

Tas Bindi

Tas Bindi is the features editor on the mortgage titles and writes about the mortgage industry, macroeconomics, fintech, financial regulation, and market trends.  

Prior to joining Momentum Media, Tas wrote for business and technology titles such as ZDNet, TechRepublic, Startup Daily, and Dynamic Business. 

You can email Tas on: This email address is being protected from spambots. You need JavaScript enabled to view it.



Latest News

The regulator didn’t appeal the decision of the Westpac expenses case due to the “economic and health crisis”, the former deputy chair...

The Reserve Bank of New Zealand has lifted the benchmark interest rate to 2 per cent, as it tries to get a handle on surging inflation. ...

The central bank’s assistant governor has reflected on when supply will meet demand, noting that while lowered prices are due, it is u...


Join Australia's most informed brokers

Do you know which lenders are providing brokers and their customers with the best service?

Use this monthly data to make informed decisions about which lenders to use. Simply contribute to the survey and we'll send you the results directly to your inbox - completely free!

What is the maximum proportion of income borrowers should use to service a mortgage?

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.