25 September 2023

Bank opens doors on privacy

Start the conversation

The Office of the Australian Information Commissioner (OAIC) has accepted an enforceable undertaking from the Commonwealth Bank of Australia (CBA) that it will improve its privacy practices.

The binding commitment follows inquiries by the OAIC into the CBA’s handling of personal information in relation to two data incidents.

These were the loss of magnetic storage tapes containing historical customer statements for up to 20 million bank customers by a third-party provider to the CBA in May 2016, and inadequate internal access controls to customer data reported to the OAIC in August 2018.

Australian Information Commissioner and Privacy Commissioner, Angelene Falk said the inquiries took into account a report from the Australian Prudential Regulation Authority which found the CBA was reactive in dealing with risks and compliance matters.

“The Australian community expects financial service providers, and indeed all organisations, to be proactive in protecting the personal information they hold,” Ms Falk said.

“Our inquiries identified deficiencies in CBA’s management of personal information, specifically its internal access controls and approach to retention and destruction.”

She said all organisations regulated under the Privacy Act 1988 should proactively manage their data holdings to protect people’s personal information.

“When an organisation is entrusted with our personal information, access must be limited to a need-to-know basis and the data must not be kept past its use-by date,” Ms Falk said.

“This matter should send a sharp reminder to all organisations that data holdings must have a clearly defined retention period and should be securely destroyed or de-identified when no longer needed.”

The bank’s enforceable undertaking will be overseen by an independent external reviewer who will consult with and report to the OAIC on the CBA’s compliance.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.