The Customer Owned Banking Code Compliance Committee (the Committee) has finalised its review of customer owned banking institutions’ compliance with privacy obligations under Section D23 and Key Promise 8 of the Customer Owned Banking Code of Practice.
A copy of the report can be found at here.
As Australia moves towards implementing open banking, privacy and data security compliance will become both increasingly complex to manage and more vitally important.
In this context, this inquiry addressed the institutions’ high level of non-compliance with existing privacy obligations in the Code which is cause for concern.
The inquiry confirmed that all institutions have a comprehensive privacy policy that is accessible to customers. However, although all institutions also have training processes in place, the frequency of breaches caused by human processing error indicates that institutions need to do more to keep privacy requirements front-of-mind for staff. Most institutions review their privacy compliance at least once every two years, although it appears that these reviews could be more comprehensive.
As a result of the findings of this inquiry, the Committee has made 26 recommendations (see page 5 of the report) and developed a privacy compliance checklist (see page 30 of the report).