Compliance with privacy obligations follow-up inquiry outcomes – Follow-up inquiry into how Code subscribers applied recommendations issued by the Committee to improve compliance with privacy obligations under Section D23 and Key Promise 8 of the Code, June 2020 (PDF, 739KB, 40 pages)

Privacy and data security are among the foremost concerns for consumers and, with recent government moves to update and strengthen privacy laws, it is essential that financial institutions manage and protect customer information appropriately.

The Customer Owned Banking Code of Practice (the Code) requires subscribers to comply with the Privacy Act 1988 and the Australian Privacy Principles. With the increasing importance and complexity of these issues, compliance in these areas is critical.

Poor privacy compliance by customer owned banking institutions led the independent Customer Owned Banking Code Compliance Committee (the Committee) that monitors the Code to hold a 2018 Own Motion Inquiry (OMI). This resulted in the creation of a comprehensive privacy compliance checklist and a list of recommendations aimed at improving privacy and data security. A rise in reported privacy-related Code breaches since then prompted the Committee to conduct a follow-up inquiry to determine how subscribers manage privacy and whether they had implemented the OMI recommendations or checklist.