CBA reviews privacy policies over data incidents

The Commonwealth Bank will review its privacy policies, procedures and approach to managing personal information under a court-enforceable undertaking it signed supporting two data incidents.
The Office of the Australian Information Commissioner (OAIC) on Thursday said CBA had made the promise after it lost magnetic tapes containing the records of up to 20 million accounts in 2016, and after a 2018 case in which bank staff had access to orders containing personal information about life support customers.

CBA will review and improve its privacy standards in response to problems identified by the information commissioner.

“The Australian community expects financial service providers, and indeed all organizations, to
be proactive in protecting the personal information they hold,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“Our inquiries identified deficiencies in CBA’s management of personal information, specifically its internal access controls and approach to retention and destruction," she said.
CBA said it had informed both of the events to the OAIC, and it was working to address the problems.
“We have offered this EU as a demonstration of our continued commitment to appropriately managing the privacy of customer personal information, and addressing any concerns identified by the Commissioner," chief risk officer Nigel Williams said in an advisory to investors.
Safety expert Troy Hunt said privacy breaches of this nature may not have been publicly disclosed a few years ago, but it was becoming more common for companies to reveal holes, even if they had no evidence of data being misused. This had occurred in part because of tougher privacy laws.

The OAIC said no evidence of proscribed access to these treatments had been reported, but CBA did not have sufficient controls to review and control access to personal information across its business.
CBA reviews privacy policies over data incidents CBA reviews privacy policies over data incidents Reviewed by Naomi on June 28, 2019 Rating: 5

No comments:

top navigation

Powered by Blogger.