The Customer Owned Banking Code Compliance Committee has recently conducted a review of customer owned banking institutions’ compliance with privacy obligations under Section D23 and Key Promise 8 of the Customer Owned Banking Code of Practice (the Code).
A copy of the report can be found at here.
As Australia moves towards implementing open banking, privacy and data security compliance will become both increasingly complex to manage and more vitally important. In this context, this inquiry addressed the institutions’ high level of non-compliance with existing privacy obligations in the Code which is cause for concern.
The inquiry confirmed that all institutions have a comprehensive privacy policy that is accessible to customers. However, although all institutions also have training processes in place, the frequency of breaches caused by human processing error indicates that institutions need to do more to keep privacy requirements front-of-mind for staff. Most institutions review their privacy compliance at least once every two years, although it appears that these reviews could be more comprehensive.
As a result of the findings of this inquiry, the Committee has made 26 recommendations (see page 5 of the report) and developed a privacy compliance checklist (see page 30 of the report).
About the Customer Owned Banking Code of Practice
The Customer Owned Banking Code of Practice (the Code) is a code of practice for Australia’s customer owned banking institutions which include mutual building societies, credit unions, mutual banks and other authorised deposit taking institutions. Customer owned banking institutions hold over $100 billion in assets and represent four million customers. Through the Code, 67 subscribing institutions voluntarily commit to fair and responsible customer owned banking practices.
About the Customer Owned Banking Code Compliance Committee
The Customer Owned Banking Code Compliance Committee (the Committee) is an independent Committee responsible for monitoring and reporting on compliance with the Code.