An audit of Australia’s big four banks by the Office of the Australian Information Commissioner (OAIC) has found that they have been handling consumer data under the Consumer Data Right (CDR) in an open and transparent way, and have demonstrated good privacy practices as it did not find any areas of high privacy risk.
As part of the first CDR privacy assessment, the OAIC, which is a co-regulator of the CDR, examined ANZ, Commonwealth Bank, National Australia Bank, and Westpac as they were initial CDR data holders.
Each bank was evaluated according to their compliance with privacy safeguard 1, which requires providers to have a CDR policy describing how they manage consumer data and implement internal practices, procedures, and systems to ensure compliance.
There are 13 legally binding privacy safeguards under the CDR that set out consumers’ privacy rights and providers’ obligations when collecting and handling their data. Privacy safeguard 1 is considered, as the OAIC puts it, the bedrock privacy safeguard that underpins compliance with all the other privacy safeguards.
“Our privacy assessment found the big four banks are generally complying with the bedrock Consumer Data Right privacy safeguard,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
According to the assessment,