APRA handballs privacy concern
The financial regulator has brushed aside recommendations from a federal agency that it remind banks of their privacy obligations when lenders are sending customers' personal data overseas.
In a guidance note this week, the Australian Prudential Regulation Authority urged companies to take a "cautious and measured" approach to managing data when offshoring.
But it did not follow a recommendation from the Australian Privacy Commissioner, Timothy Pilgrim, to draw banks' attention to their obligations under the Privacy Act.
After a wave of offshoring in financial services, privacy has emerged as a key flashpoint, causing some state government agencies to restrict what information can be stored overseas.
In a submission to APRA, Mr Pilgrim recommended the regulator refer to the National Privacy Principles - federal rules that restrict how big businesses handle personal information.
The principles require companies to follow domestic rules when they transfer data overseas, and serious breaches can result in multimillion-dollar fines.
But APRA's guidance note to banks - which is intended to identify potential problem areas - did not mention either "privacy" nor "personal information." Instead, it focused on potential risks to the financial system from data management.
"APRA expects a regulated entity to apply a cautious and measured approach when considering retaining data outside the jurisdiction it pertains to," its guidance said.
"It is important that a regulated entity is fully aware of the risks involved and makes a conscious and informed decision as to whether the additional risks are within its risk appetite."
Customer privacy is a growing concern of unions and some government departments as companies including ANZ, QBE and Westpac send thousands of back-office jobs overseas.
For instance, Victoria's WorkSafe agency does not allow insurance providers to store data relating to employers or injured workers outside Australia.
Finance is the most complained about sector, according to the 2011-12 Australian Information Commissioner annual report, and Commonwealth Bank, ANZ and Westpac were among the 10 most complained about organisations.