APRA urges 'measured' approach to privacy

The financial regulator has brushed aside recommendations from a federal agency that it remind banks of their privacy obligations when lenders are sending customers' personal data overseas.

The financial regulator has brushed aside recommendations from a federal agency that it remind banks of their privacy obligations when lenders are sending customers' personal data overseas.

In a guidance note this week, the Australian Prudential Regulation Authority urged companies to take a "cautious and measured" approach to managing data when offshoring. It did not follow a recommendation from the Australian Privacy Commissioner, Timothy Pilgrim, to draw banks' attention to obligations under the Privacy Act.

After a wave of offshoring in financial services, privacy has emerged as a key flashpoint, causing some state government agencies to restrict what information can be stored overseas.

In a submission to APRA, Mr Pilgrim recommended the regulator refer to the National Privacy Principles - federal rules that restrict how big businesses handle personal information.

The principles require companies to follow domestic rules when they transfer data overseas, and serious breaches can result in multimillion-dollar fines.

However, APRA's guidance note to banks did not mention either "privacy" or "personal information". Instead, it focused on potential risks to the financial system from data management.

"APRA expects a regulated entity to apply a cautious and measured approach when considering retaining data outside the jurisdiction it pertains to," APRA's guidance said. "It is important that a regulated entity is fully aware of the risks involved and makes a conscious and informed decision as to whether the additional risks are within its risk appetite."

The policy does not claim to be a comprehensive guide on offshoring. Even so, customer privacy is a growing concern of unions and some government departments as companies including ANZ, QBE and Westpac send thousands of back-office jobs overseas.

For instance, Victoria's WorkSafe agency does not allow insurance providers to store data relating to employers or injured workers outside Australia.

Finance is the most complained about sector on privacy matters, according to the 2011-12 Australian Information Commissioner annual report. Commonwealth Bank, ANZ and Westpac were among the 10 most complained about organisations.

InvestSMART FORUM: Come and meet the team

We're loading up the van and going on tour from April to June, with events on the NSW central & north coast, the QLD mid-north coast and in Perth, Adelaide, Melbourne, Sydney and Canberra. Come and meet the team and take home simple strategies that you can use to build an investment portfolio to weather any storm. Book your spot here.

Want access to our latest research and new buy ideas?

Start a free 15 day trial and gain access to our research, recommendations and market-beating model portfolios.

Sign up for free

Related Articles