Data disaster – Commbank shows banks fail at the basics
A data disaster is coming according to consumer advocates, following revelations that 12 million customers’ personal financial histories were lost by the Commonwealth Bank.
“A data disaster is coming” says Gerard Brody, CEO of Consumer Action Law Centre.
“The system that protects us and our personal information is failing and this breach from the Commonwealth Bank exposes a number of problems with how our information is handled.”
Under new laws (which came into effect after the 2016 Commonwealth Bank breach) corporations are required to notify people of breaches of their personal information that are likely to result in significant harm.
Consumer Action is particularly concerned by the decisions of the Office of the Australian Information Commission (OAIC) and the Commonwealth Bank not to inform customers.
“No matter how small the risk might have been, we should have been told. Even if the breach was inadvertent and the risks are small, people need to know. Banks and corporates profess transparency and honesty, but we still find out about these incidents through the media. Institutions need strong incentives to be upfront with customers—there should be harsh penalties and consequences if they fail to do so,” says Brody.
The breach is made all the more concerning due to the proposed legislation to mandate banks to participate in Comprehensive Credit Reporting (CCR) on July 1st – a major expansion in the collection of Australians’ credit histories.
“Credit reporting is already a mess of bad data, confusing processes and poor oversight. We’re about to see a major expansion in the collection and sharing of data that will have serious impacts on people’s lives,“ says Brody.
“More time is needed before we can be confident in the growth of data sharing by big banks. Regulators need to be better resourced, and have the power to ensure accountability. Robust systems must be in place to ensure people are not disadvantaged by data sharing. The Treasurer Scott Morrison has the power to stop the data disaster and make sure banks get it right.”