Published by George Nott (Computerworld), 27 June 2019.
The Commonwealth Bank of Australia (CBA) will be required to review its privacy and data retention policies under threat of court action from the Australian Information Commissioner and Privacy Commissioner. The binding commitment – known as a court-enforceable undertaking – follows inquiries by the Office of the Australian Information Commissioner (OAIC) into two major data breaches by the bank.
Last year CBA confirmed a May 2016 incident – first reported by Buzzfeed – in which a third-party provider lost magnetic storage tapes containing historical customer statements for up to 20 million bank customers. The tapes included customer names, addresses, account numbers and transaction details from 2000 to early 2016.
Continue reading here.