Confidentiality breach affected successful business - Banking Ombudsman
The Privacy Act applies to individuals only. However banks also owe a duty of confidentiality to all customers that
provides they must not disclose customer information except in very limited circumstances. “We treat such complaints
just as seriously as Privacy Act complaints,” Banking Ombudsman Deborah Battell said.
A bank recently had to pay the owners of a successful business $20,000 when their business’s confidentiality was
breached by a bank employee accessing the company accounts.
“The bank employee had left the bank and was connected with a new company competing directly with theirs. It appeared
the employee had obtained commercially sensitive information about how their business operated while employed by the
bank.
“The bank confirmed the employee had methodically accessed their accounts. On the face of it, this access didn’t appear
to have any legitimate or authorised purpose. In addition to the duty of confidentiality, the bank’s employee code of
conduct provided clear guidelines on access to and use of customer information,” Ms Battell said.
The complainants initially didn’t want the bank to contact its former employee as they were also contemplating legal
action. This meant the bank couldn’t establish whether there was a legitimate reason for the access and so couldn’t take
any further action on the complaint.
“When we got involved we explained the bank’s position, and they gave the okay for the bank to speak with its employee
but it was unfortunately unable to do so.
“At this point, because it couldn’t provide us with information showing access had been legitimate or authorised, the
bank accepted its employee had likely breached the bank’s code of conduct and duty of confidentiality. Its $20,000 offer
to compensate was accepted,” Ms Battell.
The Banking Ombudsman Scheme recently published a new Quick Guide on privacy and confidentiality explaining how the scheme approaches privacy and confidentiality complaints.
Ends