Banking and financial services: privacy case studies

The Banking and Financial Services Ombudsman’s Bulletin 54 (pdf) discusses the application of the National Privacy Principles to a range of banking procedures:

Identification to cash cheques: the BFSO’s view is that the taking of identification from a person presenting a cheque for cash payment is necessary for one or more of the functions and activities of the drawer’s bank.

Names and contact details of third parties required on credit applications: The BFSO suggests that the applicants who provide third party information advise the third parties of that fact.

Collection of sensitive information (eg health) without consent and without adequate notice of collection: the BFSO cites a case where a bank wrongly copied qnd retaiuned a document that contained both financial and health information.

Use and disclosure: According to the BFSO Claims made to BFSO range from cases in which correspondence is sent to wrong addresses to serious breaches in which individuals say their personal safety is put at risk.

Many cases investigated by BFSO where a breach is found, appear to have resulted from failure to use up-to-date information, carelessness and, in some cases, misplaced attempts by staff to assist family members or friends of the customer.

BFSO has also considered cases where wrongly addressed mail has led to serious repercussions for the customer (eg acrimonious family law property proceedings). These quite serious cases are relatively uncommon. However, where a financial services provider is on notice of potential danger or conflict where information about a customer is revealed to a third party, then compensation may be substantial where such information is disclosed in breach of the NPPs.

Access to information: it is the view of BFSO that, where a financial services provider asserts that an individual is its customer, the individual is entitled to access information that the provider holds or purports to hold about him or her.

Credit reporting: BFSO receives and investigates a number of disputes about credit reporting. The most common cause for complaint is default or serious credit infringement listings.

BFSO’s view is that, where a credit provider intends to list a default the intention to list should be brought to the attention of the individual at the time that the demand for payment is made. BFSO also takes the view that the amount listed should be limited to the amount which can be demonstrated to have been overdue for 60 days.

Where a credit provider relies on an acceleration clause in a contract to demand that the remaining loan balance be repaid by a customer, BFSO is of the view that the full amount must have been demanded by the credit provider and remain unpaid for 60 days from the date of expiry of the demand before a listing may be made and that this should be made clear and unambiguous in the demand.

In respect of serious credit infringement listings (which last for 7 years) it is the view of BFSO that simply being unable to locate an individual cannot form the basis of a “reasonable opinion” that the individual has indicated an intention to no longer comply with the credit contract.

BFSO also expressed the view that it is not appropriate for any listing to be made claiming fraud unless the individual has been found guilty of a fraud offence by a court.

Print Friendly, PDF & Email

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.