Australian Information Commissioner accepts enforceable undertaking offered by CBA

Maria Nikolova

The enforceable undertaking concerns two incidents: one relating to the disposal of magnetic data tapes containing historical customer statements; and the other relating to internal user access to certain systems and applications containing customer personal information.

The Australian Information Commissioner has accepted an Enforceable Undertaking (EU) offered by Commonwealth Bank of Australia (CBA), the bank has announced.

The EU follows CBA’s ongoing work to address two incidents. The first one relates to the disposal of magnetic data tapes containing historical customer statements. The second one relates to internal user access to certain systems and applications containing customer personal information. CBA reported both incidents to the Office of the Australian Information Commissioner (OAIC) in 2016 and 2018 respectively and has since been working to address these incidents.

CBA notes that it has found no evidence to date, as a result of these incidents, that its customers’ personal information was compromised, or that there have been any instances of unauthorised access by CBA employees or third parties. There is no action required from CBA’s customers as a result of the EU.

CBA’s commitments in the EU announced today include reviewing and implementing further enhancements to:

  • internal privacy policies, procedures and record retention standards;
  • internal user access controls on systems and applications that hold personal information; and
  • the privacy risk management and monitoring processes that apply to service providers to CBA and certain subsidiaries.

The EU provides CBA with 90 days to develop and submit to the OAIC a work plan, and timetable of work that CBA will complete to meet its obligations under the EU.

Commonwealth Bank Group Chief Risk Officer, Nigel Williams, said: “We have offered this EU as a demonstration of our continued commitment to appropriately managing the privacy of customer personal information, and addressing any concerns identified by the Commissioner.

“We continue to take action to address issues, earn trust and be a better bank for our customers. This includes proactively engaging with our regulators to ensure we continue to build better systems, processes and controls to manage the personal information of our customers.”

Read this next

Digital Assets

Valkyrie pulls back on Ether futures merge with Bitcoin ETF

Valkyrie Funds LLC will suspend the purchase of Ether (ETH) futures contracts for its Valkyrie Bitcoin and Ether Strategy ETF (BTF.O). Additionally, the firm will unwind any positions in Ethereum that it has already acquired.  

Digital Assets

Hong Kong police arrest 18 in $1.5B billion JPEX fraud

The investigation into the JPEX crypto exchange scandal continues to unfold as Hong Kong and Macau police arrest four more individuals. These arrests, which include individuals considered “relatively close to the core” of the scandal, bring the total number of detentions to 18.

Digital Assets

Gemini tells Dutch users to withdraw assets by November 17

Gemini, the cryptocurrency exchange founded by Cameron and Tyler Winklevoss, announced that it will cease providing services to customers in the Netherlands, citing regulatory requirements imposed by the country’s central bank.

Digital Assets

SEC puts BlackRock, Valkyrie, and Bitwise Bitcoin ETFs on hold

The U.S. Securities and Exchange Commission has delayed its decisions on several bitcoin exchange-traded fund (ETF) proposals, leaving many in the crypto industry feeling pessimistic for any future blessing from the agency.

Digital Assets

Ripple backs out of Fortress Trust acquisition

Ripple has decided to cancel its planned acquisition of Fortress Trust, a custodian company, less than a month after initially announcing the agreement.


France regulators blacklists 21 FX brokers, FuturBTC

France’s financial markets regulator, the Autorité des Marchés Financiers (AMF), today shed light on several unregulated forex brokers representing their offering under several brands. Notably, the AMF has identified only one crypto-assets provider in its latest warning.  

Digital Assets

Flare and Arkham Collaborate for Enhanced Decentralized Data Access

Flare’s blockchain for decentralized data acquisition integrates with Arkham’s Intelligence Platform, offering users advanced analytics and actionable on-chain insights.

Industry News

iFX EXPO International 2023 Successfully Concludes

The most talked about financial event of the year took place in Limassol, Cyprus.

Retail FX

Plus500 Forex Garners Market Attention In The Latest Expert Ranking

Securing the 58th spot in Traders Union’s Best Forex Brokers of 2023 ranking, Plus500, despite its cautionary overall score of 6.3 out of 10, stands out for its stringent regulatory compliance, user-centric WebTrader platform, and a commendable focus on account security, though it lags in providing advanced trading tools and trust management features.