Office of the Australian Information Commissioner to improve data handling


In June, the Office of the Australian Information Commissioner (OAIC) revealed that the Commonwealth Bank of Australia (CBA) had put pen to paper to commit to improving the way it handles customer data.

The court-enforceable undertaking signed by the OAIC followed two potential data breach incidents taking place in Australia. The first of these related to the Commonwealth Bank of Australia’s inability to confirm their destruction of magnetic tapes that held 19.8 million customer records.

The tapes should have been destroyed when Fuji Xerox was putting a CBA data centre through decommissioning.

The second suspected data breach incident took place when the OAIC discovered poor standards of access controls on customer information held by the bank.

In the OAIC’s report of the notifiable data breaches (NDB) programme in its first four complete quarters, the finance sector was shown to have sustained the second-highest number breaches in the year-long time-frame covered by the report. The health sector was found to have sustained the most data breaches.

With regards to the financial services organisations, 41% of the breaches sustained were found to be caused by human error. This total was above the average of 35% down to human error across all other reviewed sectors.

The OAIC said:

“Like the health sector, a number of these data breaches were the result of personal information sent to the wrong recipient.

“Finance has also long been a target of cybercriminals given the financial rewards possible, and attacks on the industry have been observed to have risen in recent years. Accordingly, a high proportion of finance sector breaches—56 per cent—were attributed to malicious or criminal attacks,” it added.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.