The Australian Banking Association (“ABA”) and its member banks believe that an individual’s right to privacy of their personal information is very important, and are committed to protecting and maintaining the privacy, accuracy and security of an individual’s personal and financial information.
Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
1. About the Australian Banking Association
The ABA is an incorporated association under the Associations Incorporation Act 2009 (New South Wales).2 The ABA is also a registered Australian body under Part 5B.2 of the Corporations Act 2001.
The ABA represents its member banks that are authorised to carry on banking business in Australia and have been given consent by the Australian Prudential Regulation Authority (APRA) under section 66 of Banking Act 1959 (Cth) to use the word “bank”. The ABA’s members are listed as such on the Australian Prudential Regulation Authority’s website from time to time.
The ABA serves its members in accordance with the ABA’s Mission Statement as well as its Constitution. The ABA, unlike its members, does not provide financial services to the public.
For more information about the ABA visit the What we do section of our website or contact the ABA directly (see “Contact details” below).
From 21 December 2001, the ABA has considered itself bound by the private sector provisions (other than the credit reporting provisions) of the Privacy Act 1988 (Cth) (“Privacy Act”).
Our policy is to comply with those provisions of the Privacy Act and that includes telling you about the ABA’s policies for handling personal information that we may collect, hold, use or disclose for the purposes of our functions and activities.
2.1. What personal information does the ABA collect and hold?
The personal information we collect and hold may include your name, title, date of birth, address, tax file number (where allowed by law to do so), other contact details and other information that we consider is reasonably necessary (such as information about your opinions, policies, statements and writings) so we can perform our legitimate functions and activities.
We will only collect sensitive personal information about you if we have your express or implied consent or if the law otherwise permits it.
Personal information that we collect is stored or held securely by the ABA or in archives maintained by a third party information storage provider.
2.2. How is personal information collected?
As well as collecting personal information from you directly, we collect personal information from oral sources, from correspondence and other written material either sent to us or from publicly available sources of personal information such as newspapers, electronic media, records of proceedings and public registers.
Where we consider that you may not be aware or would not have expected that we had collected personal information about you we will take such steps as are reasonable in the circumstances to let you know that we have collected the personal information, our purpose in collecting it, to whom the ABA would usually disclose the information and whether it is likely that we would disclose the information to overseas recipients including the countries in which those recipients are located if it is practicable for us to specify those countries.
2.3. Purposes of collecting, holding, using and disclosing personal information
Generally, we collect, hold, use and disclose your personal information for the purpose of pursuing our legitimate activities.
2.3.1 Specific purposes include:
- to enable us to communicate with our members and other organisations and individuals that are party to the banking environment; and
- to identify, understand and respond to policies, ideas, attitudes and opinions of those parties in representing the interests of the banks that are our members.
2.4. Disclosure of personal information
In line with common business practices, we may disclose personal information in compliance with the Australian Privacy Principles to:
- our member banks;
- those organisations as required or authorised by law; and
- external parties such as: your representatives, including your legal advisers;
- our representatives, such as our legal advisers;
- service providers such as printers and posting services and organisations involved in the provision and maintenance of our business systems and infrastructure; and
- those organisations where you have consented or you would have reasonably expected us to do so.
The ABA has relationships with other similar banking industry representative associations in other countries including with the International Banking Federation (IBFed). Membership of IBFed is at http://www.ibfed.org/members.
Occasionally, disclosures may occur outside Australia to overseas recipients in which case we will observe the applicable Australian Privacy Principles.
Otherwise, in connection with any specific occasion on which such a disclosure may occur, at or before the time we collected your personal information, it would not be practicable for us to specify the countries in which these recipients are likely to be located.
Where your personal information is disclosed, we will seek to ensure that the information is held, used or disclosed consistently with the applicable Australian Privacy Principles and other applicable privacy laws and codes.
2.5. Management of personal information
We will keep your personal information securely, having regard to its nature and source. Arrangements are in place to safeguard the information against unauthorised access, modification, disclosure and interference and from loss and misuse.
We will destroy or permanently de-identify your personal information we are holding when it is no longer needed for the purpose for which we collected it. When we destroy your personal information we will ensure that this is carried out properly and securely.
We train our staff about the requirements of the Privacy Act and the need for compliance with the Privacy Act. Additionally, we have a designated person within our office, the Director, Finance and Support, who is responsible for our overall compliance with the Privacy Act and this policy.
If you would like more information about how we manage your personal information please contact us (see “Contact details” below).
2.6. Access to personal information
You may request access to your personal information that we are holding (see “Contact details” below). Before giving you access we may need to establish your identity by sighting some form of identification or asking you some questions.
You may ask us to correct your personal information that we are holding if you believe it is incomplete, inaccurate, irrelevant, out of date or misleading.
This access is subject to some exceptions allowed by law. For example, we can deny you access where access would:
- be unlawful;
- pose a serious threat to the life, safety or health of an individual or to public health or safety;
- have an unreasonable impact on the privacy of others;
- involve disclosure of a commercially sensitive decision making process;
- prejudice enforcement activities such as criminal proceedings or negotiations with you; or
- reveal certain information relevant to legal dispute resolution proceedings.
We may also deny your request for access if it is frivolous or vexatious. We will give you reasons if we deny your request.
2.7. Complaints about privacy
If you believe the ABA has breached its obligations under the Privacy Act, you may complain to the Director, Finance and Support at the ABA.
Your complaint may be made by telephone, mail, email or fax (see “Contact details” below).
We will acknowledge receipt of your complaint within 2 business days and will attend to your complaint and endeavour to resolve it within 14 business days.
If, after this, you are not satisfied with the outcome, you are entitled to complain to the Federal Privacy Commissioner.
The office of the Privacy Commissioner can be contacted on 1300 363 992 or go to the Commissioner’s website at http://www.oaic.gov.au/about-us/contact-us-page
We are unable to handle or assist you with a privacy complaint involving a member bank. If you have a privacy complaint about a member bank, you should take up your complaint directly with the bank concerned.
2.8. Contact details
Director, Finance and Support
Telephone: (02) 8298 0450
Director, Finance and Support (Privacy)
Australian Banking Association
PO Box H218
AUSTRALIA SQUARE NSW 1215
3. Need more information?
If you would like more information about privacy and the Privacy Act (including the Australian Privacy Principles), you can access the Privacy Commissioner’s website at http://www.oaic.gov.au/privacy/privacy-news.