Community
Banks and their customers have very different ideas about what constitutes "sensitive data", and what communication should take place if data security is compromised. And one bank in particular has an interesting approach to managing the media fall-out when such a lapse occurs.
Over the past 6 weeks, a journalist at Computerworld Australia has written several stories covering a breach of security policy by an employee of HSBC Australia who left a file containing customer information on a train. Now she says she has recieved letters threatening legal action from the bank.
The journalist had contacted several of the customers whose data (including account details, property information, mortgage documents and photocopies of deposit cheques) was exposed. In her second story about the affair she reported the customers' outrage that their bank didn't think it necessary to let them know their data was involved in the incident.
Australia, unlike some other places (notably California), doesn't have any legislation that requires banks to notify customers if their data is exposed. But customers apparently expect this as a matter of courtesy.
In its letters to the journalist, HSBC claimed that she had breached the Privacy Act by sighting the missing documents first hand. It also threatened to "seek damages" if she contacted any of their customers, especially those that had their financial details exposed in the security breach. This sounds like standard legal bluster and overkill, but the bank does seem more worried about damage to its reputation than any damage the security lapse could cause its clients.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.