We are committed to ensuring the continued integrity and security of personal information we collect.
The privacy, safety and security of our customers and their data is of the utmost importance to us.
We appreciate that the success of our business is largely dependent upon a relationship of trust being established and maintained with past, current and prospective customers, shareholders and other individuals with whom we conduct business. We continue to collect and manage personal information with a high degree of diligence and care.
Across geographies and sectors, we have seen an increase in cyber security threats and fraudulent behaviour. While no one is immune, we recognise there are steps we can all take to mitigate risk. Our response is multi-faceted and includes upgrading technology, consideration of how we train and educate our people and stakeholders, and constantly working to improve our risk culture, controls and governance processes across our business.
Prioritising privacy to protect customer data
In the day-to-day running of our business, we collect and store customers’ personal information. As a Bank we are committed to safeguarding this information and have the responsibility to do so under the Privacy Act. We do this by:
- Providing mandatory privacy training;
- Publishing our Privacy Policy and other associated policies and documents;
- Complying with our obligations under the Australian Privacy Principles;
- Continually improving data literacy;
- Embedding data ownership responsibilities;
- Ensuring that data and information is appropriately classified; and
- Conducting regular audits.
Preventing cyber security risks
Our holistic threat and risk-based strategy to cyber security is focused on building and maintaining a strong culture that supports our people to continuously enhance our governance, processes, controls and technology. This approach is critical to:
- Protecting customer data;
- Delivering safe and secure services to our customers and communities;
- Meeting our regulatory and legal obligations; and
- Supporting organisational transformation and change.
A strong emphasis is placed on the culture and people aspects of cyber security, driven through our embedded cyber security education and awareness program. This enterprise-wide program encompasses a variety of formal and informal activities for our workforce, including mandatory training, a phishing drill program, learning and education sessions and regular communication on cyber security topics through internal and external communication channels.
We invest in technology to support our cyber security strategy and we continue to implement new security and identity management technologies as part of our broader digital transformation. This reduces the likelihood of customer fraud and identity theft, as well as uplifting the trust our stakeholders place in our digital engagements and streamlining customer access. These new technologies, coupled with secure digital engagement systems, allow us to leverage modern authentication techniques to bring a best-of-breed, yet familiar and trusted experience for our customers.
Ensuring data governance and integrity
We are advancing a program of work to help drive greater understanding of data integrity and establish greater accountability across the organisation for the management of critical data.
This is integral to our ability to make data driven decisions, enabling business teams to have strong data foundations and improving data literacy and skills.