What is an EU?
An enforceable undertaking is a written agreement between CBA and the Information Commissioner in which CBA agrees to perform certain actions which are enforceable against CBA in the Federal Court.
Do I have to do anything?
There is no action for our customers.
If you wish, customers can contact us and ask to view their information that we hold. They can do this by visiting a branch or calling us on 13 22 21, or in some instances filling out a request form.
Are my details safe?
CBA has no found no evidence to date that our customers’ personal information was compromised, or that there have been any instances of unauthorised access by CBA employees or third parties.
The security of our customers’ personal information is a key priority for Commonwealth Bank, and we are committed to improving, on an ongoing basis, our processes and controls that relate to data privacy.
What steps has CBA taken to ensure this does not happen again?
Following both incidents, we took immediate steps to conduct comprehensive investigations, engage external experts to provide independent oversight, and engage proactively and cooperate fully with the OAIC.
The work we are doing as part of this EU will ensure all relevant policies, systems, processes and procedures are reviewed and built to better protect our customers and their data.
The Commissioner has acknowledged the significant work we have done, and continue to do, to prevent future data incidents.
Security of our customers’ personal information continues to be our top priority.