How bank disclosure of customer information work for security
Bank disclosure of customer information has to protect your personal and banking-related information, but there are situations in which it can release this information.
Bank disclosure of customer information has a legal duty to protect the confidentiality of existing and former customers. Bank disclosure of customer information also has obligations under the Privacy Act 1993, which contains 12 privacy principles about personal information. In the banking sector, these principles govern:
- banks’ collection and storage of customer information
- customers’ rights to access and correct information about themselves
- the disclosure of personal information.
We can consider complaints about breaches of privacy and duty of confidence. Sometimes we refer a privacy complaint to the Office of the Privacy Commissioner if we consider that office would better deal with it. An example would be if a customer sought compensation that exceeded our limit.
Concepts similar, but not the same
A duty of confidence and the legal obligation to protect privacy are similar but not the same. The former applies to information about individuals and businesses, the latter to information about individuals only (and that includes bank staff).
Suppose a complaint requires us to look into the behavior of a staff member. In that case, we can ask the bank to the disclose of customer information to tell us what systems or process changes it has put in place to correct a problem.
Still, we cannot seek information about any disciplinary or other action the bank disclosure of customer information may have taken against that individual.
When Banks Required to Disclose Customer Information
Bank has an obligation to take the utmost care in keeping secrecy about the account of their customers. But a banker will be justified in disclosing information about his customer’s account on reasonable and proper occasions as stated below:
Disclosure of information as required by law
A banker is under a statutory obligation to disclose the information relating to his customer’s account when the law specifies required to do so.
The banker would, therefore, be justified in disclosing information to meet the following statutory requirements:
- Under income tax act.
- Under the company acts.
- Disclose to the Police.
- Under the foreign exchange regulation act.
Disclose permitted by the banker’s practices and usages
The practices and usages customary amongst bankers permit the disclosure of certain information under the following circumstances:
With express or implied consent of the customer
The will be justifiable in disclosing any information relating to his customer’s account with the latter’s consent. The consent of customers may be expressed or implied.
To protect his own interest.
The banker may disclose the state of his customer’s account in order to protect his own interest legally.
Banker follows the practice of making necessary esquires about the customers, their sureties, or the acceptors of the bills from other bankers.
This is an established practice amongst the banker and is justifiable on the ground that an implied consent of the customer is presumed to exist.
Disclosing confidential information
There are four broad situations in which a bank disclosure of customer information can lawfully disclose confidential information:
- When the law compels it to: Banks sometimes have to give evidence about a customer’s affairs in court. Bank disclosure of customer information can also be required to give information to the Inland Revenue Department (under the Tax Administration Act 1994), to the Ministry of Social Development (under the Social Security Act 1964), and to a company liquidator (under the Companies Act 1993). Banks are also required to report suspicious transactions to Police (under the Financial Transactions Reporting Act 1996 and Anti-Money Laundering and Countering Financing of Terrorism Act 2009).
- When it has a public duty to: This applies when there is a danger to the state or when the wider public needs protection against crime. A bank disclosure of customer information needs to balance the public interest with respecting a customer’s right to privacy when it considers providing information about that person to a third party.
- When a bank must disclose information to protect its interests: This applies when a bank takes legal action against a customer (such as to recover a debt) or defends an action from a customer and needs to provide information about the customer’s affairs.
- When a customer agrees: A bank can disclose customer information if the customer agrees. A bank must ensure the information is correct and within the scope of the customer’s consent. A customer may, for example, agree to the bank’s disclosure of information about one account only. If the bank releases information about other accounts, it breaches its confidence duty.
When a bank breaches confidentiality or privacy
Suppose we consider a complaint about a breach of confidence or privacy to be valid (whether accidental or deliberate); we assess whether this has resulted in a direct financial loss to the customer and, if so, award compensation.
We also look at whether the customer has suffered distress, embarrassment, or inconvenience. We must be satisfied any distress, embarrassment, or inconvenience warrants a compensation payment. Sometimes customers submit substantial claims for minor frustration or inconvenience.
We are unlikely to award compensation for minor mistakes that have little or no harmful effects. Banks are also required to report suspicious transactions to Police (under the Financial Transactions Reporting Act 1996 and Anti-Money Laundering and Countering Financing of Terrorism Act 2009).
Duty to the public to disclose
The banker may justify disclosing any information relating to his customer’s account when it is his duty to the public to disclose such information; such a situation is:
- When a bank asks for information from government officials concerning the commission of a crime.
- The bank considered that the customer was involved in activities prejudicial to the country’s interest.
- Where the bank’s book reveals that the customer is contravening the provision of any law.
- Where sizable fund arc is received from foreign countries by a constituent.
Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.
PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.