19 August 2017
Elton Cane

Elton Cane

Elton Cane - writer & tech geek

116Posts 521,104Views 54Comments
Information Security

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

HSBC Australia shoots the messenger

04 May 2007  |  3995 views  |  0

Banks and their customers have very different ideas about what constitutes "sensitive data", and what communication should take place if data security is compromised. And one bank in particular has an interesting approach to managing the media fall-out when such a lapse occurs.  

Over the past 6 weeks, a journalist at Computerworld Australia has written several stories covering a breach of security policy by an employee of HSBC Australia who left a file containing customer information on a train. Now she says she has recieved letters threatening legal action from the bank.

The journalist had contacted several of the customers whose data (including account details, property information, mortgage documents and photocopies of deposit cheques) was exposed. In her second story about the affair she reported the customers' outrage that their bank didn't think it necessary to let them know their data was involved in the incident.

Australia, unlike some other places (notably California), doesn't have any legislation that requires banks to notify customers if their data is exposed. But customers apparently expect this as a matter of courtesy.

In its letters to the journalist, HSBC claimed that she had breached the Privacy Act by sighting the missing documents first hand. It also threatened to "seek damages" if she contacted any of their customers, especially those that had their financial details exposed in the security breach. This sounds like standard legal bluster and overkill, but the bank does seem more worried about damage to its reputation than any damage the security lapse could cause its clients.

HSBC defends its position by claiming that its actions after the lapse were within the scope of the country's laws. And it did notify the Office of the Federal Privacy Commissioner (which subsequently did nothing). But rather than sending its legal team after the journalist for reporting that its customers are unhappy, I think it would be better off expending some resources in understanding what its customers expect in such situations, and behaving accordingly.
TagsSecurityRetail banking

Comments: (0)

Comment on this story (membership required)

Latest posts from Elton

Would you pay to put your mortgage out to tender?

18 September 2014  |  2912 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineRetail bankingGroupFuture Finance

Contactless payments are not a choice

29 August 2014  |  4226 views  |  4 comments | recomends Recommends 0 TagsCardsSecurityGroupFuture Finance

Cryptocurrency can cure cancer

07 August 2014  |  2445 views  |  1 comments | recomends Recommends 0 TagsBlockchainInnovationGroupFuture Finance

Will regulation strangle or enable 'quasi-banks'?

26 March 2014  |  6269 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationInnovationGroupFuture Finance

Good at maths? Ask your bank for a better mortgage rate

03 March 2014  |  3616 views  |  0 comments | recomends Recommends 1 TagsRisk & regulationRetail bankingGroupFuture Finance

Elton's profile

job title Journalist copywriter and marketer
location Brisbane
member since 2012
Summary profile See full profile »
Writer and media production person

Elton's expertise

Member since 2007
116 posts54 comments

Who's commenting on Elton's posts