Privacy case note: A and Financial Institution

In A and Financial Institution [2012] AICmrCN 1 the Privacy Commissioner dealt with a complaint from a customer of a financial institution that a mobile phone number provided for security purposes in an internet banking application was used 5 years later by a company marketing insurance products for the financial institution.

The financial institution did not deny the complainant’s claims that the complainant had provided their mobile phone number for security identification purposes. The Commissioner considered the context of the collection of the mobile phone number, and took the view that the primary purpose of collection was to provide extra security protection for banking transactions. The Commissioner took the view that disclosing the mobile phone number for the secondary purpose of enabling the direct marketing company to contact the complainant was not related to the primary purpose of collection.

The financial institution advised the Commissioner that it sent the complainant a letter about its insurance products a week before the complainant received the telephone calls. A notice in fine print at the back of the letter stated that the financial institution would send the complainant’s mobile phone number to the financial institution’s contract company, to call the complainant, unless the complainant contacted a specified number to advise they wanted to be excluded from the calling program.

The financial institution considered that, because the complainant had not responded to the letter by calling to advise it did not want to participate in the calling program, it was entitled to assume that its disclosure of the complainant’s personal information, including the mobile phone number, was within the complainant’s reasonable expectations.

The parties conciliated the matter. To resolve the matter the complainant accepted a letter of apology and assurances from the financial institution that the complainant would not be included in any future marketing campaigns. The financial institution also undertook to conduct a review of its marketing campaign procedures.

The Commissioner accepted that the complainant was unlikely to have closely read the correspondence as the letter sent by the financial institution was about a service that the complainant was not interested in receiving from that organisation.

Further, the Commissioner noted that the information aimed at advising the recipient of the intention to disclose the mobile number for direct marketing purposes was included as part of additional information located on the back of the correspondence. This information entitled ‘Important Information’, was not only on the back of the correspondence but was also in extremely small font which could seem contrary to it being important information.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.