Galexia

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

Q56 – Should the status of the cl 21.2 guidelines be changed to make these provisions contractually binding requirements?

Consumer stakeholders believe that some of the privacy guidelines in the current Code should be revised and implemented as contractually binding requirements. It is confusing and inconsistent for some provisions of the Code to be binding and for others to be mere guidance. This Review is an opportunity to clarify this situation.

The binding privacy clauses should be:

  • Clause 21.2 (a) Surveillance
    This Clause ensures that where a person calls a customer care hotline they are warned before the call is recorded. Similarly, ATMs using video surveillance must carry a notice to that effect. It is unlikely the same level of certainty could be achieved by relying on the vague National Privacy Principles (NPPs) in the Privacy Act; and
  • Clause 21.2 (c) Transaction receipts
    This Clause ensures that key personal information is not disclosed when receipts are misplaced. It is uncertain whether the NPPs could be relied upon to achieve this result as the information is initially disclosed to the consumer, and the NPPs are designed to cover third party disclosure. However, it is clear that receipts do represent a significant security risk as they are easily forgotten at the counter or misplaced.

The two other clauses (Clause 21.2 (b) Authorisation and Clause 21.2 (d) Privacy Policies) could be safely removed from the Code. These appear to be adequately covered by the NPPs and industry practice.