ANZ’s privacy and data protection manager Hannah Johnston was a recent guest speaker at our last Technology and Privacy Forum for 2014 and she gave a comprehensive overview about what the bank – New Zealand’s third largest employer after its merger with the National Bank – was doing to protect customer privacy.
Hannah had just broken a foot while kite surfing, so it was ‘above and beyond’ to still make herself available for the presentation despite wearing a moon boot and handling crutches.
Her topic to an audience of over 70 people at the National Library meeting venue last month was ANZ’s practical approach to privacy compliance. Hannah joined ANZ in 2011 in the Risk Division and has worked in a variety of compliance and regulatory roles, so she was well versed in the subject.
Her presentation told the story of ANZ’s review of disclosure incidents and the new training programme it has developed to help reduce the number of incidents. A startling finding of ANZ’s review was that 90 percent of incidents resulted from human error, nine percent were systems issues, and one percent occurred where data was not de-identified.
Hannah played us some of the ANZ staff training ‘A day in the life’ videos that the bank commissioned as part of their new privacy programme. The video focuses on four situations – sending information to the wrong person, sending mail for more than one person in the same envelope, disclosing information over the phone to the wrong person and showing account information on a computer screen to someone other than the account holder.
The videos have a humorous angle and I can imagine they were a hit with staff, given our Technology and Privacy Forum audience clearly enjoyed what it saw of them.
ANZ’s package of measures to improve staff privacy practice includes the videos, 15 minute face-to-face training sessions and a takeaway bookmark. On the technology side, ANZ also has security and privacy features available for staff to use. These include privacy screens, email encryption, and recommendations that staff turn off auto-complete, impose an email send delay, and use secure information exchange techniques such as encryption.
Since its new training programme went live earlier this year, ANZ has seen a spike in incident reporting and faster handling of those incidents. The next step will be for the bank to consider making some of its employee guidance mandatory.
The presentation was a top effort by Hannah and we wish her a speedy recovery. If you want to see the slides that accompanied her presentation, you can find them here.