Collecting accurate and relevant client information is essential to meet the stringent customer identification procedures contained in the Anti-Money Laundering and Counter-Terrorism Financing Rules ("AML/CTF Rules"). In addition, Australian Financial Services Licensees and Australian Credit Licensees ("Licensees") must adhere to strict data protection protocols and privacy regulations while handling and storing their clients' personal information.
In the current environment where data breaches and privacy concerns are on the rise, licensees face unprecedented challenges in protecting client information. The Notifiable Data Breaches Report published for the second half of 2022 revealed a 26% surge in data breaches during that period, with the majority of large-scale breaches (34 out of 40) attributed to cybersecurity incidents.
The Australian Information Commissioner and Privacy Commissioner Falk noted at Privacy Awareness Week in May that "there is no better time than now to review your organisation's privacy practices to make sure they have the basics covered." By doing so, Licensees will not only ensure compliance with current legal requirements, across a number of key compliance areas.
Keeping Your Data Safe
Lessons learned from data breaches confirm that keeping personal information confidential and secure is paramount to prevent unauthorised access. To mitigate data breach risks, Licensees should consider the following measures:
- Conduct regular staff training on cybersecurity awareness
- Collect only the minimum required personal information
- Implement robust cybersecurity measures, such as encryption and access controls
- Implement strong passwords and multi-factor authentication
- Conduct vulnerability assessments (stress-testing)
- Establish incident response plans
- Adopt de-identification techniques in accordance with applicable regulations
- Conduct audits of the collected information and promptly delete personal data when it is no longer needed.
Document Retention: Safeguarding Information Lifecycle
Our Document Retention Policy Templates for Licensees: ACL Document Retention Policy Template and AFSL Document Retention Policy Template outline the obligations that apply to the collection, management and destruction of client data in accordance with regulatory requirements and record-keeping standards.
Implementing a strong Document Retention Policy also assists Licensees to securely collect, store, and manage client data. Prioritising responsible data management not only protects individuals' privacy but also builds trust and credibility within the industry.
Further Reading