The Code Compliance Monitoring Committee (the CCMC) is an independent compliance monitoring body established under clause 36 of the 2013 Code of Banking Practice (the Code).
Purpose of the Policy
This Policy is intended to ensure that the privacy of individuals is protected in the collection, use, disclosure and storage of personal information by the CCMC.
- A copy of the Australian Privacy Principles is available on the website of the Office of the Australian Information Commissioner (OAIC).
- The OAIC’s guidance on the Australian Privacy Principles is available here.
2. The CCMC will also comply with its Privacy and Confidentiality obligations under the Code and the CCMC Mandate as they apply to information provided to it by Code subscribers and parties to CCMC investigations.
- A copy of the 2013 Code and CCMC Mandate are available on the CCMC’s website here.
3. The CCMC will take reasonable steps to ensure that the employees, consultants, independent contractors or agents of the CCMC will abide by the obligations under this Policy.
Functions and Activities of the CCMC
The Australian Privacy Principles require the CCMC to include certain information in this Policy. This information is provided below.
In accordance with Australian Privacy Principle 1.4(c), the collection, use and disclosure of personal information by the CCMC will be done for the purpose of carrying out its functions and activities. The key functions of the CCMC are set out in the Code and the CCMC Mandate and include:
- investigating and determining allegations from any person that a code subscribing bank (the bank(s)) has breached the Code;
- monitoring banks’ compliance with the Code, including initiating its own Inquiries into banks’ compliance with the Code; and
- monitoring aspects of the Code referred to the CCMC by the Australian Banking Association (the ABA).
The CCMC will seek the consent of an individual before disclosing that person’s personal information to a third party. In most cases the disclosures will be limited to the relevant bank about which an individual has lodged a Code compliance concern to the CCMC.
The CCMC may provide information to individuals about the functions, activities and jurisdiction of the CCMC and information about other entities that may assist the individual.
In accordance with Australian Privacy Principle 1.4(a), the personal information that the CCMC may collect and hold about an individual includes:
- telephone numbers;
- email addresses;
- dates of birth; and
In accordance with Australian Privacy Principle 1.4(b), the CCMC collects personal information in the following ways:
- by email;
- by written correspondence;
- via an online form published on the CCMC’s website
- by telephone or in person; and
The personal information of persons who engage with the CCMC will be securely stored:
- in electronic form on the CCMC’s computer systems; and
- as physical document files in locked cabinets.
Anonymity and pseudonymity
In accordance with Australian Privacy Principles 2 and 5.2(e), individuals may choose not to identify themselves, or to use a pseudonym, when dealing with the CCMC. However where this occurs the CCMC may not be able to carry out some or all of the functions for which personal information is required, including investigating an allegation, where certain personal information has not been provided.
Individuals who contact the CCMC by telephone are not required to disclose their identity, but may be asked to provide non identifying information such as their postcode for statistical purposes.
In accordance with Australian Privacy Principles 1.4(f), 1.4(g) and 5.2(i), the CCMC is unlikely to disclose personal information to overseas recipients without the permission of the individual unless the disclosure is required by an Australian law or a court/tribunal order.
Contacting the CCMC
In accordance with Australian Privacy Principle 1.4(d), any individual who wishes to gain access to personal information held by the CCMC about themselves or seek a correction to that information should write to the Chief Executive Officer of the CCMC.
In accordance with Australian Privacy Principle 1.4(e), a complaint about a breach of the Australian Privacy Principles by the CCMC can be made to the Chief Executive Officer who will investigate the complaint and provide a timely response.
The contact details for these purposes are as follows:
The Chief Executive Officer
Code Compliance Monitoring Committee
P.O. Box 14240
Telephone: 1800 931 678 (ask for the Code Compliance and Monitoring team)