Australia’s Commonwealth Bank to review customer data policies

(Reuters) — Commonwealth Bank of Australia said Thursday it will review how it handles customer data as part of an agreement with Australia’s information commissioner after the bank admitted to losing records in the past.

The agreement follows incidents when the country’s top lender lost records of almost 20 million accounts and decided to not inform its clients.

Under the legally binding agreement known as an enforceable undertaking, the bank will review how it deals with internal records, including how it is stored and who has access to the data, CBA said in a statement.

“‘We have offered this EU as a demonstration of our continued commitment to appropriately managing the privacy of customer personal information,”‘ said Group Chief Risk Officer Nigel Williams.

CBA faced criticism last year for its handling of the data breach after the lender found that in May 2016 it had lost two magnetic tapes containing 15 years of data on customer names, addresses and account numbers for 19.8 million accounts.

CBA has 90 days to submit a plan to the Office of the Australian Information Commissioner.