Now that thehave come into effect, Australia's big four banks have been forced to provide full disclosure on what information they are collecting about their customers, how it is collected, and how it is being used.
Aside from the usual identity data and contact details, other common personal details the banks are collecting about their customers include gender, marital status, and financial information, such as tax file number.
Also, where applicable, such as for insurance purposes, health information is being collected by all the banks, too.
"For example, if you apply for credit, we may need to obtain a credit report from a credit reporting body. If you apply for life or income protection insurance, we may collect medical and lifestyle information from you or your health professionals."
Similarly, National Australia Bank said it collects "other information" it deems "necessary".
"Sometimes, we need to collect sensitive information about you, for instance in relation to some insurance applications. This could include things like medical checks, medical consultation reports, or other information about your health," said NAB, which is only able to collect sensitive information about individuals with their consent as part of the new reforms.
The banks are also taking advantage of publicly available information about individuals. For example, from public registers, social media, or any information made available by third parties.
"Generally, we only collect this sort of information if it is necessary to provide you with a specific product or service and you have consented to that collection," Westpac said.
"For example, we may collect health information about you to process a claim under an insurance policy or collect voice biometric information to verify your identity or authorise transactions."
The explanations given by the big four in their privacy policies to help customers understand why they need the above information are relatively similar. They each claim that the information enables them to personally assess and identify suitable products and services for individuals, which will help improve their relationship with their customers, as well as the customers' banking experience.
Both Westpac and St George suggest that if individuals restrict their access to information they request, then they "may not be able to deliver all of those services effectively".
At the same time, the banks justify their information collection for the purpose of managing and using the information to investigate any potential fraud activities, comply with legal obligations as banks, and assist government and law enforcement agencies or regulators.
While the amendments have been designed to give greater rights to individuals, there are some eyebrow raisers as to how the banks have interpreted this.
For example, customers now have the right to request from organisations access to their personal information. But for Commonwealth Bank customers, they can obtain access to "basic information" by visiting a branch, going online or calling them, which often will not incur a fee, but, in some cases, the bank may charge an access fee, depending on the time that is spent on "locating, compiling, and explaining the information" that is requested.
"Generally, the access charge is based on an hourly rate plus any photocopying costs or other out-of-pocket expenses. You'll need to make the payment before we start, unless you've authorised us to debit your account," Commonwealth Bank outlines in its policy.
Additionally, individuals now have the opportunity to opt out of receiving direct marketing communications as part of the privacy reforms. In accordance to this, NAB, for instance, said it will process an individual's request to opt out of its direct marketing, but will do so "as soon as practicable".