Open banking and the reality of data breaches

  • By Christine St Anne

With data breaches emerging as a consistent theme in the news, could these breaches now become the norm as Australia moves to an open data framework. 

The Facebook/Cambridge Analytica fallout and other compliance issues such as the Equifax data breach in the UK have dominated the news. 

And just last month National Australia Bank apologised to 13,000 customers for a data breach due to human error.

“Unfortunately, as we move into a data driven society, the reality is that we will continue to have data breaches,” MoneyPlace founder Stuart Stoyan said.

It’s a comment he makes within the prism of open banking and comprehensive credit reporting – two regulatory approaches that will indeed open up Australia’s data. 

“There are occasionally car crashes on the road. Do we say immediately that we should ban cars? No, we don't. Open data will be a key part of the industry and what we need to do is ensure that there are robust standards,” Stoyan said. 

“People and businesses who are participating in the data economy, therefore, need to follow the appropriate standards and protocols that protect data.”  

However, EY Oceania cyber security leader Anthony Robinson said data breaches will continue to grow despite the advent of open banking. 

“I don’t think open banking in itself will be a driver for increased breaches,” Robinson said. 

“Organisations today are capturing more information about individuals than they have in the past. The volume of data that the sector is collecting is continuing to grow in value,” he said. 

“Therefore, the motivation of cyber criminals seeking value from that data will continue to grow.”

As highlighted earlier by Stoyan it will be about putting in the right processes place in order to minimise these breaches. 

Part of the approach will be around accrediting third parties who want to gain access to consumer data. 

Robinson highlights that different levels of accreditation – developed by Data 61- will be applied to those third parties wanting to access customer data.

So, for example, third parties wanting to access detailed transaction history will have a higher level of accreditation applied to them than those parties that only want to have access to a certain level of data – for example savings accounts and mortgages.

“Data 61 and other bodies involved in open banking have spent a lot of time thinking about how to get the trust model correct in terms of who is liable for issues if data is shared inappropriately,” Robinson said. 

The full report is included in this month’s AB+F Magazine