Helpious LogoHelpious

Can financial institutions share my personal information in Australia?

Answer

Yes, financial institutions in Australia can share your personal information, but they are bound by strict privacy laws and principles that dictate when and how this can occur.

Office of the Australian Information Commissioner (OAIC)
R
Robert JasonContent Researcher
Verified
Last UpdatedMay 3, 2026

Was this helpful?

13 readers found this helpful

How it works in practice

Legal Framework for Data Sharing

Financial institutions in Australia, like all other organizations covered by the Privacy Act 1988, must comply with the Australian Privacy Principles (APPs). These principles regulate the collection, use, storage, and disclosure of personal information. Generally, an institution can only share your information if you have given your express consent, if it's required or authorized by law (e.g., to government bodies like AUSTRAC), or if it's for a purpose directly related to their primary function for which you would reasonably expect disclosure.

Protecting Your Information

While sharing is permissible under certain conditions, financial institutions have a legal obligation to protect your data. They must take reasonable steps to secure your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. This includes implementing robust cybersecurity measures and ensuring their third-party partners also adhere to these standards. The recent Consumer Data Right (CDR) further empowers you by giving you more control over your financial data and who it is shared with.

Important exceptions

Financial institutions can share your data without explicit consent under specific circumstances, such as responding to a court order or subpoena, reporting suspicious transactions to AUSTRAC to combat financial crime, or if it is necessary to prevent a serious threat to life, health, or safety. They can also share de-identified data for research or statistical purposes, as this information can no longer be linked back to you. Be aware that opting into new services, like the Consumer Data Right (CDR), grants permission for data sharing under that specific framework.

What you should do now

  1. Review the privacy policy of your financial institution to understand how they collect, use, and share your personal information.

  2. Opt-out of direct marketing communications if you do not wish for your information to be used for promotional purposes.

  3. Exercise your rights to access your personal information or request corrections if you believe it is inaccurate.

  4. Be cautious when giving consent to third-party apps or services to access your financial data, and understand the scope of that access.

  5. Lodge a complaint with your financial institution and, if unsatisfied, with the OAIC or the Australian Financial Complaints Authority (AFCA) if you suspect a privacy breach.

Expert Notes

No expert notes have been added to this question yet.

People also asked

Explore highly relevant questions and get instant verified short answers.

Can't find an answer?
Submit your question below. If we publish an answer, it will appear in the "People also asked" section on this page.

We'll notify you if your question is answered. We won't use your email for anything else.