The Australian Prudential Regulation Authority (APRA) has released its final guidance on the management of data risk for Authorised Deposit Taking Institutions, here.

Prudential Practice Guide CPG 235 Managing Data Risk (CPG 235) aims to assist APRA regulated institutions by providing high-level guidance on how to manage and control data risks, including such things as:

  • data and information security;
  • inaccurate data;
  • disclosure of sensitive data; and
  • outsourcing issues.

CPG235 is not legally binding, but outlines the assessment and ongoing management of data risks that APRA expects boards and senior management to undertake by adopting a systematic and formalised approach to managing data risks.

The Privacy Act (Cth) 1988 and the impending amendments which will come into force on 12 March 2014 are legally binding and in implementing the CPG recommendations, ADIs should also consider the far reaching impact of these amendments.

If you need help in understanding CPG235 or the amendments to the Privacy Act, and how they will impact on your business, please click here.