A formal complaint has been lodged with the federal privacy commissioner to determine whether Australia’s banking industry is breaching local privacy laws by using the Society for Worldwide Interbank Financial Telecommunications (Swift) network.The Swift network, which processes international funds transfers and is used by the Commonwealth Bank Group, Westpac Banking and ANZ National Bank, has been accused of breaking European data-protection laws by sharing personal information with U.S. authorities.Anna Johnston, chair of the Australian Privacy Foundation, said the privacy of Australian’s banking records has been put at risk by a third party, namely Swift, passing on records to the U.S. government.The U.S. government ordered Swift to share a host of information about people and companies around the world following the Sept. 11, 2001, terrorist attacks, as the data was deemed essential in tracing how terrorism was financed. However, European data-protection laws outlaw the transfer of personal data outside the European Union if the country receiving the information has weaker privacy protection laws.Both Swift and the European Central Bank (ECB) have been accused of breaking Belgian and European data-protection laws by sharing data deemed private and personal with U.S. authorities. Johnston said the foundation is concerned Australian banks and other financial institutions using the Swift service may be in breach of the Australian Privacy Act.“As if the practice of banks offshoring customer records wasn’t bad enough, now we discover that Swift, the organization that processes international fund transfers for Australian banks, has been giving banking records to the U.S. administration for several years,” Johnston said.“Our banking records have already been compromised by the actions of Swift in allowing the U.S. government to gain access to Australian banking records without independent judicial oversight.“If Australian privacy laws cannot be enforced in this case, then all this talk by the treasurer and attorney general about how Australia’s tough privacy laws prevent our banking records leaving this country is completely meaningless.”The foundation has submitted a complaint to the privacy commissioner to investigate whether customer records are leaving the country.Under local privacy laws, records cannot leave Australia unless safeguards are attached. While the Australian Banking Association (ABA) was unwilling to comment, the Swift 2005 annual report shows 11 banks and 88 financial institutions in Australia sent more than 3 million messages over the SWIFTNet FIN service last year.However, the privacy commissioner cannot investigate Swift itself because the organization is based in Belgium, which is outside the commissioner’s jurisdiction.Swift and the ECB have not been fined for breaching European privacy laws, but ECB chief Jean-Claude Trichet admitted a global framework is required to deal with this problem.“The problem is ongoing. The system we have in place is imperfect,” Trichet said. “It is very important to clarify the situation and work out what to do about such data transfers across the Atlantic.“Any agreement between the European Union and the United States should then form the basis for a global situation because the problem is worldwide.”European parliamentarians drew a parallel between the Swift data-sharing case and ongoing attempts to forge an agreement allowing U.S. authorities access to airline passenger information.In June this year, the European Court of Justice branded a U.S. mandate requiring passenger information to be sent to U.S. authorities prior to travelers arriving in the country as illegal because the data may not be adequately protected.Australian airlines fully comply with the U.S. mandate, and the federal government claims passenger data is secure.However, Qantas has confirmed that local passenger data is held in Germany and is subject to the strict European data laws. “Our customer data is held in an offshore facility with Amadeus,” the spokesperson said.“The data is held in Germany and subject to the EEC data laws, which if anything are more stringent than Australian data-protection laws.”By Michael Crawford, Computerworld AustraliaKeep checking in at our Security Feed for updated news coverage. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe