In 2014, Westpac bank invaded Nicky Hager's privacy, handing over ten months of transaction records to police without a warrant or a remotely credible justification. The Privacy Commissioner subsequently found that this was a breach of privacy. And now, to avoid a formal ruling to that effect from the Human Rights Review Tribunal, they've finally admitted it, paid compensation, and agreed to change their terms of service to preclude such releases in future:
Westpac has reached a settlement with journalist Nicky Hager, admitting it was wrong to give his bank account information to police.
[...]
In a statement, Westpac said it now requires a court order before it will release customer information to the police and is changing its privacy policy to reflect that.
"Westpac's practice at that time was to comply with such requests in the belief that it was entitled to do so under the Privacy Act. However, in the light of the public discussion of Mr Hager's and other cases, it is clear that bank customers reasonably expect that in similar circumstances such data will be kept private."
The company has apologised to Mr Hager for distress caused to him and his family, and agreed to make a payment to him and a contribution to his costs.
Mr Hager's lawyer Felix Geiringer said Westpac had made a contractual promise to its customers it would never act in this way again.
Which is a huge benefit to Westpac's customers. And hopefully other banks will be forced to follow suit as well. But while police will now likely require production orders to obtain this information in future, there's still the problem that there's no public reporting on them whatsoever, and they seem to be used for all sorts of abuses (e.g. grabbing their critics' phone metadata and text messages). Ultimately, protecting our privacy means protecting it from the police, which means putting more checks on them. Until we do this, abusive police behaviour will continue.