FOIREQ18/00027 007

s 22

s 22

From: Section 47F - personal privacy  [mailto:Section 47F - personal privacy ]  

Sent: Tuesday, 28 November 2017 12:42 PM 
To: Annan Boag <annan.boag@oaic.gov.au> 
Cc: GlobalRegRelations <GlobalRegRelations@cba.com.au> 
Subject: Heads up call to OAIC regarding low risk of harm privacy incident 

Dear Annan 
Thank you very much for your time on the telephone this morning, much appreciated.  As I mentioned, I just wanted to give the 
Commission a heads up on a low risk privacy incident which has occurred in our CommInsure business.  We do not consider the 
incident raises any risk of serious harm, and so does not necessitate a breach notification, but as I mentioned, in the interests of 
transparency we wanted to make you aware of this incident in case it were to attract any media attention. 

An outline of the incident: 
 In mid‐August we responded to a customer’s request for access to personal information. In the course of providing him
with access to his files, our CommInsure Customer Relations team inadvertently provided him with a copy of a Financial 
Ombudsman Service invoice listing 48 individual customer names (including his) 

1
 FOIREQ18/00027 009

Notifiable Data Breach Form

About this form

Notifiable Data Breach statement

This form is used to inform the Australian Information Commissioner of an

‘eligible data breach’ where required by the Privacy Act 1988.

Part one is the 'statement' about a data breach required by section 26WK of the Privacy Act. If you are required to
notify individuals of the breach, in your notification to those individuals you must provide them with the information
you have entered into part one of the form.

The OAIC encourages entities to voluntarily provide additional information about the eligible data breach in part two of
this form. Part two of the form is optional, but the OAIC may need to contact you to seek further information if you do
not complete this part of the form.

Before completing this form, we recommend that you read our resource What to include in an eligible data breach
statement.

If you are unsure whether your entity has experienced an eligible data breach, you may wish to review the Identifying
eligible data breaches resource.

The OAIC will send an acknowledgement of your statement about an eligible data breach on receipt with a reference
number.

You can save this form at any point and return to complete it within 3 days. To save your form, click on the Save For
Later button on the top right-hand corner of this form. If you do not submit your saved form within 3 days, your saved
information will be permanently erased.

Refreshing your browser will clear any information that you have not saved. If you need to refresh your browser while
completing this form and wish to keep your changes, please save the form first.

Your personal information

We will handle personal information collected in this form (usually only your name and contact details) in accordance
with the Australian Privacy Principles.

We collect this information to consider and respond to your breach notification. We may use it to contact you.

More information about how the OAIC handles personal information is available in our privacy policy.

Part one - Statement about an eligible data breach

 FOIREQ18/00027 017

s 22

s 22

From: Section 47F - personal privacy [mailto:Section 47F - personal privacy ]

Sent: Tuesday, 18 December 2012 4:28 PM
To: Timothy Pilgrim
Subject: Notification of incident - Albury NAB Retail

Confidential and Subject to Legal Professional Privilege

Dear Commissioner Pilgrim

It has come to my attention today that a package of NAB documents were delivered to the Westpac
Branch in Albury.  The circumstances follow:

Employee of Westpac Albury attended our NAB branch yesterday afternoon (Monday 17
December 12) to deliver documents which they had received in their courier bag that morning.
It is believed that TOLL are the couriers for both NAB and Westpac
The documents were loose report pages (computer generated) and a plastic sealed courier
 FOIREQ18/00027 018

envelope bound with an elastic band (i.e. not in an envelope). The reports contained customer
names, account numbers, lending information(eg interest rates, review dates etc).
Westpac advised that this is exactly how they found the materials in their courier bag.

NAB is investigating with Toll, how this incorrect delivery could have occurred and to ensure it is not
repeated.  

NAB do not believe there is a real risk of serious harm to the impacted customers as the information
has been returned in total, along with confirmation from Westpac that they have not used the
information in anyway.  However in these circumstances, it is in line with NAB's notification protocols
to update your Office in case of any media or other enquiries.  We do not anticipate this being the
case, however it is prudent to advise you as staff from both NAB and the Westpac branches will be
aware of this incident.

It is appreciated if you would advise me if your Office are approached in relation to this incident.  

Thanks and kind regards

S 47F - personal privacy

Group Governance & Legal

National Australia Bank

S 47F - personal privacy

Tel: +Section 47F - personal privacy  |  Fax: S 47F - personal privacy  |  Mob: +Section 47F - personal privacy
Email: Section 47F - personal privacy

The information contained in this email communication may be confidential. If you have received this email in
error, please notify the sender by return email, delete this email and destroy any copy.

Any advice contained in this email has been prepared without taking into account your objectives, financial
situation or needs. Before acting on any advice in this email, National Australia Bank Limited ABN 12 004 044 937
AFSL and Australian Credit Licence 230686 (NAB) recommends that you consider whether it is appropriate for your
circumstances. If this email contains reference to any financial products, NAB recommends you consider the
Product Disclosure Statement (PDS) or other disclosure document available from NAB, before making any decisions
regarding any products.

If this email contains any promotional content that you do not wish to receive, please reply to the original sender
and write "Don't email promotional material" in the subject.
 FOIREQ18/00027 019

From: Section 47F - personal privacy

To: Enquiries
Cc: Section 47F - personal privacy
Subject: Notification of incident - publication of customer address
Date: Wednesday, 9 January 2013 2:31:19 PM

Confidential and Subject to Legal Professional Privilege

ATTN: Compliance Branch

In the absence of our Chief Privacy Commissioner, Section 47F - personal privacy (currently on leave) please
accept the following informal notification.

It has come to our attention that a NAB customer's address has been disclosed via a public online
forum by a NAB employee acting outside their authorisation of their employment. NAB was informed
directly by the affected customer and the act has been confirmed by the staff member in question.

The circumstances follow:

Recently, a NAB customer posted remarks on an online public forum about the children who
died in the recent Sandy Hook shooting in the US.
A NAB staff member responded to the comments online in personal capacity.
Section 47F - personal privacy

In breach of NAB policy, the staff member obtained the Customer's address using NAB
systems for an unauthorised use.
The staff member (in personal capacity) set up a Facebook page using a fictitious identity
Section 47F - personal privacy

and revealed the address of the owner of the online posts.

The Customer discovered who was behind the Facebook page and lodged a complaint with
NAB alleging breach of privacy and seeking damages.

1.

As this act by the employee conflicts with NAB's Code of Conduct and Social Media Guidelines, NAB
commenced its disciplinary and investigative process. During this time the employee in question
provided their resignation and is no longer with NAB.

NAB takes the privacy of its customers very seriously and has been liaising with the customer to
address their concerns with this use of their personal information. We have advised the individual that
appropriate action with the employee has been taken in accordance with company policy. In addition,
we are aware that the information has been removed from the website.

Given the social media context, we believe it is prudent to advise you of this incident and update your
Office in case of any media or other enquiries. Accordingly, NAB will continue to try to conciliate this
matter with the affected individual, including making a goodwill offer of financial compensation.

It is appreciated if you would advise me or Section 47F - personal privacy (Section 47F - personal privacy ) if
your Office are approached in relation to this incident.  

Thanks and kind regards

S 47F - personal privacy

Group Governance & Legal

National Australia Bank

S 47F - personal privacy

Tel: Section 47F - personal privacy  |  Fax: S 47F - personal privacy  |  Mob: Section 47F - personal privacy
Email: Section 47F - personal privacy
 FOIREQ18/00027 020

The information contained in this email communication may be confidential. If you have received this email in
error, please notify the sender by return email, delete this email and destroy any copy.

Any advice contained in this email has been prepared without taking into account your objectives, financial
situation or needs. Before acting on any advice in this email, National Australia Bank Limited ABN 12 004 044 937
AFSL and Australian Credit Licence 230686 (NAB) recommends that you consider whether it is appropriate for your
circumstances. If this email contains reference to any financial products, NAB recommends you consider the
Product Disclosure Statement (PDS) or other disclosure document available from NAB, before making any decisions
regarding any products.

If this email contains any promotional content that you do not wish to receive, please reply to the original sender
and write "Don't email promotional material" in the subject.
 FOIREQ18/00027 021

From: Section 47F - personal privacy

To: Enquiries
Subject: DBN14/00032 - Notification
Date: Friday, 30 May 2014 4:13:48 PM

ATTN: Compliance Branch

 
Please accept the following informal notification.
 
It has come to our attention that a NAB customer's identification details has been used by a NAB
employee acting outside their authorisation of their employment. NAB was informed directly by
the police and is actively cooperating with the AFP in their investigation of this matter.
 
The circumstances are as follows:
• Recently, a NAB staff member used a customer’s identification details to purchase two
mobile phones.
• In breach of NAB policy, the staff member obtained the customer's details using NAB
systems for an unauthorised use.
• The staff member has subsequently been arrested in the s 22
.
• NAB is and will continue to cooperate with both the s 22 in their investigation.
               
NAB takes the privacy of its customers very seriously and has been liaising with the customer to
address their concerns with this use of their personal information. NAB is in regular contact with
the affected customer and is working out how we can best assist them in terms of ensuring their
confidence in NAB’s handling of their personal information and the security of their accounts. In
addition, NAB will be meeting with the customer once we have the results of our forensic audit
of his accounts, to discuss how we can assist them with their legal costs as a result of this
incident and to discuss our offer for financial compensation.
 
It is appreciated if you would advise me if your Office is approached in relation to this incident. 
 
Thanks and kind regards
Section 47F - personal privacy

 
S 47F - personal privacy

Technology Legal, Group Governance & Legal

National Australia Bank
 
S 47F - personal privacy
Tel: +61 Section 47F - personal privacy |  Fax: S 47F - personal privacy  |  Mob: +61 Section 47F - personal privacy
Email: Section 47F - personal privacy  
 
Please consider the environment before printing this e-mail notice

The information contained in this email communication may be confidential. If you have received this email in error, please notify the
sender by return email, delete this email and destroy any copy.
Any advice contained in this email has been prepared without taking into account your objectives, financial situation or needs.
Before acting on any advice in this email, National Australia Bank Limited (NAB) recommends that you consider whether it is
appropriate for your circumstances. If this email contains reference to any financial products, NAB recommends you consider the
 FOIREQ18/00027 022

Product Disclosure Statement (PDS) or other disclosure document available from NAB, before making any decisions regarding any
products.
If this email contains any promotional content that you do not wish to receive, please reply to the original sender and write "Don't
email promotional material" in the subject.
 FOIREQ18/00027 024

If this email contains any promotional content that you do not wish to receive, please reply to the original sender
and write "Don't email promotional material" in the subject.
 FOIREQ18/00027 025

From: Section 47F - personal privacy

To: Enquiries
Subject: DBN16/00056 - notification [NAB-Active.FID166308]
Date: Friday, 3 June 2016 4:57:24 PM
Attachments: image001.png

ATTN: Compliance team

Please accept the following informal notification.
 
NAB has had two recent robberies against its Western Melbourne suburb branches which it takes
this opportunity to notify the OAIC on. The following outlines those incidents and the actions NAB
has taken to help remediate or mitigate the potential risks for those impacted.
 
Glenroy Branch
At approximately 5:30pm Monday last week a courier vehicle outside NAB Glenroy branch
(Melbourne) was robbed of two internal mail bags from the vehicle when the driver was surprised by
thieves. The two bags contained mail from two branches picked up earlier in the afternoon,
Broadmeadows and Greensborough.  The courier company (METS) used by NAB notified police and
NAB’s Security teams accordingly of the robbery.
In order to determine the mail bag content, NAB has worked closely with each of the branches who
have had to undertake analysis to determine exactly what customers were impacted.  A
communication plan to contact customers was also worked on.
These bags contained internal mail, including a small number of documents containing customers’
personal information. These documents (affecting 6 customers) were:

· one loan application (contact details and financial information)

· one set of loan documents

· four Account Authority Cards (account number, name and signature).

Once the list of customers impacted was established, and confirmation of the documents stolen
(including the types of information contained), NAB contacted those customers by phone to inform
them and offer actions to limit any risk of harm to those individuals. NAB has focused its attention of
the last two weeks on contacting the customers once they were identified. NAB has also placed
alerts on the customer accounts in the event that this would assist if suspicious actions are
attempted. NAB’s Financial Crimes team is accordingly across this matter. NAB has offered to change
account numbers for those impacted which has been accepted by customers. Customers have also
been referred to their branch manager for further assistance should they require. 
 
West Footscray
In regards to the second incident, NAB was notified on 1 June that another Melbourne branch was
targeted by thieves (West Footscray). Mailbags from St Albans, Brimbank, Watergardens and
Sunshine branches were taken from a locked courier vehicle which was broken into while the courier
driver was inside the branch picking up the mail.
 
NAB security teams continue to work with branches to identify what information is contained in
those bags and which customers may be impacted as a result. At this stage NAB anticipates a larger
number of customers being potentially impacted given the content of the mail bags for this incident
included transaction vouchers. Communications to impacted customers has begun to those
customers identified already (those with loan documents) but a broader strategy is required for this
incident given potential size of impact. To date, 2000 transactions have been identified (total
 FOIREQ18/00027 026

customer numbers are still being determined), with referenced accounts having alerts placed against
them. Work continues to identify what information is attached to each transaction (for example,
where account numbers are impacted customers will be offered new ones to be set up; where
identification details are referred to, additional assistance will be offered on how to change
government issued identification numbers, likely driver’s licence number or passport number if
identification was required for withdrawals). NAB will be offering similar assistance and advice to
those impacted by the second robbery (replacement of account numbers etc) but also wishes to
explore what it can do in terms of assisting customers seek new government-issued identifiers if
appropriate. To this end, NAB is grateful to the OAIC should it have any resources on the process
associated with changing government-issue identifiers as we have been made aware that VIC Roads
does not re-issue driver licence numbers, only the licence card itself.
 
NAB continues to work with Police and the courier company on this matter. NAB understands that
Mets is also considering its own separate internal investigation. Immediate actions taken by the
courier company include introducing cable locks to mail bags which will be secured to the inside of
the vehicle or using cages inside the vehicle to secure mail, as well as adjusting scheduled runs to
attempt to minimise patterns being established by thieves in the even these incidents are
connected. Events have been logged in NAB’s internal risk event system. NAB has committed to
notifying those impacted should it be assessed that there be a real risk of serious harm.  NAB
confirms that in discussions with industry groups, there is a heightened awareness of incidents
occurring on branches where mail bags are being targeted. NAB will be accordingly reviewing its
processes more broadly to try to minimise risk in this area for its customers for the future.
 
Should the OAIC wish for NAB to provide any updates (especially on the second incident
communications to impacted customers) or have any queries please do not hesitate to contact me.
 
Kind regards
S 47F - personal privacy

ES&T Legal - Governance & Reputation

 
S 47F - personal privacy
Tel: +61 Section 47F - personal privacy
 |  Fax: S 47F - personal privacy |  Mob: +61 Section 47F - personal privacy
Email: Section 47F - personal privacy  
 
Please consider the environment before printing this e-mail notice

Passion for customers| Will to win| Be Bold| Respect for People| Do the Right Thing

To find out more about NAB’s commitment to Indigenous Australia check out our RAP.
 
Description: Description: cid:image001.png@01D1AB9D.C47C9850

The information contained in this email communication may be confidential. If you have received this email in error,
please notify the sender by return email, delete this email and destroy any copy.

Any advice contained in this email has been prepared without taking into account your objectives, financial situation or
 FOIREQ18/00027 027

needs. Before acting on any advice in this email, National Australia Bank Limited (NAB) recommends that you consider
whether it is appropriate for your circumstances. If this email contains reference to any financial products, NAB
recommends you consider the Product Disclosure Statement (PDS) or other disclosure document available from NAB,
before making any decisions regarding any products.

If this email contains any promotional content that you do not wish to receive, please reply to the original sender and
write "Don't email promotional material" in the subject.
 FOIREQ18/00027 028

From: Section 47F - personal privacy

To: Enquiries
Subject: DBN16/00080 notification [NAB-Active.FID480354]
Date: Wednesday, 27 July 2016 5:56:02 PM

ATTN: Compliance team

Please accept the following informal notification.
 
Incident Description
Migrant Banking is a specialised business unit within the National Australia Bank (NAB) that
assists business investors, skilled migrants, expatriates, and international students to set up their
personal banking arrangements prior to arrival in Australia.
 
As part of the on-boarding process, clients complete an online application form to open a bank
account. Once the potential customer is approved, the customer data is transferred to a third
party system which automatically generates a “Welcome Letter”.
 
The “Welcome Letter” contains customer details such as customer name, BSB, account number,
address etc. and pre-assigned banker details based on the clients designated arrival city. The
letter is automatically emailed to the customer, and as part of this process was copied to
nab@nab.com . We have recently discovered that nab@nab.com is an external/third party that
has no association to NAB. It appears this was coded to the system in 2012.
 
The same automated system is also used to generate Internet Banking letters for customers who
have registered for internet banking when completing the online Migrant Banking registration
form. The letter is generated approximately two days following the Welcome Letter, and
contains the customers’ number. The Internet Banking Letter is then automatically sent to the
client, copying nab@nab.com.
 
An Incident Management Working  Group comprising business, technology, compliance and risk
personnel has been established to conduct urgent investigation into the issue. This investigation
to date includes review by our technology team in relation to the owner of the nab@nab.com
domain and testing to determine whether emails copied to nab@nab.com were in fact leaving
NAB. NAB continues to investigate how this was applied to the correspondence.
 
In our investigation to date, NAB considers the following processes mitigate the extent of the risk
created by the disclosure:
· The account is not fully functional until appropriate KYC process is completed in
Australia. Whilst customers can deposit funds, they cannot transact until they
have physically identified themselves at the branch in Australia.
· Not all migrant banking customers are impacted as many received
correspondence generated via  a manual process (which meant as the letters
were not system generated, the email was not copied to nab@nab.com)
· Internet banking customers are sent a security code separately to their mobile
phones which they must validate prior to gaining access to Internet Banking.
(NAB confirms mobile phone numbers were not disclosed via these emails)

Information Type
As outlined above, the personal information includes:
· Email address
· Name
 FOIREQ18/00027 029

· Address
· Bank Account Number
· Account Name
· Customer Number

 
At this stage the number of emails is high (NAB estimates almost 60, 000 customers
may be impacted) so analysis on how they are potentially impacted and where these
individuals are today in 2016 is being worked through carefully.
 
Steps taken
This incident was discovered by a Migrant Banking team member in London, after receiving an
email from a client who had “replied all” to their Welcome Letter email. The third party email
address was immediately removed from the back end system, to prevent any further letters
being copied to the third party. A valid nab.com.au email address has since been substituted.
 
NAB is exploring how best to contact the website nab.com regarding secure deletion of the
emails sent to them, if they are held. 
 
Customer Assistance
NAB considers the information disclosed has minimal ability to contribute to transaction fraud.
NAB has also found nothing yet to indicate that any customers have been impacted by fraud as a
result of this event. At this stage NAB does not want to unduly upset customers especially given
the majority may be based abroad (with now dormant accounts). Until NAB has a diligent plan
and we understand the risk for such impacted customers, we do not consider communications
appropriate at this time (as noted above NAB is reviewing to see what accounts are closed or
were never opened).
 
Due to the nature of migrant banking some of these accounts may be closed (having moved back
to their original country of residence – typically accounts are opened largely by individuals on
short-term visas). Some of the accounts may also have never had the AML/CTF requirements
fulfilled. Investigation is underway by NAB’s Migrant Banking team to understand who may have
been impacted by this incident.
 
Once customers have been identified as requiring notification, NAB will be providing them a
dedicated contact so that their matter can be handled by bank officers who are specifically
across this issue.
 
Other Notifications
NAB has informally updated its other regulators, ASIC and APRA this evening. Given the nature of
Migrant Banking, NAB is working thorough what other regulators globally may require
notification.
 
NAB is happy to provide further updates on this event as our investigation continues, should the
OAIC require it.
 
Kind regards
Section 47F - personal privacy

 
 FOIREQ18/00027 031

From: Section 47F - personal privacy

To: Enquiries
Subject: DBN16/00089 - notification [NAB-Active.FID486943]
Date: Monday, 8 August 2016 5:28:38 PM

Privacy Incident – Business Fulfilment Theft

Background
At some stage between Thursday evening 28th July and Friday morning 29th July a staff
members laptop and work bag containing customer information was stolen from the employee’s
car which was parked in their home car port overnight.
The NAB laptop had a bitlocker enabled; this means that the computer is encrypted and will not
allow anyone to connect to NAB networks without appropriate passcodes.
The customer information is contained in 18 reports for individual aggregation groups which
includes details of 138 customer names/borrowing entities, current approved lending limits and
securities (including addresses) held in support of the lending facilities. Although these reports
relate to business lending, given the range of customers within each group, some of the financial
information may be about identified individuals.
NSW Police were notified the day the laptop was discovered stolen. NAB continues to cooperate
with the police on this. At this stage the view is that this was an opportunistic theft and that
sadly, thefts are not uncommon in this particular area of Campbelltown.
Information within stolen reports
Although the majority of the information relates to financial information concerning companies
and trusts, some of the financial information does relate to individuals under those aggregation
groups. Such information includes account numbers, credit card numbers and security
addresses.
Steps taken to date
As per policy, the employee reported the incident to appropriate management levels and NAB’s
Technology Service teams. The matter has also been reported to the NSW Police who have
interviewed the employee. The employee will be subject to NAB’s workplace compliance
requirements.
The event has been entered into NAB’s risk event system and our Fraud teams contacted to
determine if any additional monitoring is required for those impacted customers.
Aggregation groups have relationship managers and have been briefed so as to manage
contacting those impacted customers.
Assistance offered
The relationship managers of those impacted will contact customers to advise of incident and
provide an explanation of events. Depending on the data within those reports, these managers
will be able to offer new account and card numbers. (NAB notes here that no expiry dates or
PINs were exposed). NAB’s Fraud teams will be monitoring customer profiles for potential ID
Takeover activity on their accounts, cards and monitoring credit applications. NAB has no reason
at this stage to suspect this theft has ties to fraud but is doing this as a precautionary measure.
Should you have any further enquiries please do not hesitate to contact me.
Kind regards
S 47F - personal privacy

Group Governance & Legal – NAB

S 47F - personal privacy

Tel: +61 Section 47F - personal privacy| Mob: +61 Section 47F - personal privacy
Email: S 47F - personal privacy
 FOIREQ18/00027 032

The information contained in this email communication may be confidential. If you have received this email in
error, please notify the sender by return email, delete this email and destroy any copy.

Any advice contained in this email has been prepared without taking into account your objectives, financial
situation or needs. Before acting on any advice in this email, National Australia Bank Limited (NAB) recommends
that you consider whether it is appropriate for your circumstances. If this email contains reference to any financial
products, NAB recommends you consider the Product Disclosure Statement (PDS) or other disclosure document
available from NAB, before making any decisions regarding any products.

If this email contains any promotional content that you do not wish to receive, please reply to the original sender
and write "Don't email promotional material" in the subject.

***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
 FOIREQ18/00027 033

Notifiable Data Breach Form

About this form

Notifiable Data Breach statement

This form is used to inform the Australian Information Commissioner of an

‘eligible data breach’ where required by the Privacy Act 1988.

Part one is the 'statement' about a data breach required by section 26WK of the Privacy Act. If you are required to
notify individuals of the breach, in your notification to those individuals you must provide them with the information
you have entered into part one of the form.

The OAIC encourages entities to voluntarily provide additional information about the eligible data breach in part two of
this form. Part two of the form is optional, but the OAIC may need to contact you to seek further information if you do
not complete this part of the form.

Before completing this form, we recommend that you read our resource What to include in an eligible data breach
statement.

If you are unsure whether your entity has experienced an eligible data breach, you may wish to review the Identifying
eligible data breaches resource.

The OAIC will send an acknowledgement of your statement about an eligible data breach on receipt with a reference
number.

You can save this form at any point and return to complete it within 3 days. To save your form, click on the Save For
Later button on the top right-hand corner of this form. If you do not submit your saved form within 3 days, your saved
information will be permanently erased.

Refreshing your browser will clear any information that you have not saved. If you need to refresh your browser while
completing this form and wish to keep your changes, please save the form first.

Your personal information

We will handle personal information collected in this form (usually only your name and contact details) in accordance
with the Australian Privacy Principles.

We collect this information to consider and respond to your breach notification. We may use it to contact you.

More information about how the OAIC handles personal information is available in our privacy policy.

Part one - Statement about an eligible data breach

 FOIREQ18/00027 081

From: Karen Toohey

To: Annan Boag
Subject: FW: CBA matter [SEC=UNCLASSIFIED]
Date: Tuesday, 24 May 2016 5:03:39 PM

To discuss
 
From: S 47F - personal privacy
Sent: Tuesday, 24 May 2016 4:43 PM
To: Karen Toohey <Karen.Toohey@oaic.gov.au>
Cc: S 47F - personal privacy
Subject: CBA matter
 
Dear Karen
 
I write further to your conversation with on Friday.  We are expecting to receive the
S 47F - personal privacy

preliminary independent investigation report from KPMG shortly and would now like to arrange
to meet with you to brief you further on this matter.  We intend to conduct some initial analysis
of the report once it is received so it would be our preference to meet early next week.  Please
let me know if this is suitable and we can exchange some possible times.
 
If you have any queries please let me know.
 
Kind regards
 
Cassandra
 
_________________________________________________
Commonwealth Bank

S 47F - personal privacy

S 47F - personal privacy
S 47F - personal privacy
Sydney  NSW  2001
Phone - S 47F - personal privacy
Mobile - S 47F - personal privacy
Email - S 47F - personal privacy
 
 
 

************** IMPORTANT MESSAGE *****************************     

This e-mail message is intended only for the addressee(s) and contains information which
may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system.
Unless
specifically indicated, this email does not constitute formal advice or commitment by the
sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
 FOIREQ18/00027 082

We can be contacted through our web site: commbank.com.au.

If you no longer wish to receive commercial electronic messages from us, please reply to
this
e-mail by typing Unsubscribe in the subject line.
**************************************************************