CBA fined $3.55m over spam breaches

The bank also entered into a CEU with ACMA

CBA fined $3.55m over spam breaches

The Commonwealth Bank of Australia has paid a $3.55 million fine and entered a three-year court-enforceable undertaking with the Australian Communications and Media Authority after it sent more than 65 million emails that violated Australia’s spam laws.

According to an ACMA investigation, CBA sent more than 61 million marketing emails to customers that unlawfully required them to log in to unsubscribe and a further 4 million marketing emails without a functioning unsubscribe mechanism. The bank was also found to have sent more than 5,000 marketing emails to customers who had tried to unsubscribe from the messages.

ACMA Chair Nerida O’Loughlin (pictured above) said companies should allow people to unsubscribe from marketing messages and must make it easy for them to exercise that right.

“The scale and duration of the breaches by the CBA is alarming, especially when the ACMA gave it early warnings it might have some issues and the steps it took were ineffective,” O’Loughlin said. “The failure to fix the issues shows a complete disregard for the spam rules and the rights of its customers. Consumers are frustrated by marketing intrusions on their privacy, especially when there is no option, or it is difficult, to unsubscribe.”

Under the court enforceable undertaking with ACMA, CBA committed to an independent review of its e-marketing practices and to implement improvements. The bank must also provide regular compliance reports to the ACMA and train its staff on Australia’s spam laws.

Monique Macleod, CBA group executive marketing and corporate affairs, said the bank acknowledges and accepts the findings of ACMA’s investigation into CBA’s compliance with certain provisions of the Spam Act.

“We apologise to all customers impacted by these issues, which should not have occurred,” MacLeod said. “We’ve fixed the problem and are making changes to ensure it doesn’t happen in the future.”

She said that since self-reporting the matter to ACMA, the bank has fixed the issues, and strengthened its systems, processes, and controls to support ongoing compliance.

The CBA fine was the largest penalty imposed by ACMA for breaches of the spam laws.

The authority said it will closely monitor CBA’s compliance and the commitments it has made to review its practices.

“If we find future non-compliance, we will not hesitate to take further action,” O’Loughlin said.

Have something to say about this story? Let us know in the comments below.