Two bank employees inappropriately accessed customers' personal account information - with one using the details to stalk an ex-partner, the Privacy Commissioner has revealed.

In one case, a bank employee accessed and used the personal information of her ex-partner over 500 times within a year.

Investigations by the Office of the Privacy Commissioner (OPC) found that at no point did the bank advise the ex-partner that its employee was accessing his bank account.

In another case, a bank employee accessed the account information of his ex-wife's new partner and used the information to confront him at his home.

Advertisement

Investigations found the employee had been previously caught accessing his ex-wife's father's information but had not taken appropriate steps to limit their access.

The revelations follow the release this week of a Financial Markets Authority and Reserve Bank of New Zealand (FMA-RBNZ) review into banks conduct and culture.

The FMA-RBNZ review found that banks have many issues that "appear to have stemmed from weaknesses in systems and processes."

It also raised concern about banks' "lack of proactivity in identifying and remediating conduct issues and risks in their business."

Since the beginning of last year, the OPC received seven complaints about employee browsing. In five of those cases Office investigations found that banks had interfered with a person's privacy.

Privacy Commissioner John Edwards welcomed the findings of the FMA-RBNZ review, saying banks must do more to protect the privacy of their customers.

"Banks don't have to have perfect protections, but they do need to have effective ones. If employees are ignoring codes of conduct and audit systems aren't catching inappropriate access, banks aren't meeting their obligations under the Privacy Act," Edwards said.

"We've had numerous complaints about employee browsing in banks, all involving access to information about people who were, or were connected to, ex-partners. This suggests that the banks' measures to maintain a positive privacy culture are not as effective as they should be."

Advertisement