To guarantee better protection for citizens’ bank data the Italian Privacy Authority has determined that all access to bank account data will have to be monitored with a special procedure.
In a new regulation published in Official Gazette n°127 of the 3rd of June 2011, the Italian Authority fixed a set of measures for banks and Poste Italiane (The Italian Post Office offering banking and financial services), which aims to register the identity of whoever logs into clients’ bank accounts either to perform operations or simply for reasons of consultation.
This measure answers the need for greater control resulting from numerous requests on the part of citizens involved in cases of legal separation or executive procedures, such as seizures, who have reported that their financial data had been improperly communicated to their opponents by bank personnel.
The new norms stipulate that all access operations carried out by bank employees must be recorded by means of a number of elements, such as the employee’s I.D. code, time of access, work station code and so on.
The bank will then be under the obligation of keeping the recorded log files in its archives for a period of at least 24 months.
In addition to which, banks will have to activate alert systems to monitor anomalous or risky behaviour, such as mass consultation or repeated access to the same account.
The Authority advises banks to warn their clients in cases of non-authorized access to their accounts and to keep the Authority informed of any violations of significant importance.