The following announcement of Visa’s Data Breach is on the ISX site (https://www.isignthis.com/hubfs/Investor%20Documents%202020/Announcements/2020/August/ISX_) and you can see in full it below.
It appears that ASIC demanded data under s19 and s33 notices for Visa Australia to deliver information on merchants and cardholders of ISX.ISX has no relationship with VISA Australia and has not been carrying out business with VISA in Australia. Following the request, Visa Europe Ltd manually transferred data to Visa Australia who gave the data to ASIC, who gave the data to ASX under s127(4A) of ASIX Act who then transferred partial data to at least 1 other 3rd party ( Questions: Under what authority? To whom? To how many?).AUSTRAC, to my knowledge, was not involved in this “data sharing” episode. ISX’s data was (supposedly) protected under the Australian Privacy Act, Confidentiality Deeds as part of Reserve Bank of Australia access arrangements, and standalone Non-disclosure Agreements (NDAs) and the Australian Principal Member Agreement with Visa Singapore. (See relationships, below)
ISX attempted to put the announcement on MAP but was told by ASX that it was promotional, political tendentious in nature and refused to allow it to be released.
There has been precedence in which announcements of data breaches have been announced on ASXMAP and it would seem that this should be the case for ISX since a breach of this nature has the potential effect of being a material issue for ISX if ISX cannot protect their customers’ data. Notably, the example announcement that follows wasn’t claiming ASX was the cause of the data breach, and, as such, may possibly be the reason ASX allowed announcements of this nature in the past but not the ISX announcement. See https://www.asx.com.au/asxpdf/20181101/pdf/43zydw0t7l5lz8.pdf: ASTAL (ASX:ASB) in which it advised that its Australian business has detected and responded to a breach of the company’s data.
I am well and truly disturbed at the VisaAustralia, ASIC & ASX’s total disregard for the privacy of ISX’s customers and other Australian companies should also be shocked and concerned by this behavior. I feel like we are living in a 3rd world country. Perhaps a "banana republic"?
