May 27, 2010

Fake ANZ Facebook profile may breach Australian laws

ABC.net.au

At  the least, the fake profile almost certainly contravened Facebook's  terms of use

At the least, the fake profile almost certainly
contravened Facebook's terms of use.


Consumer rights advocates say ANZ bank employees may have breached privacy laws and the Trade Practices Act when they allegedly used Facebook to gather customers' information.

It is alleged that someone in the bank's debt collection team secretly set up a fake Facebook profile.

Using this false identity, they then befriended ANZ customers with bad credit in order to track down their current contact details.

The fake Facebook profile was set up under the name of Max Bourke, but did not mention ANZ in any way.

Instead, the profile showed a picture of a handsome man jogging along a beach with his shirt off.

By the time the profile was taken down from the website yesterday, Max Bourke had more than 80 people listed as friends.

But many of them may have been unwitting ANZ customers who had defaulted on their credit repayments and changed their addresses without telling the bank.

ANZ has confirmed that several members of its debt collection department are now under investigation over the fake profile.

The bank's spokesman, Paul Edwards, does not believe it is a widespread issue.

"I think it's more an issue of rogue activity by an individual or a small group of individuals in this area and we'll take the appropriate action against them," he said.

"Clearly where we're not being transparent, where we're not being open within our dealings with customers, that's just completely unacceptable."

Consumer Action Law Centre CEO Carolyn Bond says the scheme is essentially an old debt collecting tactic turned high-tech.

"In a way this is an electronic version of a problem we often come across," she said.

"Collectors contact friends and relatives and pretend to be somebody else to get information. This is probably just one step up and using Facebook for that purpose."

She says affected customers may be able to take action against the bank for misleading and deceptive conduct - or even harassment.

"We'd always argue that misleading people about your identity is misleading and deceptive," she said.

"In fact, we would suggest to the individual consumers that they might like to lodge a complaint with the financial ombudsman because the ombudsman can in certain circumstances award compensation if ANZ doesn't jump in and do that first."

Australian Competition and Consumer Commission (ACCC) chairman Graeme Samuel says there could be cause for the corporate watchdog ASIC to look at the case.

"There are limits, there are constraints. They are there to protect debtors from harassment, from oppressive behaviour, from unconscionable behaviour and from coercive behaviour," he said.

"Now whether or not what's occurred here steps over that line, I think is a matter that would ultimately need to be examined - probably not by the ACCC but by ASIC."

Mr Edwards says the bank is aware of potential legal issues.

"I think that's something that we'll examine as part of the investigation," he said.

"I mean, clearly we're dealing with some newer areas of technology and I sort of think of this as some grossly misplaced creativity by individuals rather than something which was producing particularly compelling business results.

"But nonetheless, it's unacceptable and certainly any breach of relevant privacy or other laws we'll be looking at very seriously."

At the least, the fake profile almost certainly contravened Facebook's terms of use about providing false personal details and collecting information from users.

Geordie Guy from the internet privacy watchdog Electronic Frontiers Australia says there is a chance that other businesses have been running similar schemes.

"This is probably one of the first times we've seen it happen quite so prominently. It wouldn't surprise me if we did have circumstances whereby businesses were using social media like this to get information about people," he said.

"We know that, for example, insurance companies have data mining operations which look at this sort of information in terms of assessing whether or not people are insurable, whether they should be insured.

"But in terms of trapping someone into giving away private information about themselves for an ulterior motive, being operated by an employee, I'd imagine it is quite rare."