A bank discovered that a teller had accessed a couple’s joint bank account without authorisation 58 times over two months. The teller also disclosed information about their accounts to a third party, a former partner of one of the couple. The bank contacted the couple to let them know what had happened. It set up a meeting between the couple and an area manager to discuss the situation and appropriate compensation. However, the bank and the couple were unable to settle the matter.Principles 5 and 11Principle 5 of the Privacy Act provides that an agency must protect personal information by such security safeguards as are reasonable in the circumstances to take against loss, access, use, modification or disclosure, and other misuse. Agencies such as banks must therefore take reasonable steps to ensure that their employees do not inappropriately access customer information.