This note provides an overview of the key data protection and security issues that arise in the financial services sector. It covers the role of the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC), and outlines the key relevant prudential standards and guidelines issued by APRA and ASIC. It also outlines other laws and regulations that are relevant to privacy, information risk and cybersecurity in the financial services sector. These include general obligations on Australian financial services licensees (AFS licensees), the application of the Consumer Data Right legal framework to Open Banking, and rules relating to the collection and use of tax file numbers.