Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Types

Topic(s): Credit and finance | Health

L v Health Service Provider [2009] PrivCmrA 15

document icon pdf (29.65 KB)

Case Citation:

L v Health Service Provider [2009] PrivCmrA 15

Subject Heading:

Improper listing of a payment default on an individual's consumer credit information file

Law:

Section 18E in Part IIIA of the Privacy Act 1988 (Cth) and Credit Provider Determination No. 2006-2 (Classes of credit providers)

Facts:

The complainant underwent a medical procedure and received an invoice from the health service provider, which remained unpaid. The health service provider sent several follow up invoices and a final letter of demand advising that it would list a payment default on the complainant's credit file if the invoice was not paid within 14 days. The health service provider subsequently listed the payment default. Later, the complainant paid the debt.

The complainant alleged the payment default did not relate to credit as defined by the Privacy Act.

Issues:

Determination No. 2006-2 issued by the Privacy Commissioner under section 11B(1)(v) of the Privacy Act states that the following classes of corporations are regarded as credit providers for the purposes of the Privacy Act:

a corporation where, in relation to a transaction, it is considering providing or has provided a loan in respect of the provision of goods or services on terms which allow the deferral of payment, in full or in part, for at least 7 days; or
a corporation engaged in the hiring, leasing or renting of goods, where, in relation to a transaction, no amount, or an amount less than the value of the goods, is paid as deposit for return of the goods, and the relevant arrangement is one of at least 7 days duration.

Section 18E(8)(a) of the Privacy Act restricts information that can be disclosed by a credit provider to a credit reporting agency. Section18E(1)(b)(vi) of the Privacy Act allows a ‘default listing' on the individual's consumer credit file if it relates to ‘credit provided by a credit provider' and other conditions set out in the section are met.

Outcome:

The Commissioner investigated the matter under section 40(1) of the Privacy Act.

The health service provider argued it was a credit provider in accordance with Determination No. 2006-2 because it provided a loan and that loan was not paid within 7 days. It acknowledged that it did not provide any payment terms or methods prior to surgery. However, given the invoice did not explicitly state that immediate payment was required, it argued that a lack of payment terms should be construed as allowing a reasonable time, in excess of 7 days, for payment.

The Commissioner considered a number of issues, including the definition of a ‘loan’, which forms the basis of the definition of credit under the Privacy Act. A loan is ‘a contract, arrangement or understanding under which a person is permitted to defer payment of a debt, or to incur a debt and defer its payment’. The lack of any explicit payment terms did not, in the Commissioner's view, support the argument that the health service provider and complainant had a contract, arrangement or understanding, which permitted deferral of payment for a period exceeding 7 days.

While the complainant had failed to pay for the medical procedure, the Commissioner considered the health service provider did not have a sufficient credit relationship with the complainant, and was not a credit provider in accordance with Determination No. 2006-2. The Commissioner formed the view that the health service provider had interfered with the complainant's privacy by listing a payment default when it was not a credit provider in respect of the debt.

The Commissioner found that the health service provider had taken some steps to ascertain whether it was a credit provider. However, given the potentially serious financial consequences of listing the payment default, the Commissioner considered further steps were necessary, such as seeking legal advice or contacting the Commissioner's Office.

Subsequently, the Commissioner conciliated the matter under section 27(1)(ab) of the Privacy Act.

In response to the complainant's claim that the payment default prevented them from obtaining finance, the health service provider apologised, removed the payment default, and ceased its practice of reporting overdue accounts to a credit reporting agency. The complainant also accepted a confidential financial settlement.

The Commissioner closed the complaint under section 41(2)(a) of the Privacy Act on the grounds that the health service provider had adequately dealt with the complaint.

OFFICE OF THE PRIVACY COMMISSIONER

November 2009