Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Types

Topic(s): Credit and finance | Law reform

Synopsis of Government Response to ALRC Report 108 – Credit Reporting

document icon pdf (572.7 KB)

Australian Government Response to the Australian Law Reform Commission (ALRC) Report 108: For Your Information Australian Privacy Law and Practice

Credit Reporting Provisions - Proposed New Binding Code

General Comments in the Australian Government Response to ALRC Report 108 about the proposed credit code

There should be a three tiered model for binding code development under the Commonwealth Privacy Act 1988 ('Privacy Act'), namely:
- Codes voluntarily developed by organisations;
- Mandatory codes developed at the request of the Privacy Commissioner; and
- Where such a request is not complied with, a mandatory code developed by the Privacy Commissioner.[1]
In relation to credit reporting, it is necessary to have a clear and transparent code of practice agreed across the credit reporting industry about how the credit reporting provisions and related issues will operate in practice.
The proposed credit code is to replace the current Credit Reporting Code of Conduct.
The credit reporting industry will be the main driver behind the code although the Privacy Commissioner will give final approval. This will ensure that the code appropriately balances the needs of industry to have efficient and effective credit reporting with the privacy needs of individuals.[2]
Any organisation or agency (including credit providers and credit reporting agencies) that wants to participate in the credit reporting system will be required to be a member of this binding code.

Matters identified in the Government Response to be included in the proposed credit code

Any matters outlined in the current Credit Reporting Code that do not overlap with requirements in the redrafted Privacy Act (such as in the new Privacy Principles).
Standards around how the credit reporting industry lists the types of credit accounts as well as when a credit account is deemed to be closed.
Operational matters around repayment history that are not included in regulations, such as at what intervals a credit provider will list information with a credit reporting agency.[3]
Appropriate standards for the listing of serious credit infringements[4].
Guidance on when a credit provider or credit reporting agency would know or should reasonably know an individual's age.
Reasonable periods relating to extension of the access restriction to credit reporting information (when there is possible identity fraud) and other procedural requirements around:
- notifying the individual of the effect of restricting access,
- the initial period in which access will be restricted,
- subsequent notifications that an access restriction period is ending, and
- how a credit provider should be informed of why the access restriction is in place.[5]
Operational issues in relation to data quality and procedures relating to the accuracy of information.[6]
Matters in relation to when and how access and correction of credit reporting information should be provided for and the timeliness of the transactions.[7]
Appropriate timeframes and the form of access in which free copies of credit reporting information from a credit reporting agency should be provided to an individual.[8]
Procedures relating to dispute resolution such as:
- when a 'dispute' has been raised by an individual,
- when a complaint will be deemed to have been made,
- the appropriate notice that should be provided to the individual about the dispute process and the timeliness of the response to the individual,
- providing information about the party responsible for considering the dispute, and
- information sharing and establishing appropriate contact officers in credit reporting agencies and credit providers.[9]

[1] Refer to Recommendation 48-1 in 'Enhancing National Privacy Protection - the Australian Government First Stage Response to the Australian Law Reform Commission Report 108: For Your Information Australian Privacy Law and Practice', October 2009 located at http://www.pmc.gov.au/privacy/alrc.cfm.

[2] Refer to Recommendation 54-9 in the Australian Government First Stage Response ('Government Response').

[3] Refer to Government Response, Recommendation 55-4.

[4] Refer to Government Response, Recommendation 56-7.

[5] Refer to Government Response, Recommendation 57-5.

[6] Refer to Government Response, Recommendations 58-3 and 58-4.

[7] Refer to Government Response, Recommendation 59-1.

[8] Refer to Government Response, Recommendation 59-2.

[9] Refer to Government Response, Recommendations 59-5, 59-6 and 59-8.