click to skip link menu
Privacy Logo Search
What's New!
Privacy Act and Other Laws
What are My Rights?
New Privacy Law
Privacy & the Private Sector
Privacy & the Public Sector
Request For Comment line gif separating menu sections
Information Technology & Internet Issues
News & Information
Privacy Publications
Research
Speeches
Strategic Plan
Privacy Connections Network
About the Privacy Commissioner
Privacy Contact Officer Information line gif separating menu sections
Links to Privacy Sites
Sitemap
Feedback/Contact us
Privacy Policy
Copyright Information

HOME

space gif between side menu and page content sections
The Australian Privacy Commissioner's Website
PUBLICATIONS
Last Modified 1996

Privacy Act: Fact sheet 7

Credit Reporting Databases

Credit reporting databases

This Fact Sheet describes the laws regulating businesses that operate databases that record information about an individual's credit worthiness. Databases that involve the reporting of information about an individual's eligibility to be provided with credit, or history in relation to credit, or capacity to repay credit are regulated by the Privacy Act 1988 and the Credit Reporting Code of Conduct.

The law imposes heavy penalties for unauthorised access to, or improper use of, personal credit information.

Back to Top

What kinds of databases are subject to the Privacy Act?

If the database involves the preparation or maintenance of records for the dominant purpose of providing information on an individual's credit worthiness, which includes information on an individual's eligibility to be provided with credit, history in relation to credit or capacity to repay credit, then it would be subject to the Privacy Act. A business that operates such a database is defined by the Act as a credit reporting agency and must comply with all the laws regulating the activities of credit reporting agencies.

The Privacy Act and the Code of Conduct regulate the handling of personal credit information (which the individual obtains when acting in a private capacity, and which is used primarily for domestic, household or family purposes). The legislation does not regulate commercial credit reporting.

Back to Top

What sort of information can be stored on the database?

A credit information file can include the following information:

  • information about the individual including:
  1. full name, including any known aliases, sex and date of birth
  2. a maximum of three addresses consisting of a current and last known address and two immediately previous addresses
  3. name of current or last known employer
  4. driver's licence number;
  • a record of a credit provider having sought a credit report to assess an application for consumer or commercial credit;
  • default information (note that information may only be included here if the individual is at least sixty days overdue and the credit provider has taken steps to collect the amount outstanding); and
  • certain items of publicly available information such as court judgments and bankruptcy orders.

You must NOT include on an individual's credit file any information that records the individual's political, social or religious beliefs or affiliations; criminal record; medical history or physical handicaps; race, ethnic origin or national origins; sexual preferences or practices; or lifestyle, character or reputation.

Back to Top

Who can the information on the database be released to?

The Act allows a credit reporting agency to release permitted information stored on a credit information file to:

  • An individual whose personal information is contained in the database. The credit reporting agency must take all reasonable steps to ensure that the individual can obtain access to the file.

  • An individual's authorised agent who may exercise an individual's rights in connection with:

  1. an application or proposed application, by the individual for a loan; or
  2. the individual having sought advice in relation to a loan

  • credit providers for the purposes of assessing an application for credit made by the individual to the credit provider, or in connection with collecting overdue payments.

Information can also be released to a current credit provider, a mortgage insurer, a trade insurer and another credit reporting agency for certain specified purposes. A credit provider or law enforcement authority may receive a credit report in connection with a serious credit infringement believed to have been committed by the individual concerned.

Further information about credit providers is set out in Fact Sheet 1.

If you are releasing information to a credit provider you will need to take steps to ensure that the credit provider is aware of the limitations on use and disclosure of personal information in the report or file.

When you release information from the database you must also make a note on the file setting out:

  • the date when the information was disclosed;
  • who the information was released to; and
  • which part of the file was disclosed.

You CANNOT release information directly to debt collection agents or real estate agents.

Back to Top

What else do I need to do?

You will also need to make sure that:

  • information in the file is accurate, up-to-date, complete and not misleading
  • the file or report is protected by security safeguards to prevent against loss, unauthorised access, use, modification, disclosure and against other misuse; and
  • credit providers to whom information is disclosed have measures in place to prevent unauthorised use or disclosure of the personal information contained in the file or report.

For further information please contact

Privacy Commissioner
GPO Box 5218
Sydney NSW 1042

Privacy Hotline: 1300 363 992
Telephone: (02) 9284 9800
Fax: (02) 9284 9666

E-mail: privacy@privacy.gov.au

Back to Top

 
Search | What's New! | Privacy Act | What Are My Rights? | New Privacy Law | Private Sector | Public Sector | Request for comment | Information Technology & Internet | News and Information | Publications | Research | Speeches | Strategic Plan | Privacy Connections Network | About the Commissioner | Privacy Contact Officer Information | Links | Site Map | Feedback/Contact us | Privacy Policy | Copyright | Home |