Legislative safeguards exist for the protection of individuals regarding the content, use and disclosure of credit reports under the Privacy Act 1988 (Cth), and regulating how credit providers handle information about individuals.
The legislation is aimed at protecting information relating to the consumer’s credit-worthiness and ensuring that use of this information is restricted primarily to assessing applications for credit lodged with a credit provider.
Under the Privacy Act, A credit provider may not pass information about an individual to a credit reporting agency conducting a “credit reporting business” (E.g. Veda) without first notifying the individual.
The Act also limits the circumstances in which persons other than the individual named on the credit report can access credit report information issued by a credit reporting agency. Such access is restricted primarily to credit providers for the purpose of assessing applications for credit or collecting overdue payments on credit granted to individuals.
Credit providers must take steps to ensure that any information contained in “credit reports” (defined in s6(1)) in their possession is accurate, up to date, complete and not misleading. Reporting a default, a significant period after the default occurred can be deemed to be misleading and such conduct should be avoided.
The Privacy Act 1988, limits the use by credit providers of consumer credit reports issued by credit reporting agencies to specific purposes including:
1. assessing an application for consumer credit;
2. assessing an application for commercial credit provided that the individual has consented;
3. assessing whether to accept an individual as guarantor;
4. where the use is for internal management purposes of the credit provider;
5. collecting overdue payments;
6. assisting an individual to avoid defaulting on his or her credit obligations in certain circumstances;
7. where the use is required or authorised by law;
8. where the credit provider believes that the individual has committed a serious credit infringement.
Part IIIA of the Privacy Act 1988 also creates a range of credit reporting offences which have civil liabilities attached.
The Privacy Commissioner has, under s 18A of the Privacy Act 1988, issued a Credit Reporting Code of Conduct. The Code explains in greater detail the requirements of Pt IIIA and sets out procedures for complying with those requirements. This includes provisions for resolving disputes which relate to credit reporting. The provisions of the Code are legally binding.
For further information in respect to your commercial or personal privacy obligations and rights please contact Affinity Lawyers on 07 5630 6888.