Credit providers should review their processes and
procedures to make sure credit information is managed in line with
their obligations under the Privacy Act.
Who is a credit provider?
Last year's reforms to the Privacy Act have
broadened the definition of a 'credit provider' to include
businesses that allow clients more than seven days to pay
The definition extends beyond 'traditional' credit
providers such as banks and other financiers. This means that
virtually every business that has payment terms of more than a week
are now caught as a credit provider.
What are their obligations?
Credit providers have a general obligation to take
'reasonable steps' to implement practices, procedures and
systems to comply with their credit information handling
Credit providers must have a clearly expressed and up-to-date
policy that sets out information about:
the kinds of credit information they collect and hold;
how credit information is collected and held;
the purposes for which credit information is collected, held,
used and disclosed;
how an individual may access crediting information and seek the
correction of such information; and
how an individual may complain about a failure of the credit
provider to comply with their obligations.
Credit providers must also take reasonable steps to ensure
credit information collected, used or disclosed is accurate,
up-to-date and complete.
Additional obligations are imposed on credit providers that
disclose information to credit reporting bodies. For instance,
before a credit provider collects personal information about an
individual, the credit provider must notify the individual that
their personal information may be disclosed to a credit reporting
body. The name and contact details of the credit reporting body and
any other matter specified in a credit reporting code (CR Code)
must be provided.
Credit providers must also comply with prescribed limitations on
disclosing credit information to credit reporting bodies. In many
circumstances, credit providers must not disclose information about
an individual to a credit reporting body unless the credit provider
is a member of an external dispute resolution scheme.
What are the consequences of non-compliance?
Credit providers that fail to comply with their obligations can
be penalised with fines of up to $1.7 million (for corporations)
and $340,000 (for individuals).
How can credit providers comply with these
Credit providers should:
update their policies and procedures;
update their privacy statements in their credit applications,
especially if conducting credit checks on sole traders and
seek advice on their obligations to comply with the Privacy
Act and CR Code; and
review any arrangements with credit reporting bodies and be
aware of the new requirements when disclosing information to these
Privacy Awareness Week
This article is the last article in our series on handling
personal information as part of Privacy Awareness Week. For more
information on Privacy Awareness Week, see the
Office of the Australian Information Commissioner's
website. As a partner of the Office of the Australian
Information Commissioner's privacy awareness campaign, this
week Cooper Grace Ward published a series of articles relating
Winner – EOWA Employer of Choice for Women Citation 2009,
2010, 2011 and 2012
Winner – ALB Gold Employer of Choice 2011 and 2012
Finalist – ALB Australasian Law Awards 2008, 2010, 2011 and
2012 (Best Brisbane Firm)
Winner – BRW Client Choice Awards 2009 and 2010 - Best
Australian Law Firm (revenue less than $50m)
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).