Part IIIA of the Privacy Act 1988 (Privacy Act) is titled “credit reporting”. It regulates consumer credit reporting in Australia. Part IIIA is supported by the Privacy Regulation 2013 and the Privacy (Credit Reporting) Code 2014, which is often referred to as the “Credit Reporting Code of Conduct”, or simply, the “CR Code”.
The structure of Part IIIA, an overview of the rules, and selected key definitions
It is useful for legal practitioners to have working knowledge of the structure of Part IIIA. From this, legal practitioners would gain and understanding of the applicable rules. This Guidance Note also provides definitions of key terms used in Part IIIA.
Part IIIA Divisions 2 and 3 contain rules that apply …show more content…
CRB derived information is personal information (other than sensitive information) that is derived by a CRB from credit information about an individual, has any bearing on the individual's credit worthiness and is, has been or could be used in establishing the individual's eligibility for credit. CRB derived information is generally held by CRBs.
Credit reporting information is generally held by CRBs and may be disclosed to credit providers and other entities in specific circumstances.
Credit eligibility information is credit reporting information that was disclosed to the credit provider by a CRB, or CP derived information. CP derived information is personal information (other than sensitive information) that is derived by a credit provider (CP) from credit reporting information about an individual that was disclosed to the credit provider by a CRB, has any bearing on the individual's credit worthiness and is, has been or could be used in establishing the individual's eligibility for credit. CP derived information is generally held by credit providers.
Part IIIA Division 7 provides for compensation orders and other orders to be made by the …show more content…
This requirement is in addition to the requirement relating to matters that the individual needs to be made aware of as specified in the Privacy Act: s 21C(1)(a) of the Privacy Act. Credit providers often address this requirement by having a “Statement of Notifiable Matters” to complement its privacy policy and/or credit reporting policy. Such a statement is designed to provide information on the entities to whom it may disclose customers’ credit information. It is often also designed to provide customers with information on certain rights they have in relation to their credit information.
Useful reference for legal practitioners
A useful reference for legal practitioners is OAIC’s diagram “Information flows in the Credit Reporting System”. It is available from OAIC’s webpage “Privacy business resource 3: Credit reporting – what has changed”