We use cookies to analyse traffic and to improve your browsing experience on our website. To find out more, read our privacy policy.

News Join our team Contact us

Carly Kind

Carly Kind
Privacy Commissioner

Published:  

An ‘access seeker’ is a term used in section 6L of the Privacy Act 1988 to refer to someone who assists an individual to deal with a credit reporting body or credit provider and is authorised in writing by the individual to access credit reporting information on their behalf.

This provision exists to help people get assistance in navigating the credit reporting system. Third-party access to an individual’s credit reporting information can be helpful for the individual where they do not know how to access their credit report, or where they require help from an advocate to understand or address an issue with their credit report. When this provision was drafted, access seekers were conceived as someone like a community lawyer or financial counsellor, who supports an individual through financial difficulty, identify theft, or just trying to understand their own credit record better.

The Privacy Act restricts who can access credit reporting information about an individual given the sensitivity of this information. It specifically excludes certain people from being able to be an access seeker. Under the law, the following people can’t be an access seeker:

  • a real estate agent
  • an employer of an individual
  • a mortgage or trade insurer
  • a general insurer
  • a credit provider.

By way of underscoring these restrictions, it is clear both on the face of the legislation and from the explanatory memorandum to the relevant amending legislation that the intention is that these organisations must not use the access seeker provisions. Doing so would circumvent the spirit and purpose of the credit framework.

The review of Australia’s credit reporting framework

The review of Australia’s credit reporting framework discussed the fact that some organisations are using the access seeker provisions for purposes connected with assessing credit worthiness. Sometimes these are badged as ‘preliminary checks’ of credit worthiness or a ‘soft enquiry’ about a person’s credit record that won’t leave a mark on their credit file. This sort of usage of the access seeker provisions goes beyond the original purpose of the provision and in some cases may be unlawful.

The review report recommended that the use of the access seeker provisions be clarified. It also recommended that a mechanism to make soft enquiries, similar to what some organisations are currently using the access seeker provision to develop, be codified and inserted into legislation.

Our regulatory approach

While the Australian Government is considering the findings of the review and deciding if a soft enquiries framework should be developed, the OAIC will exercise discretion in how we approach this issue. Our approach to prioritising regulatory efforts is always responsive to an understanding of consumer harm and vulnerability, and although at this stage this issue appears to be a relatively confined issue, which is not (to the best of our knowledge) causing significant harm to individuals, if our understanding changes, this may trigger a change in our approach.

Until the access seeker provisions are clarified, organisations are entitled to pursue lawful current uses of the access seeker provisions, provided they do so on the basis of a good faith and reasonable interpretation of the current legal framework. However, the OAIC may consider regulatory action in the event that we become aware of any harm to individuals, or of flagrant breaches of the Credit Reporting Code or the Privacy Act. Further, if the OAIC observes an expansion of the usage of the access seeker provisions while government is considering the findings of the review, we will examine the issue further.

The independent reviewer found that the access seeker provisions should be clarified to ensure they are used for their intended purposes, and that there be a clearer basis for soft enquiries in Australia’s credit reporting framework. The government is currently considering the recommendations of the review, which makes a number of specific recommendations about how this should be achieved.

In the meantime, the OAIC encourages organisations using the access seeker provisions to:

  • carefully consider the compatibility of that usage with the provisions of the Privacy Act and Credit Reporting Code, and be prepared to explain this usage to the OAIC if asked
  • ensure that any information they gather through this mechanism is not used for a purpose an individual has not given express consent for
  • ensure any information collected through this mechanism is held securely and is retained for the minimum possible period.

The OAIC looks forward to working with government to support it in responding to the findings of the review.

OAIC logo
Contact us 1300 363 992

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

© Commonwealth of Australia