The Office of the Australian Information Commissioner (OAIC) today registered a new Privacy (Credit Reporting) Code 2024 (Version 3.0) (Credit Reporting Code) that strengthens privacy protections for Australians’ credit information and provides greater clarity for industry on their obligations.
“The Credit Reporting Code sets out strict rules about how credit providers and credit reporting bodies must handle Australians’ credit information,” said Privacy Commissioner Carly Kind.
“Credit information can have a major impact on an individual’s life, such as affecting their ability to get a loan for a house or car.
“It is critical that credit information is handled with care and the right balance is struck between credit providers’ need to access credit information and making sure Australians’ privacy is protected.”
The updates registered today implement 15 of the proposals made in the OAIC’s 2021 independent review of the Credit Reporting Code. Some proposals were referred to be considered in the review of Part IIIA of the Privacy Act, currently underway.
The new CR Code better protects the rights and interests of individuals through outcomes that include:
- improvements to explanatory materials to better explain how the credit rules apply to them
- increased support for victims of fraud by ensuring a person can extend a ban on their credit report with minimal evidence
- a free alert system for victims of fraud who have placed a ban on their credit report, that will notify them if anyone tries to request credit during the ban period
- the ability to correct in one request, multiple pieces of incorrect information on an individual’s credit report caused by a fraud event
- the recognition of domestic abuse as a circumstance beyond an individual’s control that can lead to corrections needing to be made to their credit report
- greater transparency over how credit reporting bodies and banks are complying with their privacy obligations.
Benefits for industry include:
- enhanced usability of the Credit Reporting Code and explanatory materials as they now mimic other legislative instruments
- improvements to the explanatory statement, including provision-by-provision explanations, practical guidance and examples to help industry understand and comply with its obligations
- further information around the definition of a reporting ‘month’ to help industry comply and input information into their systems
- changes to the ‘account close’ date definition to ensure consistency and certainty when industry are calculating this to report consumer credit liability information
- transitional periods to enable time to update systems before compliance is required.
“The enhancements provided by the new Credit Reporting Code will help industry to meet their obligations and, in doing so, increase the trust and confidence of the Australian community in how their information is being used and disclosed,” Commissioner Kind said.
“A well-functioning credit reporting system is fundamental to the Australian economy, especially as the credit landscape expands, and the new Credit Reporting Code will help to support this.”
Notes
- The Privacy (Credit Reporting) Code 2024 (Credit Reporting Code) is a mandatory code that binds credit providers and credit reporting bodies. It supplements Part IIIA of the Privacy Act 1988, which relates to credit reporting, and the Privacy Regulation 2013. Importantly, a breach of the Credit Reporting Code is a breach of the Privacy Act.