Privacy law for credit providers

Credit providers could face civil and criminal penalties under new privacy laws

One of the recent changes to Australian privacy laws to commence on 12 March 2014 was the introduction of a new Part IIIA into the Privacy Act. The new Part IIA sets out more comprehensive credit reporting, including:

  • a simplified and enhanced correction and complaints process;
  • a requirement for credit providers to be members of an external dispute resolution scheme;
  • a new registered Credit Reporting Code; and
  • civil penalties for breaches of certain credit reporting provisions.

The new Part IIIA sets out new processes for the access and correction of personal credit-related information and consumer complaint procedures. The greater onus is placed on credit providers to investigate complaints and to deal with access and correction requests from consumers, including a requirement to substantiate the accuracy of information if a correction request is refused.

Credit reporting bodies and credit providers may now also face civil penalties for breach of certain provisions of the new Part IIA. Civil penalties may also apply for serious or repeated breaches of the new Part IIIA or the Credit Reporting Code.

The Office of the Australian Information Commissioner has a new power to apply to the Federal Court for an order that a credit reporting body or a credit provider pay a pecuniary penalty to the Commonwealth where they have breached a civil penalty provision.

The new Part IIIA also categorises some acts as offences, which carry a criminal penalty. For example, acts relating to unauthorised use or disclosure of false and misleading information.

If a civil penalty order is made, or an entity is found guilty of an offence, an individual may make a court application for compensation.

Do you have any overseas holding companies or subsidiaries? A credit provider that discloses personal information to overseas entities will remain accountable for acts of those overseas entities.

made by