Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » dp72 credit submission 20071223  

Subscribe to Galexia news and announcements.
More information »

Privacy Impact Assessment (PIA): This tool identifies privacy issues in specific sectors or applications. By using the PIA tool at the design stage of an implementation organisations can avoid privacy errors and the costs of rectification at later stages. Find out more »

[2018 Global Cloud Computing Readiness Scorecard]

2018 Global Cloud Computing Readiness Scorecard
Find out more »

Submission - Credit Reporting Regulatory Framework: Submission to ALRC Privacy Inquiry (December 2007)

[« previous] [next »] [up] [title page] [full contents]

2.11. Use of credit reporting information

Current regulation restricts access to credit reporting information to a limited set of credit providers. However, some credit reporting agencies offer additional services and applications that require them to also collect, use and disclose non-credit reporting information. For example, personal information that forms part of credit reporting information may also be useful in verifying evidence of identity claims. This is a growing area of business following the passage of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).[32]

Some industry submissions to the ALRC have argued for consistent regulation across all of their activities. This could be achieved by broadening the definition of credit reporting information to include information used for other purposes.

It is likely that there will be some sympathy for organisations who find themselves subject to two separate, inconsistent privacy regulations (the UPPs and the Privacy (Credit Reporting Information) Regulations). However, use of personal information outside of the credit reporting environment will ultimately fail the specific credit-related public benefit test that has been used to justify the ‘special’ regulation of credit reporting information. The application of the Privacy (Credit Reporting Information) Regulations should remain as tight as possible, and credit reporting agencies will have to comply with the UPPs for all their other activities. They can draw some comfort from the simplification of the proposed UPPs compared to earlier privacy requirements.

The OPC has made some useful recommendations on this issue:

The Office suggests that consideration be given to the inclusion of an express provision in Part IIIA prohibiting the collection of an individual’s credit information file by employers, insurers and government agencies... As a general principle, the Office submits that only credit providers should be able to access information from credit information files unless there are cogent public interest reasons why other persons should.[33]

It is important to keep credit reporting regulation as simple as possible. It is already a complex area requiring specific regulation and possibly an industry Code. This regulation will be made more complex if access to credit reporting information is extended beyond credit providers.

It is also important to note that the economic/public benefit arguments used to justify the special treatment of credit reporting are based on lending dynamics – not employment or other potential applications. If other systems develop that seek access to this type of information they should be consent based and covered by the UPPs.

It may be necessary to include this restriction in the Privacy Act 1988 itself rather than in the proposed Privacy (Credit Reporting Information) Regulations. This would help to avoid future industry efforts to lobby for access to credit reporting information for specific issues or one-off incidents. The Act will need to contain a provision setting out the broad role of the regulations, so this section may provide a useful location for this restriction. 

[32] Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), <http://www.comlaw.gov.au/ComLaw/Legislation/ActCompilation1.nsf/0/893B6CC0392995E0CA257376001EE4C4/$file/AntiMoneyLaundCountTerrFin2006.pdf>.

[33] Office of the Privacy Commissioner, Submission to the Australian Law Reform Commission’s Review of Privacy – Issues Paper 32 Credit Reporting Provisions, 13 April 2007, pages 51, 58,
<http://www.privacy.gov.au/publications/submissions/sub-alrc-ip32-credit-reporting-200704.pdf>.

[« previous] [next »] [up] [title page] [full contents]

[view all]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]