ANALYSIS: The Australian Government’s Proposed Reform Of The Credit Reporting Rules Under The Privacy Act
By Ian Lockhart, of Minter Ellison, Brisbane.
The Commonwealth has issued its much awaited Exposure Draft of proposed legislation to implement reform of the current credit reporting provisions of the Privacy Act 1988 (Privacy Act). This part of the new Privacy Act will contain provisions relating to the collection, use and disclosure of information for credit reporting purposes.
The National Consumer Credit Protection Act 2009 is a significant driver in the reform process relating to credit reporting. A fundamental feature of the Commonwealth’s consumer credit regime is a requirement for credit providers to collect and verify information about a loan applicant’s financial position. This is a necessary part of the loan “unsuitability assessment” that all credit providers must carry out before entering into a credit contract or increasing a credit limit under a credit contract. The credit industry has been eagerly awaiting privacy reform which allows more comprehensive information to be maintained by credit reporting agencies and accessed by credit providers.
The Current Reform Package
The Exposure Draft contains provisions relating to the collection, use and disclosure of information for credit reporting purposes.
The Australian Privacy Principles (APPs) provide a baseline for compliance, but the proposed new credit reporting provisions contain modified and more specific rules from the general obligations in the APPs. The Australian Government released an Exposure Draft and a Companion Guide for the APPs in June 2010 (see analysis by Charles Alexander and Elisabeth Koster, of Minter Ellison, Sydney, at WDPR, July 2010, page 14).
The existence of a separate set of specific rules for credit reporting is of course not new. The existing rules in Part IIIA of the Privacy Act which specifically relate to credit reporting set out provisions that are more onerous than the more generally drafted National Privacy Principles. The Exposure Draft contains provisions which are proposed to replace Part IIIA.
The key measures of the Exposure Draft are stated by the Commonwealth to be:
- the introduction of more comprehensive credit reporting provisions;
- the credit reporting provisions having increased coverage over “credit reporting agencies” and “credit providers”; and
- clear and simplified structure and drafting of the provisions.
The obligations of credit reporting agencies and credit providers in relation to the collection and use of personal information are contained within Divisions 2 and 3 of the Exposure Draft. The definition of “credit provider” is expanded in the Exposure Draft to include organisations or small business operators that provide credit as a substantial part of their business or undertaking. It is also important to note that the definition of “credit provider” now extends to organisations or small business operators acting as agents of credit providers.
Division 4 of the Exposure Draft contains rules in relation to the use of information by other recipients, including mortgage insurers, trade insurers, body corporates, credit managers and legal/financial advisors. These rules ensure that information used and disclosed for the purposes of credit reporting continues to attract the same privacy protections as contained within Part IIIA of the existing Privacy Act. Division 4 somewhat simplifies Part IIIA and also sets out the rules by reference to the recipient of the information. The expansion of the definition of “credit provider” (as discussed above) will also impact on the operation of the rules contained within this division…