52.1 The Privacy Amendment Act 1990 (Cth), which commenced operation in September 1991, extended the coverage of the Privacy Act to consumer credit reporting. The credit reporting provisions of the Privacy Act 1988 (Cth) are contained in Part IIIA and associated provisions (the credit reporting provisions).[1]

52.2 The credit reporting provisions regulate the collection, use and disclosure of personal information concerning credit that is intended to be used wholly or primarily for domestic, family or household purposes.[2] Commercial credit information is only incidentally regulated by the Act, for example, where it is used to assess an application for consumer credit.[3]

52.3 In Part G, the ALRC examines the credit reporting provisions and makes recommendations for reform. This chapter introduces the topic by describing the role of credit reporting, the background to the national regulation of credit reporting through the Privacy Act, and the legislative history of the credit reporting provisions.

52.4 In Chapter 53, the ALRC provides a summary of the content of the credit reporting provisions, the responsibilities and powers of the Office of the Privacy Commissioner (OPC) with regard to credit reporting,[4] and the remedies and penalties available in the event of non-compliance with the credit reporting provisions.[5]

52.5 In Chapter 54, the ALRC introduces its approach to reform of the credit reporting provisions. The ALRC recommends that the credit reporting provisions be repealed and credit reporting regulated under the general provisions of the Privacy Act, the model Unified Privacy Principles (UPPs),[6] and regulations under the Privacy Act—referred to in this Report as the new Privacy (Credit Reporting Information) Regulations—which impose obligations on credit reporting agencies and credit providers with respect to the handling of credit reporting information. The ALRC also makes a range of other recommendations concerning the general approach to the drafting and application of the regulations. Finally, it recommends that a credit reporting code providing detailed guidance within the framework provided by the Act and regulations be developed by credit reporting agencies and credit providers, in consultation with consumer groups and regulators, including the OPC.

52.6 In Chapter 55, the ALRC considers extending the current system of credit reporting to permit a broader spectrum of personal information to be collected and disclosed—referred to in this Report as ‘more comprehensive’ credit reporting. The ALRC examines the arguments for and against more comprehensive credit reporting, with particular reference to comments received in submissions and consultations, and information derived from empirical research into the possible effects of more comprehensive credit reporting on credit markets and the economy. The ALRC recommends an extension in the categories of personal information that may be collected for credit reporting purposes—including to repayment performance history information subject to there being an adequate framework imposing responsible lending obligations in Commonwealth, state and territory legislation.

52.7 The collection of credit reporting information, the permitted content of credit reporting information and notification of collection are discussed in Chapter 56. The ALRC makes a range of recommendations in relation to, among other things, regulating the collection of information about small overdue payments, dishonoured cheques, personal insolvency, serious credit infringements and debts of children and young people. The ALRC also recommends new notification requirements.

52.8 Issues concerning the use and disclosure of credit reporting information are discussed in Chapter 57. The ALRC makes a range of recommendations concerning the relationship between the ‘Use and Disclosure’ principle in the model UPPs and the new Privacy (Credit Reporting Information) Regulations, and the regulation of the use and disclosure of credit reporting information in specific contexts. These contexts include mortgage and trade insurance, debt collection, direct marketing and identity verification.

52.9 In Chapter 58, the ALRC discusses the quality and security of credit reporting information. The ALRC makes a range of recommendations in relation to regulating the reporting of statute-barred debts, overdue payments, and schemes of arrangement, and to improving data quality generally. The deletion of credit reporting information after maximum permitted periods of retention and data security are also discussed.

52.10 Individual rights of access to, and correction of, credit reporting information are discussed in Chapter 59. How these matters should be dealt with under the model UPPs and new Privacy (Credit Reporting Information) Regulations are set out in the recommendations. The ALRC examines complaint handling in credit reporting disputes by the OPC and other complaint-handling mechanisms, and penalties for breach of the regulations. Importantly, the ALRC recommends that the new Privacy (Credit Reporting Information) Regulations should provide that credit providers only may list overdue payment or repayment performance history where the credit provider is a member of an external dispute resolution scheme recognised by the OPC.

[1] The major associated provisions include definitions and interpretation provisions: Privacy Act 1988 (Cth) ss 6, 11A, 11B; and provisions dealing with the Credit Reporting Code of Conduct: ss 18A, 18B.

[2] See the definitions of ‘commercial credit’ and ‘credit’: Ibid s 6(1).

[3] Ibid s 18L(4).

[4] The powers and responsibilities of the OPC generally are discussed in Part F.

[5] The remedies and penalties available under the Act generally are discussed in Part F.

[6] As discussed in Part D.