52.37 As enacted, the Privacy Act had limited application to the private sector. The Act set out the Information Privacy Principles (IPPs), which regulated the collection, handling and use of personal information by Commonwealth public sector agencies. The Act also provided guidelines for the collection, handling and use of individual tax file number information in both the public and private sectors following enhancements in the use of this unique identifier in 1988.
Privacy Amendment Bill 1989
52.38 The Privacy Amendment Bill 1989 (Cth) was introduced on behalf of the Minister for Consumer Affairs on 16 June 1989. The Second Reading Speech stated that:
The Privacy Amendment Bill 1989 is the next step in the Government’s program to introduce comprehensive privacy protection for the Australian community. The principal purpose of this Bill is to provide privacy protection for individuals in relation to their consumer credit records.
52.39 The Bill was intended to regulate the collection, use and disclosure of personal credit information by credit providers and credit reporting agencies. A central concern was that it was considered that there were ‘inadequate controls on consumer credit reporting agencies to prevent them from using their databases for non consumer credit purposes’.
52.40 The provisions would be supported by a code of conduct applying to information held in, or disseminated from, a central database and to the transfer of information between industry participants. The Bill also provided individuals with an enforceable right of access to, and correction of, their credit records.
52.41 Significantly, the Bill restricted the categories of information that credit reporting agencies were permitted to include in individuals’ credit information files. Essentially, credit reporting agencies were limited to collecting the kinds of information that they already held—that is, ‘negative’ information.
52.42 The Second Reading Speech highlighted public concern about the privacy implications of a more comprehensive form of credit reporting. It was said that ‘the credit reporting agency would effectively become a central clearing house of information about the current financial commitments of all Australians’.
Positive reporting would constitute a major change in the level of information collected on individuals. While the notion of information collected in a centralised agency is not new, the collection of personal information on individuals’ spending habits is—credit and spending profiles of individuals would have been built up through all their credit transactions.
52.43 The Australian Government did not consider that there was ‘any proven substantial benefit from positive reporting proposals’. In view of such strong privacy concerns, it concluded that any such expansion was ‘impossible to condone’.
52.44 The Privacy Amendment Bill 1989 was the subject of intense debate in the Senate. During the passage of the Bill, some 120 amendments from the Government, the Opposition and the Australian Democrats were proposed.
52.45 On 2 November 1989, the Minister for Consumer Affairs tabled amendments to the Bill as introduced. These amendments were the result of consultations with the credit reporting industry and consumer and privacy groups and were said to clarify aspects of the regulatory scheme.
52.46 Specifically, the amendments were intended to:
widen the classes of businesses that would be able to access a credit reporting agency;
enable credit information to be used to assist credit providers in combating serious credit infringements and in collecting debts; and
allow commercial and consumer credit reports to be cross-referenced by credit providers when making lending decisions.
52.47 Following the return of the Hawke Government in March 1990, the Privacy Amendment Bill 1989 was restored to the Senate Notice Paper on 31 May. On 23 August 1990, the Bill was referred to the Senate Standing Committee on Legal and Constitutional Affairs (the Senate Standing Committee) for inquiry and report.
52.48 The Senate Standing Committee report, recommending 64 amendments to the Bill, was presented to the Senate on 22 October 1990. In debate on 12 November, the Government moved 23 modifications to the amendments as recommended in the report.
52.49 The Bill received a third reading, before passing with the support of the Democrats and the independent Senator Brian Harradine. The Bill was returned from the House of Representatives without amendment on 6 December 1990.
Privacy Amendment Act 1990
52.50 The Privacy Amendment Act 1990 (Cth) received Royal Assent on 24 December 1990. The Privacy Amendment Bill 1989 had been described by the CRAA as containing ‘the most restrictive credit reference laws in the Western world’. Professor Graham Greenleaf observed that:
The credit industry launched a concerted campaign against the Bill, and obtained numerous amendments, but the 1989 Bill remained substantially intact when enacted.
52.51 Heralding the enactment of the legislation, Greenleaf noted that the credit reporting industry, in attempting to expand its activities into more comprehensive reporting, had ‘provoked a degree of legislative control which it had avoided in the past’. The legislation not only limited further expansion of credit reporting but was seen as ‘rolling back the clock’ by restricting certain existing practices, such as the provision of credit reports to real estate agents to check prospective tenants and mercantile agents to search for debtors’ addresses.
It is rare for privacy legislation in any country to attempt such a retrospective repeal of the extension of data surveillance … This is the major achievement of the legislation: as a matter of public policy, it rejects the development of a multi-purpose reporting system as an unacceptable invasion of privacy—at least in the private sector.
52.52 In order to allow the credit reporting industry time to comply with the new regulatory scheme, and to permit the Privacy Commissioner to issue a credit reporting code of conduct, the Act did not commence operation until 24 September 1991. Before that date, transitional provisions were enacted, deferring the commencement of the credit reporting provisions and the obligation to comply with the Credit Reporting Code of Conduct until 25 February 1992.
Credit Reporting Code of Conduct
52.53 On 11 September 1991, the Privacy Commissioner issued the Credit Reporting Code of Conduct under s 18A of the Privacy Act. As required by the Act, the Privacy Commissioner consulted with government, commercial, consumer and other relevant bodies and organisations during the development of the Code. The Code became fully operational in February 1992 and was amended in 1995. Since then, amendments to the Credit Reporting Code of Conduct and explanatory notes have been made periodically, including to take into account changes made to the credit reporting provisions of the Privacy Act.
52.54 Amendments were made to the credit reporting provisions even before the Privacy Amendment Act 1990 commenced operation. The Law and Justice Legislation Amendment Act 1991 (Cth) made amendments, among other things, to:
clarify the definition of ‘credit reporting business’;
provide that agents of credit providers can be treated as credit providers;
permit individuals to authorise other persons to have access to their credit information file or credit report;
ensure that credit providers can consider telephone applications for credit;
permit information to be used for internal management purposes by credit providers;
provide for notices in the case of joint applications for credit; and
permit disclosure of personal information by credit providers to guarantors, mortgage insurers, dispute resolution bodies, in credit card and EFTPOS transactions and mortgage securitisation.
52.55 Since the commencement of the Privacy Amendment Act 1990, there have been a series of amendments to the credit reporting provisions. The first set of amendments was contained in the Law and Justice Legislation Amendment Act (No 4) 1992 (Cth) and related to securitisation, then a relatively new development in the financial sector. Securitisation refers to a complex method of financing loans under which, for example, a mortgage financed ostensibly by a credit provider, such as a credit union or building society, ultimately may be financed under mortgage securitisation using funds invested by investors in a trust. Although the credit reporting provisions of the Privacy Act already made some provision for securitisation, it was necessary to substitute these provisions with more comprehensive ones given the complexity of the industry.
52.56 The Law and Justice Legislation Amendment Act 1993 (Cth) amended provisions governing disclosure of credit information by credit providers to state and territory authorities that administer mortgage assistance schemes to facilitate the giving of mortgage credit to individuals.
52.57 The Law and Justice Legislation Amendment Act 1997 (Cth) amended the credit reporting provisions to:
insert a definition of the term ‘guarantee’;
give the Privacy Commissioner the power to determine that a federal agency is a credit provider; and
allow an overdue payment under a guarantee to be listed on the guarantor’s credit information file.
52.58 The Financial Sector Reform (Amendments and Transitional Provisions) Act (No 1) 1999 (Cth) changed the definition of credit provider in s 11B by repealing s 11B(1)(b)(i) and (ii), which referred to building societies and credit unions respectively.
52.59 The Law and Justice Legislation Amendment (Application of Criminal Code) Act 2001 (Cth) amended various offence provisions under Part IIIA to require an intention to breach certain provisions of Part IIIA, as distinct from reckless or misleading behaviour.
52.60 Finally, amendments providing for non-disclosure of reports made to certain law enforcement agencies under s 18K(5) were made by the National Crime Authority Legislation Amendment Act 2001 (Cth), Australian Crime Commission Establishment 2002 (Cth) and Law Enforcement Integrity Commissioner (Consequential Amendments) Act 2006 (Cth).
 Since 1994, the IPPs also cover ACT public sector agencies: Australian Capital Territory Government Service (Consequential Provisions) Act 1994 (Cth).
Taxation Laws Amendment (Tax File Numbers) Act 1988 (Cth).
 Commonwealth, Parliamentary Debates, Senate, 16 June 1989, 4216 (G Richardson).
 The permitted content of credit information files is discussed in Chs 51–52.
 Commonwealth, Parliamentary Debates, Senate, 16 June 1989, 4216 (G Richardson).
 Commonwealth, Parliamentary Debates, Senate, 12 November 1990, 3939 (M Tate—Minister for Justice and Consumer Affairs).
 Commonwealth, Parliamentary Debates, Senate, 2 November 1989, 2788 (N Bolkus—Minister for Consumer Affairs).
 Ibid. See also, Supplementary Explanatory Memorandum, Privacy Amendment Bill 1989 (Cth).
 Parliament of Australia—Senate Standing Committee on Legal and Constitutional Affairs, The Privacy Amendment Bill 1989  (1990).
 Commonwealth, Parliamentary Debates, Senate, 12 November 1990, 3927 (B Cooney).
 G Greenleaf, ‘The Most Restrictive Credit Reference Laws in the Western World?’ (1992) 66 Australian Law Journal 672, 672.
 Ibid, 672.
 Ibid, 674.
 Ibid, 674.
 As required by Privacy Act 1988 (Cth) s 18A(1).
Law and Justice Legislation Amendment Act 1991 (Cth) s 21.
 Unless an act or practice breached Privacy Act 1988 (Cth) ss 18H–18J concerning individuals’ access to credit information files and credit reports, and the obligations of credit reporting agencies and credit providers to alter files and reports to ensure accuracy.
 See Office of the Federal Privacy Commissioner, Credit Reporting Code of Conduct (1991), 2.
Law and Justice Legislation Amendment Act 1991 (Cth) pt 3, ss 10–20.
 Explanatory Memorandum, Law and Justice Legislation Amendment Bill (No 4) 1992 (Cth).